[***] Summary: [***]
8 new Open signatures, 14 new Pro (8+6). Dyre, CVE-2014-6271, Flashpack, Bredolap/Rebhip/Bifrose, Win32.TrojanDropper.
Thanks: @EKwatcher and @kafeine.
[+++] Added rules: [+++]
Open:
2019318 – ET MOBILE_MALWARE Android/Code4hk.A Checkin (mobile_malware.rules)
2019319 – ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 30 2014 (current_events.rules)
2019320 – ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 30 2014 (current_events.rules)
2019321 – ET CURRENT_EVENTS Upatre redirector 29 Sept 2014 – POST (current_events.rules)
2019322 – ET EXPLOIT Possible OpenVPN CVE-2014-6271 attempt (exploit.rules)
2019323 – ET EXPLOIT Possible OpenVPN CVE-2014-6271 attempt (exploit.rules)
2019324 – ET CURRENT_EVENTS suspicious embedded zip file in web page (current_events.rules)
2019325 – ET CURRENT_EVENTS Flashpack Redirect Method 3 (current_events.rules)
Pro:
2808915 – ETPRO TROJAN Trojan.FakeAlert.CAF Checkin (trojan.rules)
2808916 – ETPRO TROJAN Bredolap/Rebhip/Bifrose Checkin 2 (trojan.rules)
2808918 – ETPRO MOBILE_MALWARE Android/SMSreg.BI Checkin (mobile_malware.rules)
2808920 – ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.mj Checkin (mobile_malware.rules)
2808921 – ETPRO TROJAN DDoS.XOR Checkin (trojan.rules)
2808922 – ETPRO TROJAN Win32.TrojanDropper.Startpage.klpp Checkin (trojan.rules)
[///] Modified active rules: [///]
2003437 – ET P2P Ares over UDP (p2p.rules)
2019134 – ET CURRENT_EVENTS Flashpack Redirect Method 2 (current_events.rules)
2808536 – ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Recal.a Checkin (mobile_malware.rules)
2808800 – ETPRO TROJAN Win32.Llac.bbeh downloading files (trojan.rules)
[---] Removed rules: [---]
2007975 – ET TROJAN Common Downloader Trojan Checkin (trojan.rules)
2008344 – ET TROJAN Suspicious User-Agent (DownloadNetFile) (trojan.rules)
The post Daily Ruleset Update Summary 09/30/2014 appeared first on Emerging Threats.