[Emerging-updates] Daily Ruleset Update Summary 11/20/2014

Francis Trudeau ftrudeau at emergingthreats.net
Thu Nov 20 17:53:16 EST 2014


 [***] Summary: [***]

 16 new Open signatures, 20 new Pro (16 + 4).  CryptoPHP Shell C2,
Bamital, Sweet Orange.

 Thanks:  Kevin Ross, @foxit, @rmkml and @kafeine

 [+++]          Added rules:          [+++]

 Open:

  2019748 - ET WEB_SERVER FOX-SRT - Backdoor - CryptoPHP Shell C2 POST
(web_server.rules)
  2019749 - ET WEB_SERVER FOX-SRT - Backdoor - CryptoPHP Shell C2 POST
(fsockopen) (web_server.rules)
  2019751 - ET CURRENT_EVENTS SweetOrange EK Landing Nov 19 2014
(current_events.rules)
  2019752 - ET CURRENT_EVENTS Possible Sweet Orange CVE-2014-6332
Payload Request (current_events.rules)
  2019753 - ET CURRENT_EVENTS Possible FlashPack (FlashOnly) Payload
Struct Nov 19 2014 (current_events.rules)
  2019754 - ET TROJAN Bamital Connectivity Check (trojan.rules)
  2019755 - ET TROJAN Bamital Headers - Likely CnC Beacon (trojan.rules)
  2019756 - ET TROJAN Bamital Checkin (trojan.rules)
  2019757 - ET TROJAN Bamital Checkin Response 1 (trojan.rules)
  2019758 - ET TROJAN Bamital Checkin Response 2 (trojan.rules)
  2019759 - ET TROJAN Win32/Zemot Requesting PE (trojan.rules)
  2019760 - ET TROJAN Rerdom/Asprox CnC Beacon (trojan.rules)
  2019761 - ET CURRENT_EVENTS Job314/Neutrino Reboot EK Landing Nov 20
2014 (current_events.rules)
  2019762 - ET CURRENT_EVENTS Job314/Neutrino Reboot EK Landing Nov 20
2014 (current_events.rules)
  2019763 - ET CURRENT_EVENTS Job314/Neutrino Reboot EK Flash Exploit
Nov 20 2014 (current_events.rules)
  2019764 - ET CURRENT_EVENTS Job314/Neutrino Reboot EK Payload Nov 20
2014 (current_events.rules)

 Pro:

  2809224 - ETPRO WEB_SPECIFIC_APPS Paid Memberships Pro 1.7.14.2 Path
Traversal Attempt (web_specific_apps.rules)
  2809225 - ETPRO TROJAN Win32/Garveep.E Checkin (trojan.rules)
  2809226 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ak
Checkin (mobile_malware.rules)
  2809227 - ETPRO TROJAN Win32/Joviddy.A Checkin via IRC (trojan.rules)


 [///]     Modified active rules:     [///]

  2808289 - ETPRO TROJAN Win32/Necurs Common POST Header Structure
(trojan.rules)
  2808986 - ETPRO WEB_CLIENT Possible malformed disk image transfer
CVE-2014-4115 (web_client.rules)


 [---]         Removed rules:         [---]

  2809079 - ETPRO TROJAN Win32/Zemot Requesting PE (trojan.rules)


More information about the Emerging-updates mailing list