Daily Ruleset Update Summary 10/08/2014

[***] Summary: [***]

13 new Open signatures, 19 new Pro (13+6): Sednit EK, Various Android, Bugzilla vulns.

Thanks: ESET, Jake Warren, @rmkml, @ekse0x, @abuse_ch.

[+++] Added rules: [+++]

Open:

2019363 – ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (trojan.rules)
2019364 – ET WEB_SPECIFIC_APPS Bugzilla token.cgi HPP e-mail validation bypass Attempt URI (web_specific_apps.rules)
2019365 – ET WEB_SPECIFIC_APPS Bugzilla token.cgi HPP e-mail validation bypass Attempt Client Body (web_specific_apps.rules)
2019366 – ET POLICY 2Downloadz.com File Sharing User-Agent (policy.rules)
2019367 – ET CURRENT_EVENTS DRIVEBY Sednit EK Landing (current_events.rules)
2019368 – ET CURRENT_EVENTS DRIVEBY Sednit EK IE Exploit CVE-2014-1776 M1 (current_events.rules)
2019369 – ET CURRENT_EVENTS DRIVEBY Sednit EK IE Exploit CVE-2014-1776 M2 (current_events.rules)
2019370 – ET CURRENT_EVENTS DRIVEBY Sednit EK IE Exploit CVE-2014-1776 M3 (current_events.rules)
2019371 – ET CURRENT_EVENTS DRIVEBY Sednit EK IE Exploit CVE-2013-1347 M1 (current_events.rules)
2019372 – ET CURRENT_EVENTS DRIVEBY Sednit EK IE Exploit CVE-2013-1347 M2 (current_events.rules)
2019373 – ET CURRENT_EVENTS DRIVEBY Generic CollectGarbage in JJEncode (Observed in Sednit) (current_events.rules)
2019374 – ET CURRENT_EVENTS DRIVEBY Sednit EK IE Exploit CVE-2013-3897 M1 (current_events.rules)
2019375 – ET CURRENT_EVENTS Possible Sweet Orange redirection Oct 8 2014 (current_events.rules)

Pro:

2808953 – ETPRO MOBILE_MALWARE Android.Trojan.FakeInst.DU Checkin (mobile_malware.rules)
2808954 – ETPRO MOBILE_MALWARE AndroidOS.GoldDream.U Checkin (mobile_malware.rules)
2808955 – ETPRO MOBILE_MALWARE Android/Ksapp.L Checkin (mobile_malware.rules)
2808956 – ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Helir.f Checkin (mobile_malware.rules)
2808957 – ETPRO MOBILE_MALWARE Trojan.Android.Leadbolt.B Checkin (mobile_malware.rules)
2808958 – ETPRO TROJAN Backdoor.Cakwerd Dropping Files (trojan.rules)
[///] Modified active rules: [///]

2015835 – ET TROJAN Smoke Loader C2 Response (trojan.rules)
2019338 – ET CURRENT_EVENTS DRIVEBY Generic CollectGarbage in Hex (current_events.rules)
2806259 – ETPRO MOBILE_MALWARE Android/Joye.A Checkin (mobile_malware.rules)
2807579 – ETPRO TROJAN Backdoor/Win32.Hupigon Checkin (trojan.rules)
2808697 – ETPRO MOBILE_MALWARE Android/AndroRAT.B Checkin (mobile_malware.rules)
2808805 – ETPRO TROJAN Win32/Cendelf.gen!A checkin (trojan.rules)
[---] Removed rules: [---]

2019362 – ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 42 (trojan.rules)

The post Daily Ruleset Update Summary 10/08/2014 appeared first on Emerging Threats.