[Emerging-updates] Daily Ruleset Update Summary 2015/01/29

Francis Trudeau ftrudeau at emergingthreats.net
Thu Jan 29 17:14:43 EST 2015


 [***] Summary: [***]

 4 new Open, 22 new Pro signatures (4 + 18).  D-Link DSL-2740R vuln,
SiR-DoOoM, KJw0rm, Citroni/CTB Locker, Kakfum.

 Thanks:  Eoin Miller, Wbbigdave, @rmkml, @abuse_ch, and @spookerlabs.

 [+++]          Added rules:          [+++]

 Open:

  2020329 - ET TROJAN Unknown Mailer CnC Beacon 2 (trojan.rules)
  2020330 - ET TROJAN Unknown Mailer CnC Beacon (trojan.rules)
  2020331 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2020332 - ET CURRENT_EVENTS Possible PHISH Dropbox - Landing Page -
Title over non SSL (current_events.rules)

 Pro:

  2809624 - ETPRO EXPLOIT D-Link DSL-2740R Remote DNS Change Attempt
(exploit.rules)
  2809625 - ETPRO TROJAN VBS/Jenxcus.A Checkin (trojan.rules)
  2809626 - ETPRO TROJAN SiR-DoOoM worm User-Agent (trojan.rules)
  2809627 - ETPRO TROJAN KJw0rm User-Agent (trojan.rules)
  2809628 - ETPRO TROJAN SiR-DoOoM worm CnC Beacon (trojan.rules)
  2809629 - ETPRO TROJAN KJw0rm CnC Beacon (trojan.rules)
  2809630 - ETPRO TROJAN SiR-DoOoM worm CnC Beacon Response (trojan.rules)
  2809631 - ETPRO TROJAN Critroni Variant .onion Proxy Domain (trojan.rules)
  2809632 - ETPRO MOBILE_MALWARE Android Hideicon Download
(mobile_malware.rules)
  2809633 - ETPRO TROJAN Win32/ProxyChanger.EO Receiving Proxy.pac
(trojan.rules)
  2809634 - ETPRO EXPLOIT VSAT Sailor 900 Exploit Attempt (exploit.rules)
  2809635 - ETPRO WEB_SPECIFIC_APPS jclassifiedsmanager SQLi Attempt
(web_specific_apps.rules)
  2809636 - ETPRO MOBILE_MALWARE Android/Locker.Q Checkin (mobile_malware.rules)
  2809637 - ETPRO TROJAN Kakfum CnC Beacon 1 (trojan.rules)
  2809638 - ETPRO TROJAN Kakfum CnC Beacon 2 (trojan.rules)
  2809639 - ETPRO TROJAN Kakfum Possible DNS Query 1 (trojan.rules)
  2809640 - ETPRO TROJAN Kakfum Possible DNS Query 2 (trojan.rules)
  2809641 - ETPRO TROJAN Kakfum Possible DNS Query 3 (trojan.rules)


 [///]     Modified active rules:     [///]

  2002160 - ET MALWARE CoolWebSearch Spyware (Feat) (malware.rules)
  2014701 - ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port
Opcode 6 or 7 set - Likely Kazy (dns.rules)
  2018277 - ET DOS Possible WordPress Pingback DDoS in Progress
(Inbound) (dos.rules)
  2019764 - ET CURRENT_EVENTS Job314/Neutrino Reboot EK Payload Nov 20
2014 (current_events.rules)
  2020221 - ET WEB_SPECIFIC_APPS WP Generic revslider Arbitrary File
Download (web_specific_apps.rules)
  2020325 - ET EXPLOIT CVE-2015-0235 Exim Buffer Overflow Attempt
(HELO) (exploit.rules)
  2020326 - ET EXPLOIT CVE-2015-0235 Exim Buffer Overflow Attempt
(EHLO) (exploit.rules)
  2020327 - ET WEB_SPECIFIC_APPS Wordpress PingBack Possible GHOST
attempt (web_specific_apps.rules)
  2808340 - ETPRO MALWARE PUP Win32/4Shared.U Checkin (malware.rules)
  2808776 - ETPRO TROJAN Win32/ProxyChanger.EO Checkin 2 (trojan.rules)
  2808957 - ETPRO MOBILE_MALWARE Trojan.Android.Leadbolt.B Checkin
(mobile_malware.rules)


 [---]  Disabled and modified rules:  [---]

  2016061 - ET WEB_SPECIFIC_APPS Possible WordpressPingbackPortScanner
detected  (web_specific_apps.rules)


More information about the Emerging-updates mailing list