[Emerging-updates] Daily Ruleset Update Summary 11/03/2014

Will Metcalf wmetcalf at emergingthreatspro.com
Mon Nov 3 22:29:47 EST 2014


[***]          Summary:          [***]

12 new Open rules. 21 new Pro rules. Fiesta, Cohhoc, ROM/BackOff, etc. Tks
@kahusecurity, at jaimeblascob, at kafeine,Kevin Ross.
<https://twitter.com/kahusecurity>

[+++]          Added rules:          [+++]

  2019623 - ET CURRENT_EVENTS Fiesta SilverLight 4.x Exploit URI Struct
(current_events.rules)
  2019624 - ET CURRENT_EVENTS Fiesta SilverLight 5.x Exploit URI Struct
(current_events.rules)
  2019625 - ET TROJAN Cohhoc RAT CnC Request (trojan.rules)
  2019626 - ET TROJAN Cohhoc RAT CnC Response (trojan.rules)
  2019627 - ET WEB_SERVER Possible Cookie Based BackDoor Used in Drupal
Attacks (web_server.rules)
  2019628 - ET TROJAN AnubisNetworks Sinkhole SSL Cert lolcat -
195.22.26.192/26 (trojan.rules)
  2019629 - ET TROJAN AnubisNetworks Sinkhole TCP Connection (trojan.rules)
  2019630 - ET TROJAN AnubisNetworks Sinkhole HTTP Response -
195.22.26.192/26 (trojan.rules)
  2019631 - ET TROJAN Win32.TrojanProxy Configuration file Download
(trojan.rules)
  2019632 - ET TROJAN AnubisNetworks Sinkhole UDP Connection (trojan.rules)
  2019633 - ET TROJAN DirectsX Checkin Response (trojan.rules)
  2019635 - ET TROJAN ROM/BackOff C2 SSL Cert (trojan.rules)

  Pro:
  2809020 - ETPRO TROJAN RDN/Spybot.bfr (trojan.rules)
  2809110 - ETPRO TROJAN BACKDOOR.EMDIV Checkin (trojan.rules)
  2809111 - ETPRO TROJAN Win32/CashBay Checkin (trojan.rules)
  2809112 - ETPRO USER_AGENTS Kaspersky AntiRootkit TDSSKiller User Agent
(user_agents.rules)
  2809114 - ETPRO MOBILE_MALWARE Android/Spy.Agent.DF Checkin
(mobile_malware.rules)
  2809115 - ETPRO MOBILE_MALWARE Android/Spy.Agent.DF Checkin 2
(mobile_malware.rules)
  2809116 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.qe Checkin
(mobile_malware.rules)
  2809117 - ETPRO TROJAN Win32.Scar.ibrb Checkin (trojan.rules)
  2809118 - ETPRO TROJAN BACKDOOR.SINPID Checkin (trojan.rules)


 [///]     Modified active rules:     [///]

  2013197 - ET TROJAN Win32.Genome Download.php HTTP Request (trojan.rules)
  2018964 - ET TROJAN Variant.Strictor Dropper (trojan.rules)

 [---]         Removed rules:         [---]

  2809020 - ETPRO MALWARE RDN/Spybot.bfr (malware.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20141103/2e05ac73/attachment.html>


More information about the Emerging-updates mailing list