[Emerging-updates] [Emerging-Sigs] Daily Ruleset Update Summary 2015/01/14

Francis Trudeau ftrudeau at emergingthreats.net
Mon Jan 19 16:23:50 EST 2015


Jagadeesh, I talked to some folks here, the docs were being messed up
by an old script that assumed they would always be 201xxxx.

It should be fixed now, let me know if you see the things you need.

Thanks,

Francis



On Sun, Jan 18, 2015 at 9:46 PM, JKSG <jkadeesh at yahoo.com> wrote:
> Folks,
>
> Not sure whether I am missing some information - Accessed http://doc.emergingthreats.net/bin/view/Main/WebTopicList and there too, I do NOT find any entries later 2019999 (For example, I do not find any info. for the recent rule: 2020197 neither in the index nor through search).  Could you please help?
>
> Advance Thanks and Regards,
> Jagadeesh. P
>
> -----Original Message-----
> From: JKSG [mailto:jkadeesh at yahoo.com]
> Sent: Friday, January 16, 2015 10:32 AM
> To: 'Francis Trudeau'; 'Emerging Sigs'; 'Emerging-updates redirect'
> Subject: RE: [Emerging-Sigs] Daily Ruleset Update Summary 2015/01/14
>
> Tried to check the details of 2020181 using http://doc.emergingthreats.net/bin/view/Main/2020181 but did not get any results.  Same goes with other Open entries too.  Doing a manual search also did not reveal any information.
>
> Am I using any wrong method to look for the data specific to these new Open rules?  Thank you in advance for your help on this.
>
> -----Original Message-----
> From: Francis Trudeau [mailto:ftrudeau at emergingthreats.net]
> Sent: Thursday, January 15, 2015 4:30 AM
> To: Emerging Sigs; Emerging-updates redirect; ETPro-sigs List
> Subject: [Emerging-Sigs] Daily Ruleset Update Summary 2015/01/14
>
>  [***] Summary: [***]
>
>  7 new Open signatures, 13 new Pro (7 + 6).  KOVTER.B, Koler.D, Rovnix.J.
>
>  Thanks:  Anshuman Anil Deshmukh, Russell Fulton, @EKWatcher, @kafeine and @abuse_ch.
>
>  [+++]          Added rules:          [+++]
>
>  Open:
>
>   2020181 - ET TROJAN WIN32/KOVTER.B Checkin (trojan.rules)
>   2020182 - ET TROJAN Cryptowall 3.0 .onion Proxy Domain (trojan.rules)
>   2020183 - ET POLICY DNS Query to .onion proxy Domain (torforall.com)
> (policy.rules)
>   2020184 - ET POLICY DNS Query to .onion proxy Domain (torman2.com)
> (policy.rules)
>   2020185 - ET POLICY DNS Query to .onion proxy Domain (torwoman.com)
> (policy.rules)
>   2020186 - ET POLICY DNS Query to .onion proxy Domain
> (torroadsters.com) (policy.rules)
>   2020187 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (trojan.rules)
>
>  Pro:
>
>   2809513 - ETPRO MOBILE_MALWARE Android.Trojan.Koler.D HTTP Checkin
> (mobile_malware.rules)
>   2809514 - ETPRO MALWARE InstallIQ Installer HTTP Checkin (malware.rules)
>   2809515 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.en Checkin (mobile_malware.rules)
>   2809516 - ETPRO TROJAN Win32/Rovnix.J Checkin 2 (trojan.rules)
>   2809517 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.SD Checkin 2
> (mobile_malware.rules)
>   2809518 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.az Checkin
> 2 (mobile_malware.rules)
>
>
>  [///]     Modified active rules:     [///]
>
>   2019952 - ET TROJAN Bedep Checkin Response (trojan.rules)
>   2806158 - ETPRO MOBILE_MALWARE Android/Agent.KA!tr Checkin
> (mobile_malware.rules)
>   2809454 - ETPRO MALWARE Adware.iBryte.B Install POST Request (malware.rules)
>
>
>  [---]         Removed rules:         [---]
>
>   2403365 - ET CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules)
>   2806847 - ETPRO TROJAN WIN32/KOVTER.B Checkin (trojan.rules)
>
>


More information about the Emerging-updates mailing list