[Emerging-updates] Daily Ruleset Update Summary 11/05/2014

Francis Trudeau ftrudeau at emergingthreats.net
Wed Nov 5 19:35:54 EST 2014


 [***] Summary: [***]

 15 new Open signatures, 18 new Pro.  Archie EK, Fiesta EK, Dyre.

 Thanks:  Kevin Ross, Jake Warren, @EKWatcher, @abuse_ch.

 [+++]          Added rules:          [+++]

 Open:

  2019644 - ET TROJAN Shellshock Backdoor.Perl.Shellbot.F retrieval
(trojan.rules)
  2019645 - ET TROJAN Bedep SSL Cert (trojan.rules)
  2019646 - ET TROJAN Bedep SSL Cert (trojan.rules)
  2019648 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dyre CnC) (trojan.rules)
  2019649 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dyre CnC) (trojan.rules)
  2019650 - ET TROJAN Possible Malicious Attachment With Double
Extension Ending In EXE (trojan.rules)
  2019651 - ET CURRENT_EVENTS Possible Dyre SSL Cert Nov 05 2014
(current_events.rules)
  2019652 - ET CURRENT_EVENTS Win32/Trustezeb.E SSL Cert Nov 05 2014
(current_events.rules)
  2019653 - ET TROJAN Win32/Spy.Banker.ABCG Checkin (trojan.rules)
  2019654 - ET TROJAN Trojan.FakeMS Checkin (trojan.rules)
  2019655 - ET CURRENT_EVENTS Fiesta EK Landing Nov 05 2014
(current_events.rules)
  2019656 - ET CURRENT_EVENTS Archie EK Exploit Flash URI Struct
(current_events.rules)
  2019657 - ET CURRENT_EVENTS Archie EK Exploit Flash URI Struct
(current_events.rules)
  2019658 - ET CURRENT_EVENTS Archie EK Exploit SilverLight URI Struct
(current_events.rules)
  2019659 - ET CURRENT_EVENTS Archie EK Exploit IE URI Struct
(current_events.rules)

 Pro:

  2809125 - ETPRO POLICY Meterpreter PHP Relay In Use (hop.php) (policy.rules)
  2809126 - ETPRO TROJAN Win32.Yakes Variant Checkin (trojan.rules)
  2809127 - ETPRO MALWARE PUP.3lsoft Checkin (malware.rules)


 [///]     Modified active rules:     [///]

  2016757 - ET TROJAN W32/Nymaim Checkin (2) (trojan.rules)
  2019115 - ET TROJAN W32/Waterspout.APT Backdoor CnC Beacon (trojan.rules)
  2808141 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.u Checkin
3 (mobile_malware.rules)


 [---]         Removed rules:         [---]

  2008126 - ET ACTIVEX IBiz E-Banking Integrator V2 ActiveX Edition
Insecure Method (activex.rules)
  2800699 - ETPRO WEB_CLIENT Apple QuickTime BMP File Handling Heap
Overflow (web_client.rules)
  2807711 - ETPRO TROJAN Trojan.FakeMS Checkin (trojan.rules)
  2809031 - ETPRO TROJAN Torrentlocker SSL Cert (trojan.rules)
  2809123 - ETPRO TROJAN Backdoor.Win32.Waterspout.A Checkin (trojan.rules)


More information about the Emerging-updates mailing list