[***] Summary: [***]
15 new Open signatures, 30 new Pro (15+15). ScanBox, iBryte, BIG-IP rsync vuln, Archie EK.
Thanks: @jaimeblascob and @kafeine
[+++] Added rules: [+++]
2019084 – ET TROJAN Syrian Malware Checkin (trojan.rules)
2019085 – ET EXPLOIT Metasploit FireFox WebIDL Privileged Javascript Injection (exploit.rules)
2019086 – ET CURRENT_EVENTS Unknown Trojan Dropped by Angler Aug 29 2014 (current_events.rules)
2019087 – ET TROJAN F5 BIG-IP rsync cmi access attempt (trojan.rules)
2019088 – ET TROJAN F5 BIG-IP rsync cmi authorized_keys access attempt (trojan.rules)
2019089 – ET TROJAN F5 BIG-IP rsync cmi authorized_keys successful exfiltration (trojan.rules)
2019090 – ET TROJAN F5 BIG-IP rsync cmi authorized_keys successful upload (trojan.rules)
2019091 – ET EXPLOIT Metasploit Random Base CharCode JS Encoded String (exploit.rules)
2019093 – ET CURRENT_EVENTS ScanBox Framework used in WateringHole Attacks (current_events.rules)
2019094 – ET CURRENT_EVENTS ScanBox Framework used in WateringHole Attacks Intial (POST) (current_events.rules)
2019095 – ET CURRENT_EVENTS ScanBox Framework used in WateringHole Attacks (POST) PluginData (current_events.rules)
2019096 – ET CURRENT_EVENTS ScanBox Framework used in WateringHole Attacks KeepAlive (current_events.rules)
2019097 – ET CURRENT_EVENTS Archie EK SilverLight URI Struct (current_events.rules)
2019098 – ET CURRENT_EVENTS Archie EK Sending Plugin-Detect Data (current_events.rules)
2019099 – ET CURRENT_EVENTS Possible Archie/Metasploit SilverLight Exploit (current_events.rules)
Pro:
2808696 – ETPRO MALWARE W32/iBryte.Adware Installer Download (malware.rules)
2808697 – ETPRO MOBILE_MALWARE Android/AndroRAT.B Checkin (mobile_malware.rules)
2808698 – ETPRO TROJAN Win32/Paskod.B Downloading Files (trojan.rules)
2808699 – ETPRO TROJAN Win32/KFTC.Downloader Checkin (trojan.rules)
2808700 – ETPRO TROJAN Win32/KFTC.Downloader Checkin 2 (trojan.rules)
2808701 – ETPRO TROJAN Win32.Farfli.gq Requesting data (trojan.rules)
2808702 – ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.IW Checkin (mobile_malware.rules)
2808703 – ETPRO MOBILE_MALWARE Android/DDLight.A Checkin (mobile_malware.rules)
2808704 – ETPRO MALWARE PUP Win32/Adware.MediaFinder Checkin 2 (malware.rules)
2808705 – ETPRO MOBILE_MALWARE Android/SmsSpy.AH Checkin (mobile_malware.rules)
2808706 – ETPRO TROJAN Win32/CoinMiner.SO .exe download 2 (trojan.rules)
2808707 – ETPRO TROJAN Trojan.Keylog!1.9946 Checkin (trojan.rules)
2808708 – ETPRO TROJAN Win32.Farfli Requesting data 2 (trojan.rules)
2808709 – ETPRO TROJAN suspicious X-Mailer (Blat v2) (trojan.rules)
2808710 – ETPRO TROJAN Win32/BrowserPassview sending passwords via SMTP (trojan.rules)
[///] Modified active rules: [///]
2018362 – ET CURRENT_EVENTS DRIVEBY Nuclear EK SWF (current_events.rules)
2018873 – ET TROJAN Tor based locker Ransom Page (trojan.rules)
2019034 – ET CURRENT_EVENTS Possible Upatre SSL Cert dineshuthayakumar.in (current_events.rules)
2801865 – ETPRO TROJAN Backdoor Darkshell Reporting to CnC (trojan.rules)
2805820 – ETPRO MOBILE_MALWARE Android/FkToken.A Checkin (mobile_malware.rules)
2806210 – ETPRO MOBILE_MALWARE AndroidOS/Gappusin.A Checkin (mobile_malware.rules)
2808138 – ETPRO MOBILE_MALWARE Android/Battpatch.A Checkin (mobile_malware.rules)
2808677 – ETPRO MOBILE_MALWARE Android/SMForw.AT Checkin (mobile_malware.rules)
2808678 – ETPRO MOBILE_MALWARE Android/SMForw.AT Checkin 2 (mobile_malware.rules)
[---] Removed rules: [---]
2014153 – ET CURRENT_EVENTS High Orbit Ion Cannon (HOIC) Attack Inbound Generic Detection Double Spaced UA (current_events.rules)
2018976 – ET MALWARE Hoic.zip retrieval (malware.rules)
2018977 – ET MALWARE HOIC with booster outbound (malware.rules)
2018978 – ET WEB_SERVER HOIC with booster inbound (web_server.rules)
The post Daily Ruleset Update Summary 08/29/2014 appeared first on Emerging Threats.