[Emerging-updates] Daily Ruleset Update Summary 2015/01/07

Will Metcalf wmetcalf at emergingthreatspro.com
Wed Jan 7 19:13:37 EST 2015


  [+++]          Summary:          [+++]

 54 new Open. 59 New Pro (54/5). SSL Blacklist, .onion Proxies, Dridex,
etc. tks @kafeine, at abuse_ch, at EKwatcher.

 [+++]          Added rules:          [+++]

  2020104 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Malware CnC) (trojan.rules)
  2020105 - ET POLICY Possible IP Check ip-addr.es (policy.rules)
  2020106 - ET POLICY Possible IP Check curlmyip.com (policy.rules)
  2020107 - ET POLICY DNS Query to .onion proxy Domain (bladetor.com)
(policy.rules)
  2020108 - ET POLICY DNS Query to .onion proxy Domain (bonytor.com)
(policy.rules)
  2020109 - ET POLICY DNS Query to .onion proxy Domain (bortor.com)
(policy.rules)
  2020110 - ET POLICY DNS Query to .onion proxy Domain (browsetor.com)
(policy.rules)
  2020111 - ET POLICY DNS Query to .onion proxy Domain (door2tor.org)
(policy.rules)
  2020112 - ET POLICY DNS Query to .onion proxy Domain (enter2tor.com)
(policy.rules)
  2020113 - ET POLICY DNS Query to .onion proxy Domain (jamator.com)
(policy.rules)
  2020114 - ET POLICY DNS Query to .onion proxy Domain (onion2web.com)
(policy.rules)
  2020115 - ET POLICY DNS Query to .onion proxy Domain (onion.lt)
(policy.rules)
  2020116 - ET POLICY DNS Query to .onion proxy Domain (onion.to)
(policy.rules)
  2020117 - ET POLICY DNS Query to .onion proxy Domain (pay2tor.com)
(policy.rules)
  2020118 - ET POLICY DNS Query to .onion proxy Domain (pay4tor.com)
(policy.rules)
  2020119 - ET POLICY DNS Query to .onion proxy Domain (payrobotor.com)
(policy.rules)
  2020120 - ET POLICY DNS Query to .onion proxy Domain (poltornik.com)
(policy.rules)
  2020121 - ET POLICY DNS Query to .onion proxy Domain (slavetor.com)
(policy.rules)
  2020122 - ET POLICY DNS Query to .onion proxy Domain (tanktor.com)
(policy.rules)
  2020123 - ET POLICY DNS Query to .onion proxy Domain (tor2pay.com)
(policy.rules)
  2020124 - ET POLICY DNS Query to .onion proxy Domain (tor2www.com)
(policy.rules)
  2020125 - ET POLICY DNS Query to .onion proxy Domain (tor4life.com)
(policy.rules)
  2020126 - ET POLICY DNS Query to .onion proxy Domain (tor4pay.com)
(policy.rules)
  2020127 - ET POLICY DNS Query to .onion proxy Domain (toralpacho.com)
(policy.rules)
  2020128 - ET POLICY DNS Query to .onion proxy Domain (torbama.com)
(policy.rules)
  2020129 - ET POLICY DNS Query to .onion proxy Domain (torchek.com)
(policy.rules)
  2020130 - ET POLICY DNS Query to .onion proxy Domain (torexplorer.com)
(policy.rules)
  2020131 - ET POLICY DNS Query to .onion proxy Domain (torforlove.com)
(policy.rules)
  2020132 - ET POLICY DNS Query to .onion proxy Domain (torjam.com)
(policy.rules)
  2020133 - ET POLICY DNS Query to .onion proxy Domain (torminater.com)
(policy.rules)
  2020134 - ET POLICY DNS Query to .onion proxy Domain (torpacho.com)
(policy.rules)
  2020135 - ET POLICY DNS Query to .onion proxy Domain (torpaycash.com)
(policy.rules)
  2020136 - ET POLICY DNS Query to .onion proxy Domain (torpaycnf.com)
(policy.rules)
  2020137 - ET POLICY DNS Query to .onion proxy Domain (torpayeur.com)
(policy.rules)
  2020138 - ET POLICY DNS Query to .onion proxy Domain (torpayusd.com)
(policy.rules)
  2020139 - ET POLICY DNS Query to .onion proxy Domain (
torprivatebrowsing.org) (policy.rules)
  2020140 - ET POLICY DNS Query to .onion proxy Domain (torsanctions.com)
(policy.rules)
  2020141 - ET POLICY DNS Query to .onion proxy Domain (torsona.com)
(policy.rules)
  2020142 - ET POLICY DNS Query to .onion proxy Domain (torvsusd.com)
(policy.rules)
  2020143 - ET POLICY DNS Query to .onion proxy Domain (torwild.com)
(policy.rules)
  2020144 - ET POLICY DNS Query to .onion proxy Domain (torwinner.com)
(policy.rules)
  2020145 - ET POLICY DNS Query to .onion proxy Domain (totortoweb.com)
(policy.rules)
  2020146 - ET POLICY DNS Query to .onion proxy Domain (vtorchike.com)
(policy.rules)
  2020147 - ET POLICY DNS Query to .onion proxy Domain (walterwtor.com)
(policy.rules)
  2020148 - ET CURRENT_EVENTS MS Office Macro Dridex Download URI Jan 7
2015 (current_events.rules)
  2020149 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2020150 - ET TROJAN Unknown Downloader Checkin x86 (trojan.rules)
  2020151 - ET TROJAN Unknown Downloader Checkin x64 (trojan.rules)
  2020152 - ET TROJAN Unknown Downloader Sending UUID and Processes x86
(trojan.rules)
  2020153 - ET TROJAN Unknown Downloader Sending UUID and Processes x64
(trojan.rules)
  2020154 - ET TROJAN Win32/Recslurp.D C2 Request (no alert) (trojan.rules)
  2020155 - ET TROJAN Win32/Recslurp.D C2 Response (trojan.rules)
  2020156 - ET TROJAN Win32/Emotet.C Checkin (trojan.rules)
  2020157 - ET TROJAN Win32/Emotet.C Variant Checkin (trojan.rules)

  Pro:
  2809453 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Abmnger.a Checkin
(mobile_malware.rules)
  2809454 - ETPRO MALWARE Adware.iBryte.B Install POST Request
(malware.rules)
  2809455 - ETPRO TROJAN MSIL/Balamid Checkin via SQL (trojan.rules)
  2809456 - ETPRO TROJAN Backdoor.Win32.Androm.fvcp Checkin (trojan.rules)
  2809457 - ETPRO TROJAN Win32/TrojanDownloader.Autoit Checkin Reply
(trojan.rules)


 [///]     Modified active rules:     [///]

  2020102 - ET WEB_SERVER PHP System Command in HTTP POST (web_server.rules)
  2803049 - ETPRO TROJAN Backdoor.Win32.Xlahlah.A Checkin 1 (trojan.rules)
  2806248 - ETPRO TROJAN Trojan-Dropper.Win32.Dapato.cabb Checkin
(trojan.rules)
  2809352 - ETPRO TROJAN Win32/ChkBot.A IRC Checkin (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20150107/b2f9e06d/attachment.html>


More information about the Emerging-updates mailing list