Daily Ruleset Update Summary 12/03/2014

[***] Summary: [***]

27 new Open signatures, 34 new Pro (27 + 7). Operation Cleaver, Nuclear EK, Rovnix, Magnitude.

Thanks: Kevin Ross, pckthck, @jaimeblascob.

[+++] Added rules: [+++]

2019847 – ET TROJAN Upatre Common URI Struct Dec 01 2014 (trojan.rules)
2019848 – ET TROJAN Sony Breach Wiper Callout (trojan.rules)
2019849 – ET TROJAN Possible Sony Breach Wiper Malware Download (trojan.rules)
2019850 – ET WEB_CLIENT PDF With Hidden Embedded File (web_client.rules)
2019851 – ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019852 – ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019853 – ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019854 – ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019855 – ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019856 – ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019857 – ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019858 – ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019859 – ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019860 – ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019861 – ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019862 – ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019863 – ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019864 – ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019865 – ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019866 – ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019867 – ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019868 – ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019869 – ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019870 – ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019871 – ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019872 – ET CURRENT_EVENTS DRIVEBY Nuclear EK Payload (flowbits set) (current_events.rules)
2019873 – ET CURRENT_EVENTS DRIVEBY Nuclear EK Payload (current_events.rules)

Pro:

2809269 – ETPRO TROJAN Rovnix CnC Beacon (trojan.rules)
2809270 – ETPRO TROJAN Win32/Jadtre.L Connectivity Check (trojan.rules)
2809271 – ETPRO TROJAN Win32.Staser variant Checkin (trojan.rules)
2809272 – ETPRO TROJAN Win32.Staser variant Checkin Response (trojan.rules)
2809273 – ETPRO CURRENT_EVENTS DRIVEBY Magnitude Landing Dec 03 2014 (current_events.rules)
2809274 – ETPRO TROJAN Win32/Belot Checkin (trojan.rules)
2809275 – ETPRO CURRENT_EVENTS DRIVEBY Magnitude IE Exploit Dec 03 2014 (current_events.rules)
[///] Modified active rules: [///]

2019763 – ET CURRENT_EVENTS Job314/Neutrino Reboot EK Flash Exploit Nov 20 2014 (current_events.rules)
2019799 – ET CURRENT_EVENTS Magnitude Flash Exploit (IE) (current_events.rules)
2019833 – ET TROJAN Possible Dyre SSL Cert (fake state) (trojan.rules)
2805989 – ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Fakengry.b Checkin 3 (mobile_malware.rules)
2807741 – ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Fakengry.b Checkin 2 (mobile_malware.rules)
2809251 – ETPRO TROJAN Win32/Notodar Checkin (trojan.rules)
2809267 – ETPRO TROJAN W32/TinyZBot Connectivity Check (Operation Cleaver) (trojan.rules)
[---] Removed rules: [---]

2809254 – ETPRO TROJAN Upatre Common URI Struct Dec 01 2014 (trojan.rules)

The post Daily Ruleset Update Summary 12/03/2014 appeared first on Emerging Threats.