[Emerging-updates] Daily Ruleset Update Summary 06/26/2014

Francis Trudeau ftrudeau at emergingthreats.net
Thu Jun 26 20:32:54 EDT 2014


 [***] Summary: [***]

 3 new Open rules, 18 new Pro (3+15).  CryptoWall, Swrort, Various Android.


 [+++]          Added rules:          [+++]

 Open:

  2018608 - ET TROJAN Suspicious User-Agent (HardCore Software For)
(trojan.rules)
  2018609 - ET TROJAN Likely CryptoWall .onion Proxy DNS lookup (trojan.rules)
  2018610 - ET TROJAN Likely CryptoWall .onion Proxy domain in SNI
(trojan.rules)

 Pro:

  2808233 - ETPRO TROJAN Win32/Swrort.A Sending PE set (trojan.rules)
  2808234 - ETPRO TROJAN Win32/Swrort.A Sending PE (trojan.rules)
  2808235 - ETPRO TROJAN Trojan-Downloader.VBS.Agent.aim Retrieving
.exe (trojan.rules)
  2808236 - ETPRO TROJAN W32/Agent.EW.gen Checkin 3 (trojan.rules)
  2808237 - ETPRO TROJAN W32/Agent.EW.gen Checkin 4 (trojan.rules)
  2808238 - ETPRO MOBILE_MALWARE Trojan-FakeAV.AndroidOS.Mazig.a
Checkin (mobile_malware.rules)
  2808239 - ETPRO MOBILE_MALWARE Trojan-FakeAV.AndroidOS.Mazig.a
Checkin 2 (mobile_malware.rules)
  2808240 - ETPRO MOBILE_MALWARE Trojan-FakeAV.AndroidOS.Mazig.a
Checkin 3 (mobile_malware.rules)
  2808241 - ETPRO MOBILE_MALWARE Android/Adware.Kuguo.A Checkin 2
(mobile_malware.rules)
  2808242 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.BY Checkin
(mobile_malware.rules)
  2808243 - ETPRO TROJAN Win32.Agent.agpdx Executable location
retrieval (trojan.rules)
  2808244 - ETPRO TROJAN Win32.Agent.agpdx Sending executable location
(trojan.rules)
  2808245 - ETPRO TROJAN Win32.Agent.agpdx Checkin (trojan.rules)
  2808246 - ETPRO MOBILE_MALWARE SMSReg.CW Checkin (mobile_malware.rules)
  2808247 - ETPRO MOBILE_MALWARE Dogwin.G Checkin (mobile_malware.rules)


 [///]     Modified active rules:     [///]

  2016941 - ET TROJAN W32/PolyCrypt.A Checkin (trojan.rules)
  2018493 - ET CURRENT_EVENTS Sweet Orange WxH redirection
(current_events.rules)
  2808213 - ETPRO CURRENT_EVENTS Safe/Critx/FlashPack URI Struct June
19, 2014 2 (current_events.rules)


 [---]         Removed rules:         [---]

  2803109 - ETPRO TROJAN Suspicious User-Agent (HardCore Software For)
(trojan.rules)


More information about the Emerging-updates mailing list