[Emerging-updates] Daily Ruleset Update Summary 2015/01/22

Francis Trudeau ftrudeau at emergingthreats.net
Thu Jan 22 19:16:24 EST 2015


 [***] Summary: [***]

 56 new Open signatures, 66 new Pro (56 + 10).  Scieron, CryptoWall,
Inception APT, ArticleFR CMS vulns.

 Thanks:  pckthck, Jack Mott, Balasubramaniam Natarajan, Jake Warren,
Pierre Schweitzer, @EKWatcher, @jaimeblascob, @rmkml.

 [+++]          Added rules:          [+++]

  2020237 - ET TROJAN Inception APT malware (trojan.rules)
  2020238 - ET MALWARE PUP.Win32.BoBrowser User-Agent (LogEvents)
(malware.rules)
  2020239 - ET MALWARE PUP.Win32.BoBrowser User-Agent (VersionDwl)
(malware.rules)
  2020240 - ET MALWARE PUP.Win32.BoBrowser User-Agent (BoBrowser)
(malware.rules)
  2020241 - ET TROJAN Backdoor.TurlaCarbon.A C2 HTTP Request (trojan.rules)
  2020242 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dyre CnC) (trojan.rules)
  2020243 - ET TROJAN Scieron Possible SSL Cert (trojan.rules)
  2020244 - ET TROJAN Scieron DNS Lookup (apple.dynamic-dns.net) (trojan.rules)
  2020245 - ET TROJAN Scieron DNS Lookup (autocar.ServeUser.com) (trojan.rules)
  2020246 - ET TROJAN Scieron DNS Lookup (blackblog.chatnook.com) (trojan.rules)
  2020247 - ET TROJAN Scieron DNS Lookup (bulldog.toh.info) (trojan.rules)
  2020248 - ET TROJAN Scieron DNS Lookup (cew58e.xxxy.info) (trojan.rules)
  2020249 - ET TROJAN Scieron DNS Lookup (coastnews.darktech.org) (trojan.rules)
  2020250 - ET TROJAN Scieron DNS Lookup (demon.4irc.com) (trojan.rules)
  2020251 - ET TROJAN Scieron DNS Lookup (dynamic.ddns.mobi) (trojan.rules)
  2020252 - ET TROJAN Scieron DNS Lookup (expert.4irc.com) (trojan.rules)
  2020253 - ET TROJAN Scieron DNS Lookup (football.mrbasic.com) (trojan.rules)
  2020254 - ET TROJAN Scieron DNS Lookup (gjjb.flnet.org) (trojan.rules)
  2020255 - ET TROJAN Scieron DNS Lookup (imirnov.ddns.info) (trojan.rules)
  2020256 - ET TROJAN Scieron DNS Lookup (jingnan88.chatnook.com) (trojan.rules)
  2020257 - ET TROJAN Scieron DNS Lookup (lehnjb.epac.to) (trojan.rules)
  2020258 - ET TROJAN Scieron DNS Lookup (logoff.25u.com) (trojan.rules)
  2020259 - ET TROJAN Scieron DNS Lookup (logoff.ddns.info) (trojan.rules)
  2020260 - ET TROJAN Scieron DNS Lookup (ls910329.my03.com) (trojan.rules)
  2020261 - ET TROJAN Scieron DNS Lookup (mailru.25u.com) (trojan.rules)
  2020262 - ET TROJAN Scieron DNS Lookup (Markshell.etowns.net) (trojan.rules)
  2020263 - ET TROJAN Scieron DNS Lookup (mydear.ddns.info) (trojan.rules)
  2020264 - ET TROJAN Scieron DNS Lookup (nazgul.zyns.com) (trojan.rules)
  2020265 - ET TROJAN Scieron DNS Lookup (newdyndns.scieron.com) (trojan.rules)
  2020266 - ET TROJAN Scieron DNS Lookup (newoutlook.darktech.org)
(trojan.rules)
  2020267 - ET TROJAN Scieron DNS Lookup (photocard.4irc.com) (trojan.rules)
  2020268 - ET TROJAN Scieron DNS Lookup (pricetag.deaftone.com) (trojan.rules)
  2020269 - ET TROJAN Scieron DNS Lookup (rubberduck.gotgeeks.com)
(trojan.rules)
  2020270 - ET TROJAN Scieron DNS Lookup (shutdown.25u.com) (trojan.rules)
  2020271 - ET TROJAN Scieron DNS Lookup (sorry.ns2.name) (trojan.rules)
  2020272 - ET TROJAN Scieron DNS Lookup (sskill.b0ne.com) (trojan.rules)
  2020273 - ET TROJAN Scieron DNS Lookup (text-First.flnet.org) (trojan.rules)
  2020274 - ET TROJAN Scieron DNS Lookup (uudog.4pu.com) (trojan.rules)
  2020275 - ET TROJAN Scieron DNS Lookup (will-smith.dtdns.net) (trojan.rules)
  2020276 - ET TROJAN Scieron DNS Lookup (ndcinformation.acmetoy.com)
(trojan.rules)
  2020277 - ET TROJAN Scieron DNS Lookup (service.authorizeddns.net)
(trojan.rules)
  2020278 - ET TROJAN Scieron DNS Lookup (text-first.trickip.org) (trojan.rules)
  2020279 - ET TROJAN Scieron DNS Lookup (yellowblog.flnet.org) (trojan.rules)
  2020280 - ET TROJAN DNS Query for Suspicious crptarv4hcu24ijv Domain
- CryptoWall Domains (trojan.rules)
  2020281 - ET TROJAN DNS Query for Suspicious crptbfoi5i54ubez Domain
- CryptoWall Domains (trojan.rules)
  2020282 - ET TROJAN DNS Query for Suspicious crptcj7wd4oaafdl Domain
- CryptoWall Domains (trojan.rules)
  2020283 - ET TROJAN DNS Query for Suspicious torwoman.com Domain -
Possible CryptoWall Activity (trojan.rules)
  2020284 - ET TROJAN DNS Query for Suspicious tolotor.com Domain -
Possible CryptoWall Activity (trojan.rules)
  2020285 - ET TROJAN DNS Query for Suspicious boltotor.com Domain -
Possible CryptoWall Activity (trojan.rules)
  2020286 - ET TROJAN DNS Query for Suspicious bonytor2.com Domain
-Possible CryptoWall Activity (trojan.rules)
  2020287 - ET TROJAN DNS Query for Suspicious speecostor.com Domain
-Possible CryptoWall Activity (trojan.rules)
  2020288 - ET CURRENT_EVENTS Possible Dyre SSL Cert Jan 22 2015
(current_events.rules)
  2020289 - ET CURRENT_EVENTS Possible Dyre SSL Cert Jan 22 2015
(current_events.rules)
  2020290 - ET CURRENT_EVENTS Possible Dyre SSL Cert Jan 22 2015
(current_events.rules)
  2020291 - ET CURRENT_EVENTS Possible Sweet Orange redirection Jan 22
2015 (current_events.rules)
  2020292 - ET TROJAN Generic DNS Query for Suspicious CryptoWall
(crpt) Domains (trojan.rules)

 Pro:

  2809563 - ETPRO MOBILE_MALWARE Android.Trojan.Lovespy.D Checkin
(mobile_malware.rules)
  2809564 - ETPRO TROJAN Win32/Zemot Checkin 2 (trojan.rules)
  2809565 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.AO Checkin 4
(mobile_malware.rules)
  2809566 - ETPRO WEB_SPECIFIC_APPS ArticleFR CMS SQLi Attempt
(web_specific_apps.rules)
  2809567 - ETPRO WEB_SPECIFIC_APPS ArticleFR CMS Shell Upload Attempt
(web_specific_apps.rules)
  2809568 - ETPRO TROJAN MSIL/Injector.HFA Checkin set (trojan.rules)
  2809569 - ETPRO TROJAN MSIL/Injector.HFA Checkin Response (trojan.rules)
  2809570 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.fb
Checkin 3 (mobile_malware.rules)
  2809571 - ETPRO CURRENT_EVENTS Waterbug PluginDetect URI Structure
(current_events.rules)
  2809572 - ETPRO TROJAN Trojan.Win32.VinSelf.p Malformed Checkin (trojan.rules)


 [///]     Modified active rules:     [///]

  2003337 - ET MALWARE Suspicious User Agent (Autoupdate) (malware.rules)
  2003449 - ET USER_AGENTS Webbuying.net Spyware Install User-Agent 2
(wb v1.6.4) (user_agents.rules)
  2010513 - ET WEB_SERVER Possible HTTP 401 XSS Attempt (Local Source)
(web_server.rules)
  2010963 - ET WEB_SERVER SELECT USER SQL Injection Attempt in URI
(web_server.rules)
  2014726 - ET POLICY Outdated Windows Flash Version IE (policy.rules)
  2014727 - ET POLICY Outdated Mac Flash Version (policy.rules)
  2020160 - ET CURRENT_EVENTS Upatre IE Redirector Receiving Payload
Jan 9 2015 (current_events.rules)
  2020212 - ET CURRENT_EVENTS Upatre Redirector IE Requesting Payload
Jan 19 2015 (current_events.rules)
  2803989 - ETPRO TROJAN Win32/Zegost.L Checkin (trojan.rules)


More information about the Emerging-updates mailing list