[Emerging-updates] Daily Ruleset Update Summary 2016/08/02

Francis Trudeau ftrudeau at emergingthreats.net
Tue Aug 2 19:31:08 EDT 2016


 [***] Summary: [***]

 16 new Open sigs, 53 new Pro (16 + 37).  Cool.



 [+++]          Added rules:          [+++]

 Open:

  2022999 - ET TROJAN ABUSE.CH Ransomware Domain Detected (trojan.rules)
  2023000 - ET TROJAN ABUSE.CH Ransomware Domain Detected (trojan.rules)
  2023001 - ET TROJAN ABUSE.CH Ransomware Domain Detected (trojan.rules)
  2023002 - ET TROJAN ABUSE.CH Ransomware Domain Detected (trojan.rules)
  2023003 - ET TROJAN ABUSE.CH Ransomware Domain Detected (trojan.rules)
  2023004 - ET TROJAN ABUSE.CH Ransomware Domain Detected (trojan.rules)
  2023005 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (ZeuS CnC) (trojan.rules)
  2023006 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gootkit C2) (trojan.rules)
  2023007 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gootkit C2) (trojan.rules)
  2023008 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gootkit CnC) (trojan.rules)
  2023009 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023010 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gootkit CnC) (trojan.rules)
  2023011 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Downloader.Pony CnC) (trojan.rules)
  2023012 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi CnC) (trojan.rules)
  2023013 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Quakbot CnC) (trojan.rules)
  2023014 - ET WEB_CLIENT Metasploit Browser Autopwn Aug1 2016
(web_client.rules)

 Pro:

  2821412 - ETPRO TROJAN PoisonIvy Keepalive to CnC 454 (trojan.rules)
  2821413 - ETPRO TROJAN PoisonIvy Keepalive to CnC 455 (trojan.rules)
  2821414 - ETPRO TROJAN PoisonIvy Keepalive to CnC 456 (trojan.rules)
  2821415 - ETPRO TROJAN PoisonIvy Keepalive to CnC 457 (trojan.rules)
  2821416 - ETPRO TROJAN PoisonIvy Keepalive to CnC 458 (trojan.rules)
  2821417 - ETPRO TROJAN PoisonIvy Keepalive to CnC 459 (trojan.rules)
  2821418 - ETPRO TROJAN PoisonIvy Keepalive to CnC 460 (trojan.rules)
  2821419 - ETPRO TROJAN PoisonIvy Keepalive to CnC 461 (trojan.rules)
  2821420 - ETPRO TROJAN PoisonIvy Keepalive to CnC 462 (trojan.rules)
  2821421 - ETPRO TROJAN PoisonIvy Keepalive to CnC 463 (trojan.rules)
  2821422 - ETPRO TROJAN Win32.Phorpiex.A EXE Download (trojan.rules)
  2821423 - ETPRO MOBILE_MALWARE Android.Trojan.AndroRAT.P Checkin
(mobile_malware.rules)
  2821424 - ETPRO TROJAN Win32/Daserf CnC Beacon 1 (trojan.rules)
  2821425 - ETPRO TROJAN Win32/Daserf CnC Beacon 2 (trojan.rules)
  2821426 - ETPRO TROJAN Win32/Daserf CnC Beacon 3 (trojan.rules)
  2821427 - ETPRO POLICY DNS Query to .onion proxy Domain (0npzm6.top)
(policy.rules)
  2821428 - ETPRO POLICY DNS Query to .onion proxy Domain (0vgu64.top)
(policy.rules)
  2821429 - ETPRO POLICY DNS Query to .onion proxy Domain (143h2a.top)
(policy.rules)
  2821430 - ETPRO POLICY DNS Query to .onion proxy Domain (1bipa9.top)
(policy.rules)
  2821431 - ETPRO POLICY DNS Query to .onion proxy Domain (1de02r.top)
(policy.rules)
  2821432 - ETPRO POLICY DNS Query to .onion proxy Domain (1o49wi.top)
(policy.rules)
  2821433 - ETPRO POLICY DNS Query to .onion proxy Domain (2agglf.top)
(policy.rules)
  2821434 - ETPRO POLICY DNS Query to .onion proxy Domain (308an1.top)
(policy.rules)
  2821435 - ETPRO POLICY DNS Query to .onion proxy Domain (36xxk1.top)
(policy.rules)
  2821436 - ETPRO POLICY DNS Query to .onion proxy Domain (3di24a.top)
(policy.rules)
  2821437 - ETPRO POLICY DNS Query to .onion proxy Domain (3odvfb.top)
(policy.rules)
  2821438 - ETPRO POLICY DNS Query to .onion proxy Domain (43wjor.top)
(policy.rules)
  2821439 - ETPRO POLICY DNS Query to .onion proxy Domain (4ynpjd.top)
(policy.rules)
  2821440 - ETPRO POLICY DNS Query to .onion proxy Domain (62er3d.top)
(policy.rules)
  2821441 - ETPRO POLICY DNS Query to .onion proxy Domain (67j6ht.top)
(policy.rules)
  2821442 - ETPRO POLICY DNS Query to .onion proxy Domain (6ntrb6.top)
(policy.rules)
  2821443 - ETPRO POLICY DNS Query to .onion proxy Domain (7u8b59.top)
(policy.rules)
  2821444 - ETPRO POLICY DNS Query to .onion proxy Domain (a4coac.top)
(policy.rules)
  2821445 - ETPRO POLICY DNS Query to .onion proxy Domain (ageshere.club)
(policy.rules)
  2821446 - ETPRO POLICY DNS Query to .onion proxy Domain (anypicked.red)
(policy.rules)
  2821447 - ETPRO TROJAN PoisonIvy Keepalive to CnC 464 (trojan.rules)
  2821449 - ETPRO TROJAN Possible Vawtrack DGA SSL Certificate
(trojan.rules)


 [///]     Modified active rules:     [///]

  2803418 - ETPRO TROJAN Suspicious user agent(MERONG) (trojan.rules)
  2819987 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Hqwar.q Checkin
(mobile_malware.rules)
  2820986 - ETPRO TROJAN Backdoor.Muirim CnC Beacon (trojan.rules)


 [---]         Removed rules:         [---]

  2821320 - ETPRO CURRENT_EVENTS ZeusSSL/Terdot.A/Zloader Malicious SSL
Cert Observed (current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20160802/840097c8/attachment.html>


More information about the Emerging-updates mailing list