[Emerging-updates] Daily Ruleset Update Summary 2015/01/16

Francis Trudeau ftrudeau at emergingthreats.net
Fri Jan 16 17:49:30 EST 2015


 [***] Summary: [***]

 7 new Open signatures, 20 new Pro (7 + 13).  Win32/Agobot, Tinba,
Backdoor.Linux.Mayday.

 Thanks:  Vicky Laurens, black_ip, @EKWatcher and @kafeine.

 [+++]          Added rules:          [+++]

 Open:

  2020197 - ET MALWARE W32/iBryte.Adware Installer Download (malware.rules)
  2020198 - ET TROJAN Filename svchost.exe Download - Common Hostile
Filename (trojan.rules)
  2020199 - ET TROJAN Filename explorer.exe Download - Common Hostile
Filename (trojan.rules)
  2020200 - ET TROJAN Filename hkcmd.exe Download - Common Hostile
Filename (trojan.rules)
  2020201 - ET TROJAN Filename server.exe Download - Common Hostile
Filename (trojan.rules)
  2020202 - ET POLICY Terse Named Filename EXE Download - Possibly
Hostile (policy.rules)
  2020203 - ET TROJAN Win32/Zeprox.B Checkin (trojan.rules)

 Pro:

  2809531 - ETPRO TROJAN Likely Win32/Agobot Large POST to Legit
Website (trojan.rules)
  2809532 - ETPRO TROJAN Possible Tinba DGA NXDOMAIN Responses (3)
(trojan.rules)
  2809533 - ETPRO TROJAN Tinba Checkin 2 (trojan.rules)
  2809534 - ETPRO TROJAN Linux/Setag.A Checkin (trojan.rules)
  2809535 - ETPRO TROJAN Win32/Kanav Checkin (trojan.rules)
  2809536 - ETPRO TROJAN Backdoor.Linux.Mayday Checkin (trojan.rules)
  2809537 - ETPRO TROJAN Linux/Setag.C Checkin (trojan.rules)
  2809538 - ETPRO MOBILE_MALWARE Android.Adware.Wapsx.A Checkin 2
(mobile_malware.rules)
  2809539 - ETPRO MALWARE Adware.Win32.Itva HTTP Request (malware.rules)
  2809540 - ETPRO TROJAN Win32/StreamFlaw.A Checkin (trojan.rules)
  2809541 - ETPRO MALWARE PUP DomainIQ Checkin (malware.rules)
  2809542 - ETPRO TROJAN Virus.Win32.Part.c Checkin (trojan.rules)
  2809543 - ETPRO EXPLOIT McAfee ePolicy Orchestrator Authenticated
XXE Attempt (exploit.rules)


 [///]     Modified active rules:     [///]

  2019168 - ET TROJAN Tinba Checkin (trojan.rules)
  2019201 - ET TROJAN Backdoor.Win32/PcClient.AA Checkin (trojan.rules)
  2020180 - ET CURRENT_EVENTS Nuclear EK Landing Jan 14 2014
(current_events.rules)
  2808661 - ETPRO MALWARE Adware.Win32.Midia.A Checkin (malware.rules)
  2809527 - ETPRO TROJAN Infostealer.Gamania Checkin (trojan.rules)


 [---]         Removed rules:         [---]

  2806019 - ETPRO TROJAN Win32/Zeprox.B Checkin (trojan.rules)
  2808696 - ETPRO MALWARE W32/iBryte.Adware Installer Download (malware.rules)
  2808739 - ETPRO TROJAN Backdoor.Linux.Ganiw.a C2 (trojan.rules)


More information about the Emerging-updates mailing list