[Emerging-updates] Daily Ruleset Update Summary 11/24/2014

Francis Trudeau ftrudeau at emergingthreats.net
Mon Nov 24 19:35:26 EST 2014


 [***] Summary: [***]

 19 new Open signatures, 26 new Pro (19 + 6).  CVE-2014-6332,
CVE-2014-7992, CoinLocker, Win32/Spy.Agent.OLF.

 Thanks:  Kevin Ross, pckthck, @abuse_ch and @rmkml.

 [+++]          Added rules:          [+++]

 Open:

  2019778 - ET EXPLOIT DLSw Information Disclosure CVE-2014-7992 (exploit.rules)
  2019780 - ET TROJAN W32/CloudScout CnC Beacon (trojan.rules)
  2019781 - ET CURRENT_EVENTS AOL PHISH PayPal - Creds Phished
(current_events.rules)
  2019782 - ET CURRENT_EVENTS AOL PHISH PayPal - Name Address Phished
(current_events.rules)
  2019783 - ET CURRENT_EVENTS AOL PHISH PayPal - Credit Card and SSN
Phished (current_events.rules)
  2019784 - ET CURRENT_EVENTS AOL PHISH PayPal - Bank Account Phished
(current_events.rules)
  2019785 - ET CURRENT_EVENTS AOL PHISH PayPal - Landing Page
(current_events.rules)
  2019786 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dyre CnC) (trojan.rules)
  2019787 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dyre CnC) (trojan.rules)
  2019788 - ET TROJAN DNS Query for Suspicious cvredirect.no-ip.net
Domain - CoinLocker Domain (trojan.rules)
  2019789 - ET TROJAN HTTP Request to a *.cvredirect.no-ip.net domain
- CoinLocker Domain (trojan.rules)
  2019790 - ET TROJAN DNS Query for Suspicious cvredirect.ddns.net
Domain - CoinLocker Domain (trojan.rules)
  2019791 - ET TROJAN HTTP Request to a *.cvredirect.ddns.net domain -
CoinLocker Domain (trojan.rules)
  2019792 - ET CURRENT_EVENTS Possible Internet Explorer CVE-2014-6332
Common Construct URLENCODE (current_events.rules)
  2019793 - ET CURRENT_EVENTS Possible Internet Explorer CVE-2014-6332
Common Construct HEX (current_events.rules)
  2019794 - ET CURRENT_EVENTS Possible Internet Explorer CVE-2014-6332
Common Construct HEXC (current_events.rules)
  2019795 - ET CURRENT_EVENTS Possible Internet Explorer CVE-2014-6332
Common Construct HEXCS (current_events.rules)
  2019796 - ET CURRENT_EVENTS Possible Internet Explorer CVE-2014-6332
Common Construct DECC (current_events.rules)
  2019797 - ET CURRENT_EVENTS Possible Internet Explorer CVE-2014-6332
Common Construct DECCS (current_events.rules)

 Pro:

  2809235 - ETPRO TROJAN Win32/Blaknight.A Connectivity Check (trojan.rules)
  2809237 - ETPRO TROJAN Win32/Filecoder.NCP .onion Proxy domain
lookup (trojan.rules)
  2809238 - ETPRO TROJAN Win32/Spy.Agent.OLF Retrieving CnC IP - SET
(trojan.rules)
  2809239 - ETPRO TROJAN Win32/Spy.Agent.OLF Retrieving CnC IP (trojan.rules)
  2809240 - ETPRO MOBILE_MALWARE Android.Trojan.FakeInst.IS Checkin
(mobile_malware.rules)
  2809241 - ETPRO TROJAN Win32/Carberp.B Checkin (trojan.rules)


 [///]     Modified active rules:     [///]

  2805815 - ETPRO POLICY Internal Host Retrieving External IP via
whatismyipaddress.com - Possible Infection (policy.rules)
  2806019 - ETPRO TROJAN Win32/Zeprox.B Checkin (trojan.rules)
  2808035 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.fe Checkin
(mobile_malware.rules)


 [---]         Removed rules:         [---]


More information about the Emerging-updates mailing list