[Emerging-updates] Daily Ruleset Update Summary 2015/01/23

Francis Trudeau ftrudeau at emergingthreats.net
Fri Jan 23 16:10:24 EST 2015


 [***] Summary: [***]

 14 new Open signatures, 16 new Pro (14 + 2).  Dridex, Scieron,
Upatre, Win32/Zemot.

 Thanks:  Kevin Ross, Jack Mott, Nathan Fowler, @kafeine, @EKWatcher,
@jaimeblascob and @abuse_ch

 [+++]          Added rules:          [+++]

 Open:

  2020293 - ET TROJAN W32/Adrom.Backdoor CnC Beacon (trojan.rules)
  2020294 - ET TROJAN W32/Upatre.Downloader Encoded Binary Download
Request (trojan.rules)
  2020295 - ET TROJAN Common Upatre Header Structure 3 (trojan.rules)
  2020296 - ET TROJAN Scieron Retrieving Information (trojan.rules)
  2020297 - ET TROJAN Scieron Retrieving Information Response (trojan.rules)
  2020298 - ET TROJAN Win32/Scieron-A UA (HTClient) (trojan.rules)
  2020299 - ET TROJAN Win32/Scieron-A Checkin via HTTP POST (trojan.rules)
  2020301 - ET TROJAN Dridex POST CnC Beacon 2 (trojan.rules)
  2020302 - ET TROJAN Dridex Post Checkin Activity 2 (trojan.rules)
  2020303 - ET TROJAN W32/AGENT.NXNX Checkin 2 (trojan.rules)
  2020304 - ET CURRENT_EVENTS Upatre Redirector Jan 23 2015
(current_events.rules)
  2020305 - ET DOS MC-SQLR Response Outbound Possible DDoS
Participation (dos.rules)
  2020306 - ET DOS MC-SQLR Response Inbound Possible DDoS Target (dos.rules)
  2020307 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)

 Pro:

  2809573 - ETPRO TROJAN Win32/Zemot Requesting PE (trojan.rules)
  2809574 - ETPRO TROJAN Mal/Banker-EV CnC Beacon (trojan.rules)


 [///]     Modified active rules:     [///]

  2019964 - ET TROJAN W32/AGENT.NXNX checkin (trojan.rules)
  2020160 - ET CURRENT_EVENTS Upatre IE Redirector Receiving Payload
Jan 9 2015 (current_events.rules)
  2020205 - ET TROJAN Possible Mailer Dropped by Dyre SSL Cert (trojan.rules)
  2020212 - ET CURRENT_EVENTS Upatre Redirector IE Requesting Payload
Jan 19 2015 (current_events.rules)
  2809564 - ETPRO TROJAN Win32/Zemot Checkin 2 (trojan.rules)


More information about the Emerging-updates mailing list