[prev in list] [next in list] [prev in thread] [next in thread]
List: emerging-sigs
Subject: [Emerging-Sigs] Daily Ruleset Update Summary 2015/04/29
From: Francis Trudeau <ftrudeau () emergingthreats ! net>
Date: 2015-04-30 16:57:28
Message-ID: CAA-Ja_6pvtWPK2aW6bzmXyxd02nJw=TRy=_6394bvTS-=XfJQw () mail ! gmail ! com
[Download RAW message or body]
[***] Summary: [***]
13 new Open signatures, 28 new Pro (13 + 15). CottonCastle/Niteris,
BePush/Kilim, Angler, Linux.Mumblehard.
Thanks: @kafeine.
[+++] Added rules: [+++]
Open:
2020348 - ET TROJAN BePush/Kilim Checkin (trojan.rules)
2020349 - ET TROJAN BePush/Kilim Checkin response (trojan.rules)
2020350 - ET TROJAN BePush/Kilim payload retrieval (trojan.rules)
2021030 - ET TROJAN BePush/Kilim CnC Beacon (trojan.rules)
2021031 - ET TROJAN Malicious SSL Cert (KINS C2) (trojan.rules)
2021032 - ET TROJAN Malicious SSL Cert (KINS C2) (trojan.rules)
2021033 - ET CURRENT_EVENTS CottonCastle/Niteris EK Landing URI
Struct April 29 2015 M1 (current_events.rules)
2021034 - ET CURRENT_EVENTS CottonCastle/Niteris EK Landing URI
Struct April 29 2015 M2 (current_events.rules)
2021035 - ET CURRENT_EVENTS CottonCastle/Niteris EK Java Exploit URI
Struct April 29 2015 (current_events.rules)
2021036 - ET CURRENT_EVENTS CottonCastle/Niteris EK URI Struct April
29 2015 (current_events.rules)
2021037 - ET CURRENT_EVENTS CottonCastle/Niteris EK Payload April 29
2015 (current_events.rules)
2021038 - ET CURRENT_EVENTS CottonCastle/Niteris EK POST Beacon
April 29 2015 (current_events.rules)
2021039 - ET CURRENT_EVENTS CottonCastle/Niteris EK Landing April 29
2015 (current_events.rules)
Pro:
2810859 - ETPRO TROJAN Linux.Mumblehard Initial Checkin (trojan.rules)
2810861 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(12MxiiCgXWwN5FwaFjrs64U1hQH4X2i9fV) (trojan.rules)
2810862 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(yezi.2) (trojan.rules)
2810863 - ETPRO CURRENT_EVENTS Angler EK Landing T1 April 29 2015 M1
(current_events.rules)
2810864 - ETPRO CURRENT_EVENTS Angler EK Landing T1 April 29 2015 M2
(current_events.rules)
2810865 - ETPRO CURRENT_EVENTS Angler EK Landing T1 April 29 2015 M3
(current_events.rules)
2810866 - ETPRO CURRENT_EVENTS Angler EK Landing T1 April 29 2015 M4
(current_events.rules)
2810867 - ETPRO CURRENT_EVENTS Angler EK Landing T1 April 29 2015 M5
(current_events.rules)
2810868 - ETPRO CURRENT_EVENTS Angler EK Flash T1 April 29 2015 M2
(current_events.rules)
2810869 - ETPRO CURRENT_EVENTS Angler EK Flash T1 April 29 2015 M3
(current_events.rules)
2810870 - ETPRO CURRENT_EVENTS Angler EK SilverLight T1 April 29
2015 M2 (current_events.rules)
2810871 - ETPRO CURRENT_EVENTS Angler EK Payload T1 April 29 2015 M2
(current_events.rules)
2810872 - ETPRO CURRENT_EVENTS Angler EK Landing T1 April 29 2015 M4
Trans (current_events.rules)
2810873 - ETPRO CURRENT_EVENTS Angler EK Landing T1 April 29 2015 M5
Trans (current_events.rules)
2810874 - ETPRO TROJAN Linux/DDoS.Sotdas Checkin (trojan.rules)
[///] Modified active rules: [///]
2809522 - ETPRO TROJAN Qbot Checkin (trojan.rules)
2810192 - ETPRO TROJAN Linux.DDoS Variant Checkin (trojan.rules)
2810858 - ETPRO CURRENT_EVENTS Angler EK Landing T1 April 28 2015 M3
Trans (current_events.rules)
[---] Removed rules: [---]
2020348 - ET CURRENT_EVENTS Facebook Trojan 2015-01-29 / Symmi
variant Checkin (current_events.rules)
2020349 - ET CURRENT_EVENTS Facebook Trojan 2015-01-29 / Symmi
variant Checkin response (current_events.rules)
2020350 - ET CURRENT_EVENTS Facebook Trojan 2015-01-29 / Symmi
variant payload retrieval (current_events.rules)
_______________________________________________
Emerging-sigs mailing list
Emerging-sigs@lists.emergingthreats.net
https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreats.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic