[Emerging-updates] Daily Ruleset Update Summary 2015/01/19

Francis Trudeau ftrudeau at emergingthreats.net
Mon Jan 19 18:14:30 EST 2015


 [***] Summary: [***]

 9 new Open signatures, 13 new Pro (9 + 4).  Dyre, vBSEO RCE, Angler, Dalexis.

 Thanks:  @kafeine @EKWatcher and @MalwareMustDie.

 [+++]          Added rules:          [+++]

 Open:

  2020204 - ET CURRENT_EVENTS Angler EK XTEA encrypted binary (8)
(current_events.rules)
  2020205 - ET TROJAN Possible Mailer Dropped by Dyre SSL Cert (trojan.rules)
  2020206 - ET TROJAN Critroni Variant .onion Proxy Domain (trojan.rules)
  2020208 - ET TROJAN Possible Dalexis Serial Number in SSL Cert (trojan.rules)
  2020209 - ET TROJAN Win32.ChinaZ.DDoSClient Checkin (trojan.rules)
  2020210 - ET TROJAN Critroni Variant .onion Proxy Domain (trojan.rules)
  2020211 - ET POLICY DNS Query to .onion proxy Domain (onion.gq) (policy.rules)
  2020212 - ET CURRENT_EVENTS Upatre Redirector IE Requesting Payload
Jan 19 2015 (current_events.rules)
  2020213 - ET TROJAN Critroni Variant .onion Proxy Domain 3 (trojan.rules)

 Pro:

  2809544 - ETPRO EXPLOIT vBSEO Plugin RCE Request Attempt (exploit.rules)
  2809546 - ETPRO TROJAN Linux/Setag.A Variant Checkin (trojan.rules)
  2809547 - ETPRO TROJAN Symmi payload download (trojan.rules)
  2809548 - ETPRO TROJAN Win32.Buzus HTTP Request (trojan.rules)


 [///]     Modified active rules:     [///]

  2016941 - ET TROJAN ISRStealer Checkin (trojan.rules)
  2019763 - ET CURRENT_EVENTS Job314/Neutrino Reboot EK Flash Exploit
Nov 20 2014 (current_events.rules)
  2019764 - ET CURRENT_EVENTS Job314/Neutrino Reboot EK Payload Nov 20
2014 (current_events.rules)
  2019833 - ET TROJAN Possible Dyre SSL Cert (fake state) (trojan.rules)
  2804312 - ETPRO MALWARE NSIS.Adware-BC Install 2 (malware.rules)
  2804608 - ETPRO TROJAN P2P-Worm.Win32.Palevo.bijc INSTALL (trojan.rules)
  2805520 - ETPRO TROJAN Win32/Teazodo.A!dll Checkin (trojan.rules)
  2806181 - ETPRO TROJAN W32/Jorik_Vobfus.KMJ!tr Checkin (trojan.rules)
  2806376 - ETPRO TROJAN Trojan-Spy.Win32.Ambler Checkin (trojan.rules)
  2807271 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.m Checkin
(mobile_malware.rules)
  2808629 - ETPRO MALWARE PUP Win32/bmMedia.D Checkin (malware.rules)
  2809487 - ETPRO DOS MS Telnet Service DoS Vulnerability
CVE-2015-0014 (dos.rules)
  2809534 - ETPRO TROJAN Linux/Setag.A Checkin (trojan.rules)


More information about the Emerging-updates mailing list