[Emerging-updates] Daily Ruleset Update Summary 2015/01/20

Francis Trudeau ftrudeau at emergingthreats.net
Tue Jan 20 17:25:22 EST 2015


 [***] Summary: [***]

 [+++]          Added rules:          [+++]

 8 new Open signatures, 17 new Pro (8 + 9).  PCRat/Gh0st, ABUSE.CH SSL
Blacklist certs, various AndroidOS.

 Thanks:  @MalwareMustDie and @abuse_ch.

 Open:

  2020214 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic
(OUTBOUND) 44 (trojan.rules)
  2020215 - ET TROJAN Backdoor.Win32.PcClient.bal CnC (OUTBOUND) 5
(trojan.rules)
  2020216 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (URLzone CnC) (trojan.rules)
  2020217 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dyre CnC) (trojan.rules)
  2020218 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dyre CnC) (trojan.rules)
  2020219 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2020220 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2020221 - ET WEB_SPECIFIC_APPS WP Generic revslider Arbitrary File
Download (web_specific_apps.rules)

 Pro:

  2809549 - ETPRO MALWARE PUP Win32.Systweak.K Retrieving External IP
(malware.rules)
  2809550 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.fa Checkin
(mobile_malware.rules)
  2809551 - ETPRO TROJAN WIN.TROJAN.TWERKET Checkin (trojan.rules)
  2809552 - ETPRO MOBILE_MALWARE Android Backdoor PoisonCake Checkin
(mobile_malware.rules)
  2809553 - ETPRO MOBILE_MALWARE Android/AdDisplay.Dianru.A Checkin
(mobile_malware.rules)
  2809554 - ETPRO MOBILE_MALWARE Android.Trojan.Kysn.A Checkin
(mobile_malware.rules)
  2809555 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.a
Checkin 10 (mobile_malware.rules)
  2809556 - ETPRO MALWARE PUP.Win32.InstallCore.BG Checkin (malware.rules)
  2809557 - ETPRO MOBILE_MALWARE Android.Trojan.FakeInst.JW Checkin
(mobile_malware.rules)


 [///]     Modified active rules:     [///]

  2019201 - ET TROJAN Backdoor.Win32/PcClient.AA Checkin (trojan.rules)
  2019733 - ET EXPLOIT Possible Internet Explorer VBscript failure to
handle error case information disclosure CVE-2014-6332 Common Function
Name (exploit.rules)
  2020205 - ET TROJAN Possible Mailer Dropped by Dyre SSL Cert (trojan.rules)
  2805492 - ETPRO TROJAN Backdoor.Win32.A.Hupigon.78292 UPX (trojan.rules)
  2808884 - ETPRO MALWARE PUA.Kuaiba Checkin (malware.rules)


More information about the Emerging-updates mailing list