[Emerging-updates] Daily Ruleset Update Summary 2016/08/15

Francis Trudeau ftrudeau at emergingthreats.net
Mon Aug 15 19:10:54 EDT 2016


 [***] Summary: [***]

 8 new Open signatures, 32 new Pro (8 + 24).  DarkHotel, VARIOUS PHISHING.

 [+++]          Added rules:          [+++]

 Open:

  2023059 - ET TROJAN DarkHotel DNS Lookup (apply-wsu. ebizx. net)
(trojan.rules)
  2023060 - ET TROJAN DarkHotel DNS Lookup (apply. ebizx. net)
(trojan.rules)
  2023061 - ET CURRENT_EVENTS Successful Excel Phish Aug 15 2016
(current_events.rules)
  2023062 - ET CURRENT_EVENTS Email Storage Upgrade Phishing Landing Aug 15
2016 (current_events.rules)
  2023063 - ET CURRENT_EVENTS Successful Credit Agricole Phish Aug 15 2016
M1 (current_events.rules)
  2023064 - ET CURRENT_EVENTS Successful Credit Agricole Phish Aug 15 2016
M2 (current_events.rules)
  2023065 - ET CURRENT_EVENTS Possible Square Enix Phishing Domain Aug 15
2016 (current_events.rules)
  2023066 - ET CURRENT_EVENTS Possible Bank of America Phishing Domain Aug
15 2016 (current_events.rules)

 Pro:

  2821639 - ETPRO TROJAN PoisonIvy Keepalive to CnC 472 (trojan.rules)
  2821640 - ETPRO TROJAN PoisonIvy Keepalive to CnC 473 (trojan.rules)
  2821641 - ETPRO TROJAN Win32.Shakti HTTP Pattern (trojan.rules)
  2821642 - ETPRO TROJAN Win32.Shakti Checkin (trojan.rules)
  2821643 - ETPRO TROJAN Win32.Shakti Sending Process List (trojan.rules)
  2821644 - ETPRO TROJAN Win32.Shakti Uploading Files (trojan.rules)
  2821645 - ETPRO CURRENT_EVENTS Phishing Landing via webnode. fr (set) Aug
15 2016 (current_events.rules)
  2821646 - ETPRO CURRENT_EVENTS Phishing Landing via webnode. fr Aug 15
2016 M1 (current_events.rules)
  2821647 - ETPRO CURRENT_EVENTS Phishing Landing via webnode. fr Aug 15
2016 M2 (current_events.rules)
  2821648 - ETPRO CURRENT_EVENTS Phishing Landing via webnode. fr Aug 15
2016 M3 (current_events.rules)
  2821649 - ETPRO CURRENT_EVENTS Phishing Landing via webnode. fr Aug 15
2016 M4 (current_events.rules)
  2821650 - ETPRO CURRENT_EVENTS Phishing Landing via webnode. fr Aug 15
2016 M5 (current_events.rules)
  2821651 - ETPRO CURRENT_EVENTS Phishing Landing via webnode. fr Aug 15
2016 M6 (current_events.rules)
  2821652 - ETPRO INFO Webform Submitted via webnode. fr - Possible
Successful Phish Aug 15 2016 (info.rules)
  2821653 - ETPRO TROJAN TampStealer/Keylogger Requesting Executable
(trojan.rules)
  2821654 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-08-15 1) (trojan.rules)
  2821683 - ETPRO SCADA DNP3 Cold Restart (scada.rules)
  2821684 - ETPRO SCADA DNP3 Warm Restart (scada.rules)
  2821685 - ETPRO SCADA DNP3 Write Time and Date (scada.rules)
  2821686 - ETPRO SCADA DNP3 Stop Application (scada.rules)
  2821687 - ETPRO SCADA DNP3 Enable Unsolicited Messages (scada.rules)
  2821688 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l Checkin
(mobile_malware.rules)
  2821689 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l DNS
Lookup 5 (mobile_malware.rules)
  2821690 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l DNS
Lookup 6 (mobile_malware.rules)


 [///]     Modified active rules:     [///]

  2820902 - ETPRO TROJAN Cookle CnC Checkin (trojan.rules)
  2820903 - ETPRO TROJAN Cookle CnC POST (trojan.rules)
  2821196 - ETPRO WEB_SERVER Likely Malicious Proxy Header in Inbound HTTP
Request (web_server.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20160815/fc4b45a0/attachment.html>


More information about the Emerging-updates mailing list