[Emerging-updates] Daily Ruleset Update Summary 2015/01/12

Francis Trudeau ftrudeau at emergingthreats.net
Mon Jan 12 22:17:18 EST 2015


 [***] Summary: [***]

 18 new Open signatures, 27 new Pro (18 + 9).  Skeleton Key malware,
Hong Kong SWC Attack, Brontok.

 Thanks:  Steven Bairstow and @DragonThreatLab.

 [+++]          Added rules:          [+++]

 Open:

  2020162 - ET TROJAN Linux/DDoS.M JUNK command (trojan.rules)
  2020163 - ET TROJAN Linux/DDoS.M GETLOCALIP command (trojan.rules)
  2020164 - ET TROJAN Linux/DDoS.M SCANNER command (trojan.rules)
  2020165 - ET TROJAN Linux/DDoS.M KILLATTK command (trojan.rules)
  2020166 - ET TROJAN Linux/DDoS.M LOLNOGTFO command (trojan.rules)
  2020167 - ET TROJAN Linux/DDoS.M Admin console status (trojan.rules)
  2020168 - ET TROJAN Win32/Spy.Obator .onion Proxy Domain (trojan.rules)
  2020169 - ET TROJAN Hong Kong SWC Attack PcClient CnC Beacon (trojan.rules)
  2020170 - ET TROJAN Possible Office Doc with Embedded VBA containing
Reverse Meterpreter Shell (trojan.rules)
  2020171 - ET TROJAN Hong Kong SWC Attack DNS Lookup (aoemvp.com)
(trojan.rules)
  2020172 - ET TROJAN Known Sinkhole Response Header CERT.PL (trojan.rules)
  2020173 - ET TROJAN Skeleton Key Filename in SMB Traffic (ASCII)
(trojan.rules)
  2020174 - ET TROJAN Skeleton Key Filename in SMB Traffic (ASCII)
(trojan.rules)
  2020175 - ET TROJAN Skeleton Key Filename in SMB Traffic (ASCII)
(trojan.rules)
  2020176 - ET TROJAN Skeleton Key Filename in SMB Traffic (Unicode)
(trojan.rules)
  2020177 - ET TROJAN Skeleton Key Filename in SMB Traffic (Unicode)
(trojan.rules)
  2020178 - ET TROJAN Skeleton Key Filename in SMB Traffic (Unicode)
(trojan.rules)
  2020179 - ET TROJAN Brontok User-Agent Detected (Rivest) (trojan.rules)

 Pro:

  2809475 - ETPRO MOBILE_MALWARE Android/FakeApp.X Checkin
(mobile_malware.rules)
  2809476 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.BP Checkin
(mobile_malware.rules)
  2809477 - ETPRO TROJAN Backdoor.Win32.DarkKomet.emda .onion Proxy
Domain (trojan.rules)
  2809481 - ETPRO ATTACK_RESPONSE MongoDB REST Info Response
(attack_response.rules)
  2809482 - ETPRO TROJAN Win32/Filecoder Variant .onion Proxy Domain
(trojan.rules)
  2809483 - ETPRO TROJAN Win32.Zbot.tykx .onion Proxy Domain (trojan.rules)
  2809484 - ETPRO TROJAN Trojan-Banker.Win32.AutoIt.dp Checkin (trojan.rules)
  2809485 - ETPRO TROJAN Blitz CMS Community SQLi Request (trojan.rules)
  2809486 - ETPRO TROJAN Win32.Sysn Variant Checkin (trojan.rules)


 [///]     Modified active rules:     [///]

  2019242 - ET TROJAN Linux/DDoS.M distributed via CVE-2014-6271
Checkin (trojan.rules)
  2019752 - ET CURRENT_EVENTS Possible Sweet Orange CVE-2014-6332
Payload Request (current_events.rules)
  2019837 - ET WEB_CLIENT SUSPICIOUS Possible Office Doc with Embedded
VBA Project (Wide) (web_client.rules)
  2019894 - ET CURRENT_EVENTS Probable malicious download from e-mail
link /1.php (current_events.rules)
  2019952 - ET TROJAN Bedep Checkin Response (trojan.rules)
  2806829 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Fav.a
Checkin (mobile_malware.rules)


 [---]         Removed rules:         [---]

  2014745 - ET CURRENT_EVENTS Blackhole Try Prototype Catch May 11
2012 (current_events.rules)
  2015027 - ET CURRENT_EVENTS Blackhole Landing Page Eval Variable
Obfuscation 3 (current_events.rules)


More information about the Emerging-updates mailing list