[***] Summary: [***]
3 new Open signatures, 12 new Pro (3 + 9). Galaxy Knox RCE, Qhost.Banker, SmsSpy.FS.
Thanks: Jake Warren, Russell Fulton, @rmkml and @kafeine
[+++] Added rules: [+++]
Open:
2019746 – ET POLICY Bitmessage Activity (policy.rules)
2019747 – ET TROJAN ELF_BASHLITE.SMB Dropping Files (trojan.rules)
2019750 – ET WEB_CLIENT Samsung Galaxy Knox Android Browser RCE smdm attempt (web_client.rules)
Pro:
2809215 – ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Binv.a Checkin (mobile_malware.rules)
2809216 – ETPRO MOBILE_MALWARE Android.Trojan.SmsSpy.FS Checkin (mobile_malware.rules)
2809217 – ETPRO TROJAN Win32/Filecoder.DG Checkin (trojan.rules)
2809218 – ETPRO MALWARE PUP Win32/AdWare.Loadshop Checkin (malware.rules)
2809219 – ETPRO TROJAN Win32/Qhost.Banker.PB Checkin – SET (trojan.rules)
2809220 – ETPRO TROJAN Win32/Qhost.Banker.PB Checkin (trojan.rules)
2809221 – ETPRO MOBILE_MALWARE Monitor.AndroidOS.SilTracker.a Checkin (mobile_malware.rules)
2809222 – ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Wroba.b Checkin (mobile_malware.rules)
2809223 – ETPRO TROJAN Win32/TrojanDownloader.Autoit.NVF Checkin (trojan.rules)
[///] Modified active rules: [///]
2018448 – ET TROJAN Sefnit Checkin (trojan.rules)
2018449 – ET TROJAN Potential Sefint C2 traffic (from server) (trojan.rules)
2019743 – ET CURRENT_EVENTS SPL2 EK PluginDetect Data Hash Nov 18 2014 (current_events.rules)
The post Daily Ruleset Update Summary 11/19/2014 appeared first on Emerging Threats.
