[Emerging-updates] Daily Ruleset Update Summary 2015/01/21

Francis Trudeau ftrudeau at emergingthreats.net
Wed Jan 21 17:22:01 EST 2015


 [***] Summary: [***]

 12 new Open signatures, 17 new Pro (12 + 5).  CryptoWall,
Critroni/CMS, Various Android.

 Thanks:  pckthck, tdzmont, Young Jack Mott, @kafeine, @EKWatcher and @rmkml.

 [+++]          Added rules:          [+++]

 Open:

  2020222 - ET TROJAN Win32/Nitol.A Checkin 2 (trojan.rules)
  2020223 - ET TROJAN Known Sinkhole Response abuse.ch (trojan.rules)
  2020224 - ET CURRENT_EVENTS Possible Successful Phishing Attempt Jan
20 2015 (current_events.rules)
  2020226 - ET TROJAN Critroni Variant .onion Proxy Domain (trojan.rules)
  2020228 - ET TROJAN DNS Query for Suspicious proxy1-1-1.i2p Domain -
Possible CryptoWall Activity (trojan.rules)
  2020229 - ET TROJAN DNS Query for Suspicious proxy2-2-2.i2p Domain -
Possible CryptoWall Activity (trojan.rules)
  2020230 - ET TROJAN DNS Query for Suspicious proxy3-3-3.i2p Domain -
Possible CryptoWall Activity (trojan.rules)
  2020231 - ET TROJAN DNS Query for Suspicious proxy4-4-4.i2p Domain -
Possible CryptoWall Activity (trojan.rules)
  2020232 - ET TROJAN DNS Query for Suspicious proxy5-5-5.i2p Domain -
Possible CryptoWall Activity (trojan.rules)
  2020233 - ET TROJAN CryptoWall CryptoWall 3.0 Check-in (trojan.rules)
  2020235 - ET TROJAN Mazilla Suspicious User-Agent Jan 15 2015 (trojan.rules)

 Pro:

  2809558 - ETPRO MALWARE PUP.Win32.Spigot Checkin (malware.rules)
  2809559 - ETPRO MOBILE_MALWARE Android.Adware.NoiconAds.A Checkin
(mobile_malware.rules)
  2809560 - ETPRO MOBILE_MALWARE Android.Adware.NoiconAds.A Checkin 2
(mobile_malware.rules)
  2809561 - ETPRO TROJAN Win32/Beaugrit.gen!AAA Checkin (trojan.rules)
  2809562 - ETPRO WEB_SPECIFIC_APPS INVEM CMS SQLi Attempt
(web_specific_apps.rules)


 [///]     Modified active rules:     [///]

  2014297 - ET POLICY Vulnerable Java Version 1.7.x Detected (policy.rules)
  2019401 - ET POLICY Vulnerable Java Version 1.8.x Detected (policy.rules)
  2809273 - ETPRO CURRENT_EVENTS DRIVEBY Magnitude Landing Dec 03 2014
(current_events.rules)


 [---]         Removed rules:         [---]

  2802186 - ETPRO TROJAN Dropper.Generic2.OXR Checkin (trojan.rules)
  2807591 - ETPRO TROJAN Win32/Beaugrit.gen!AAA Checkin (trojan.rules)


More information about the Emerging-updates mailing list