[Emerging-updates] Daily Ruleset Update Summary 2016/08/08

Francis Trudeau ftrudeau at emergingthreats.net
Mon Aug 8 18:10:49 EDT 2016


 [***] Summary: [***]

 12 new Open signatures, 47 new Pro (12 + 35).  ProjectSauron Remsec, Pony,
Zeus.

 [+++]          Added rules:          [+++]

 Open:

  2023016 - ET TELNET SUSPICIOUS Path to BusyBox (telnet.rules)
  2023017 - ET TELNET SUSPICIOUS busybox shell (telnet.rules)
  2023018 - ET TELNET SUSPICIOUS busybox enable (telnet.rules)
  2023019 - ET TELNET busybox MIRAI hackers - Possible Brute Force Attack
(telnet.rules)
  2023020 - ET TROJAN ProjectSauron Remsec DNS Lookup (rapidcomments . com)
(trojan.rules)
  2023021 - ET TROJAN ProjectSauron Remsec DNS Lookup (bikessport . com)
(trojan.rules)
  2023022 - ET TROJAN ProjectSauron Remsec DNS Lookup (myhomemusic . com)
(trojan.rules)
  2023023 - ET TROJAN ProjectSauron Remsec DNS Lookup (flowershop22.110mb .
com) (trojan.rules)
  2023024 - ET TROJAN ProjectSauron Remsec DNS Lookup
(wildhorses.awardspace . info) (trojan.rules)
  2023025 - ET TROJAN ProjectSauron Remsec DNS Lookup (asrgd-uz .weedns .
com) (trojan.rules)
  2023026 - ET TROJAN ProjectSauron Remsec DNS Lookup (sx4-ws42 .yi . org)
(trojan.rules)
  2023027 - ET TROJAN ProjectSauron Remsec DNS Lookup (we .q.tcow . eu)
(trojan.rules)

 Pro:

  2821525 - ETPRO TROJAN Malicious SSL certificate detected (Zeus Injects)
(trojan.rules)
  2821526 - ETPRO TROJAN PoisonIvy Keepalive to CnC 469 (trojan.rules)
  2821527 - ETPRO TROJAN Pony CnC Domain in SSL Client Hello SNI
(trojan.rules)
  2821528 - ETPRO TROJAN Pony CnC Domain in SSL Client Hello SNI
(trojan.rules)
  2821529 - ETPRO TROJAN Pony CnC Domain in SSL Client Hello SNI
(trojan.rules)
  2821530 - ETPRO TROJAN Pony CnC Domain in SSL Client Hello SNI
(trojan.rules)
  2821531 - ETPRO TROJAN Pony CnC Domain in SSL Client Hello SNI
(trojan.rules)
  2821532 - ETPRO POLICY DNS Query to .onion proxy Domain (redefined .
click) (policy.rules)
  2821533 - ETPRO POLICY DNS Query to .onion proxy Domain (relyleafs .
click) (policy.rules)
  2821534 - ETPRO POLICY DNS Query to .onion proxy Domain (ridsimply . top)
(policy.rules)
  2821535 - ETPRO POLICY DNS Query to .onion proxy Domain (rl0bdw . top)
(policy.rules)
  2821536 - ETPRO POLICY DNS Query to .onion proxy Domain (rnkj09 . top)
(policy.rules)
  2821537 - ETPRO POLICY DNS Query to .onion proxy Domain (sayssales . bid)
(policy.rules)
  2821538 - ETPRO POLICY DNS Query to .onion proxy Domain (seenmust . pro)
(policy.rules)
  2821539 - ETPRO POLICY DNS Query to .onion proxy Domain (sk8r54 . top)
(policy.rules)
  2821540 - ETPRO POLICY DNS Query to .onion proxy Domain (ssd5gt . top)
(policy.rules)
  2821541 - ETPRO POLICY DNS Query to .onion proxy Domain (stopsage . gdn)
(policy.rules)
  2821542 - ETPRO POLICY DNS Query to .onion proxy Domain (thanreal . link)
(policy.rules)
  2821543 - ETPRO POLICY DNS Query to .onion proxy Domain (themevery . win)
(policy.rules
  2821544 - ETPRO POLICY DNS Query to .onion proxy Domain (topicside .
club) (policy.rules)
  2821545 - ETPRO POLICY DNS Query to .onion proxy Domain (v11z5e . top)
(policy.rules)
  2821546 - ETPRO POLICY DNS Query to .onion proxy Domain (variedtax . kim)
(policy.rules)
  2821547 - ETPRO POLICY DNS Query to .onion proxy Domain (vkm4l6 . top)
(policy.rules)
  2821548 - ETPRO POLICY DNS Query to .onion proxy Domain (wht5py . top)
(policy.rules)
  2821549 - ETPRO POLICY DNS Query to .onion proxy Domain (wishsends .
mobi) (policy.rules)
  2821550 - ETPRO POLICY DNS Query to .onion proxy Domain (wonrough . in)
(policy.rules)
  2821551 - ETPRO POLICY DNS Query to .onion proxy Domain (worsemine . pro)
(policy.rules)
  2821552 - ETPRO POLICY DNS Query to .onion proxy Domain (wz139z . top)
(policy.rules)
  2821553 - ETPRO POLICY DNS Query to .onion proxy Domain (xab7m0 . top)
(policy.rules)
  2821554 - ETPRO POLICY DNS Query to .onion proxy Domain (y721yz . top)
(policy.rules)
  2821555 - ETPRO POLICY DNS Query to .onion proxy Domain (yw4629 . top)
(policy.rules)
  2821556 - ETPRO POLICY DNS Query to .onion proxy Domain (z7ud98 . top)
(policy.rules)
  2821557 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-08-08 1) (trojan.rules)
  2821558 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Fetcha.a CnC Beacon
(mobile_malware.rules)
  2821559 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Felit.a Checkin
(mobile_malware.rules)


 [---]         Removed rules:         [---]

  2017812 - ET CURRENT_EVENTS Safe/CritX/FlashPack URI with Windows
Plugin-Detect Data (current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20160808/11289513/attachment.html>


More information about the Emerging-updates mailing list