[Emerging-updates] Daily Ruleset Update Summary 03/26/2014

Francis Trudeau ftrudeau at emergingthreats.net
Wed Mar 26 14:13:54 HADT 2014


We had one more rule that went out that wasn't in this email:

  2018328 - ET TROJAN Win32/Kryptik.AZER C2 SSL Stolen Cert (trojan.rules)

Thanks all.




On Wed, Mar 26, 2014 at 4:51 PM, Francis Trudeau <
ftrudeau at emergingthreats.net> wrote:

>  [***] Summary: [***]
>
>  8 new Open rules, 20 new Pro (8/12).  Fynloski.A, Zegost, TROJ_PANDDOS,
> Spy.Zitmo.B.
>
>  Thanks:  Jake Warren, Kevin Ross, tdzmont
>
>  [+++]          Added rules:          [+++]
>
>  Open:
>
>   2018320 - ET TROJAN Win32/Sisproc (trojan.rules)
>   2018321 - ET TROJAN Win32/Zegost UA (trojan.rules)
>   2018322 - ET CURRENT_EVENTS Captcha Malware C2 SSL Certificate
> (current_events.rules)
>   2018323 - ET MALWARE W32/Linkular.Adware Sucessful Install Beacon (2)
> (malware.rules)
>   2018324 - ET MALWARE SoundCloud Downloader Install Beacon (malware.rules)
>   2018325 - ET TROJAN Bozok.RAT checkin (trojan.rules)
>   2018326 - ET WEB_SPECIFIC_APPS JCE Joomla Extension
> (web_specific_apps.rules)
>   2018327 - ET SCAN JCE Joomla Extension User-Agent (BOT) (scan.rules)
>
>  Pro:
>
>   2807883 - ETPRO TROJAN Backdoor.Win32/Fynloski.A CnC command (INBOUND) 1
> (trojan.rules)
>   2807884 - ETPRO TROJAN Backdoor.Win32/Fynloski.A CnC command (INBOUND) 2
> (trojan.rules)
>   2807885 - ETPRO TROJAN Backdoor.Win32/Fynloski.A CnC command (OUTBOUND)
> 2 (trojan.rules)
>   2807886 - ETPRO TROJAN TROJ_PANDDOS.DZ Checkin (Intel) (trojan.rules)
>   2807887 - ETPRO TROJAN TROJ_PANDDOS.DZ Checkin (AMD) (trojan.rules)
>   2807888 - ETPRO TROJAN Trojan.Win32.Bublik.aexq/Khan Fetching DDoS
> target MALFORMED (trojan.rules)
>   2807889 - ETPRO TROJAN Win32/Small.CE Checkin (trojan.rules)
>   2807890 - ETPRO MOBILE_MALWARE Android/Spy.Zitmo.B Checkin 3
> (mobile_malware.rules)
>   2807891 - ETPRO TROJAN TrojanProxy.Wintu.B Checkin (trojan.rules)
>   2807892 - ETPRO TROJAN Trojan.Win32.IRCbot.ye Checkin (trojan.rules)
>   2807893 - ETPRO TROJAN Trojan-Dropper.Win32.Danseed.b Checkin
> (trojan.rules)
>
>
>  [///]     Modified active rules:     [///]
>
>   2014341 - ET POLICY Installshield One Click Install User-Agent Toys File
> (policy.rules)
>   2017662 - ET TROJAN Known Sinkhole Response Header (trojan.rules)
>   2018308 - ET CURRENT_EVENTS Possible CVE-2014-1761 Inbound SMTP 2
> (current_events.rules)
>   2018309 - ET CURRENT_EVENTS Possible CVE-2014-1761 Inbound SMTP 3
> (current_events.rules)
>   2018314 - ET CURRENT_EVENTS Possible CVE-2014-1761 Inbound SMTP 1
> (current_events.rules)
>   2018316 - ET CURRENT_EVENTS Zeus GameOver Possible DGA NXDOMAIN
> Responses (current_events.rules)
>   2805735 - ETPRO TROJAN Backdoor Boomie.A Checkin Command 2 (trojan.rules)
>   2806785 - ETPRO TROJAN Agent.AANC 1 (trojan.rules)
>   2806786 - ETPRO TROJAN Agent.AANC 2 (trojan.rules)
>   2807003 - ETPRO TROJAN Loadmoney.A Checkin 5 (trojan.rules)
>   2807365 - ETPRO TROJAN Zeroaccess Variant 3 (trojan.rules)
>   2807547 - ETPRO TROJAN Downloader.Win32.Genome.fvmi Checkin
> (trojan.rules)
>
>
>  [---]         Removed rules:         [---]
>
>   2801343 - ETPRO TROJAN Backdoor.Win32.Paras.B Checkin (trojan.rules)
>   2803591 - ETPRO TROJAN Win32/Morix.B (trojan.rules)
>   2806043 - ETPRO TROJAN HackTool.Sniffer.WpePro Checkin (trojan.rules)
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20140326/7594a448/attachment.html>


More information about the Emerging-updates mailing list