[Emerging-updates] Daily Ruleset Update Summary 2016/08/16

Francis Trudeau ftrudeau at emergingthreats.net
Tue Aug 16 18:17:51 EDT 2016


 [***] Summary: [***]

 3 new Open signatures, 18 new Pro (3 + 15).  Smokebot, Ramnit,
LuminosityLink.

 [+++]          Added rules:          [+++]

 Open:

  2023067 - ET INFO Symantec Download Flowbit Set (info.rules)
  2023068 - ET CURRENT_EVENTS Suspicious HTTP Refresh to SMS Aug 16 2016
(current_events.rules)
  2023069 - ET CURRENT_EVENTS SMS Fake Mobile Virus Scam Aug 16 2016
(current_events.rules)

 Pro:

  2821691 - ETPRO TROJAN Unknown Smokebot 2nd Stage Payload M1
(trojan.rules)
  2821692 - ETPRO TROJAN Unknown Smokebot 2nd Stage Payload M2
(trojan.rules)
  2821693 - ETPRO TROJAN W32/Ramnit Initial CnC Connection (trojan.rules)
  2821694 - ETPRO TROJAN Bladabindi/njRAT Variant CnC Checkin (trojan.rules)
  2821695 - ETPRO TROJAN MSIL/Bancos Variant CnC Activity (trojan.rules)
  2821696 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l Checkin
2 (mobile_malware.rules)
  2821697 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l SMS
Exfil (mobile_malware.rules)
  2821698 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l DNS
Lookup 7 (mobile_malware.rules)
  2821699 - ETPRO TROJAN PoisonIvy Keepalive to CnC 474 (trojan.rules)
  2821700 - ETPRO TROJAN LuminosityLink - Data Channel Server Response 3
(trojan.rules)
  2821701 - ETPRO TROJAN Unknown Likely APT CnC Beacon (trojan.rules)
  2821702 - ETPRO CURRENT_EVENTS Successful Phish OWA Credentials Aug 16
2016 (current_events.rules)
  2821703 - ETPRO CURRENT_EVENTS Adobe Phishing Landing M1 Aug 16 2016
(current_events.rules)
  2821704 - ETPRO CURRENT_EVENTS Successful Adobe Online Phish Aug 16 2016
(current_events.rules)
  2821705 - ETPRO CURRENT_EVENTS Adobe Phishing Landing M2 Aug 16 2016
(current_events.rules)


 [///]     Modified active rules:     [///]

  2008438 - ET MALWARE Possible Windows executable sent when remote host
claims to send a Text File (malware.rules)
  2022916 - ET CURRENT_EVENTS RIG EK Payload Jun 26 2016
(current_events.rules)
  2820198 - ETPRO TROJAN APT.SVCMONDR CnC Checkin (trojan.rules)
  2821169 - ETPRO TROJAN Patchwork APT File Exfil HTTP POST (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20160816/b86cfebe/attachment.html>


More information about the Emerging-updates mailing list