[Emerging-updates] Daily Ruleset Update Summary 05/09/2014

Francis Trudeau ftrudeau at emergingthreats.net
Fri May 9 18:41:54 EDT 2014


 [***] Summary: [***]

 7 new Open signatures, 8 new Pro (7+1).  Upatre, VBKrypt, Marag.f.

 Thanks:  Kevin Ross and @MalwareMustDie

 [+++]          Added rules:          [+++]

 Open:

  2017348 - ET TROJAN Trojan.Win32.VBKrypt.cugq Checkin (trojan.rules)
  2018457 - ET TROJAN Possible Upatre Downloader SSL certificate (fake
loc) (trojan.rules)
  2018458 - ET MALWARE DomainIQ Check-in (malware.rules)
  2018459 - ET WEB_SERVER SUSPICIOUS Possible WebShell Login Form
(Outbound) (web_server.rules)
  2018460 - ET CURRENT_EVENTS Possible Upatre SSL Compromised site
iclasshd.net (current_events.rules)
  2018461 - ET CURRENT_EVENTS Possible Upatre SSL Compromised site
sabzevarsez.com (current_events.rules)
  2018462 - ET TROJAN W32/Fsysna.Downloader CnC Beacon (trojan.rules)

 Pro:

  2808034 - ETPRO TROJAN Worm.Win32.Marag.f Checkin (trojan.rules)


 [///]     Modified active rules:     [///]

  2013201 - ET TROJAN Win32/Rodecap CnC Checkin (trojan.rules)
  2013723 - ET TROJAN Win32/Daemonize Trojan Proxy Initial Checkin
(trojan.rules)
  2014356 - ET TROJAN W32/ProxyChanger.InfoStealer Checkin (trojan.rules)
  2018005 - ET TROJAN Possible Upatre Downloader SSL certificate (fake
org) (trojan.rules)
  2018413 - ET CURRENT_EVENTS Probable OneLouder downloader (Zeus P2P)
(current_events.rules)
  2018448 - ET TROJAN Selfnit Checkin (trojan.rules)



 [---]         Removed rules:         [---]

  2014964 - ET CURRENT_EVENTS Hacked Website Response '/*km0ae9gr6m*/'
Jun 25 2012 (current_events.rules)
  2014965 - ET CURRENT_EVENTS Hacked Website Response '/*qhk6sa6g1c*/'
Jun 25 2012 (current_events.rules)
  2017348 - ET USER_AGENTS Trojan.Win32.VBKrypt.cugq Checkin (user_agents.rules)
  2803321 - ETPRO TROJAN Win32/Rodecap.A Checkin (trojan.rules)


More information about the Emerging-updates mailing list