[Emerging-updates] Daily Ruleset Update Summary 2016/08/23

Francis Trudeau ftrudeau at emergingthreats.net
Tue Aug 23 19:07:28 EDT 2016


 [***] Summary: [***]

 1 new Open signature, 24 new Pro (1 + 23).  Locky, TorrentLocker, Vawtrak,
NanoCore RAT.

 Thanks:  @MichalPurzynski and Kevin Branch.

 [+++]          Added rules:          [+++]

 Open:

  2023084 - ET TROJAN Ransomware Locky .onion Payment Domain
(5n7y4yihirccftc5) (trojan.rules)

 Pro:

  2821797 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(bXVyYXRzYXlpbi4xOjE=) (trojan.rules)
  2821798 - ETPRO CURRENT_EVENTS Possible Phishing Data Submitted to
yolasite.com M2 (current_events.rules)
  2821799 - ETPRO CURRENT_EVENTS Successful Blocked Email Account Phish M1
Aug 23 2016 (current_events.rules)
  2821800 - ETPRO CURRENT_EVENTS Blocked Email Account Phishing Landing Aug
23 2016 (current_events.rules)
  2821801 - ETPRO CURRENT_EVENTS Successful Blocked Email Account Phish M2
Aug 23 2016 (current_events.rules)
  2821802 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2821803 - ETPRO TROJAN Possible Vawtrak Injects SSL Cert (trojan.rules)
  2821804 - ETPRO MALWARE MSIL/Adware.Dotdo.Q Initial Checkin
(malware.rules)
  2821805 - ETPRO TROJAN Win32/AbStealer Checkin (trojan.rules)
  2821806 - ETPRO TROJAN PoisonIvy Keepalive to CnC 479 (trojan.rules)
  2821807 - ETPRO TROJAN PoisonIvy Keepalive to CnC 480 (trojan.rules)
  2821808 - ETPRO TROJAN Malicious SSL certificate detected (Dreambot/Gozi
CnC) (trojan.rules)
  2821809 - ETPRO TROJAN Terdot.A/Zloader Malicious SSL Cert Observed
(trojan.rules)
  2821810 - ETPRO TROJAN Win32/Banload Variant Checkin (trojan.rules)
  2821811 - ETPRO TROJAN Win32/Banload Variant Connectivity Check
(trojan.rules)
  2821812 - ETPRO TROJAN NanoCore RAT CnC 13 (trojan.rules)
  2821813 - ETPRO TROJAN NanoCore RAT CnC 14 (trojan.rules)
  2821814 - ETPRO TROJAN W32/Banload.XMY Variant Checkin (trojan.rules)
  2821816 - ETPRO CURRENT_EVENTS Successful Targeted Office365 Phish Aud 23
2016 (current_events.rules)
  2821817 - ETPRO TROJAN Ransomware CTB-Locker .onion Proxy Domain
(trojan.rules)
  2821818 - ETPRO TROJAN Ransomware CTB-Locker or similar Checkin
(trojan.rules)
  2821819 - ETPRO TROJAN Ransomware CTB-Locker or similar CnC beacon
(trojan.rules)
  2821820 - ETPRO TROJAN MSIL/njRAT/Bladabindi Variant (Revenge RAT)
Inbound Keepalive (trojan.rules)


 [///]     Modified active rules:     [///]

  2022520 - ET POLICY Possible HTA Application Download (policy.rules)
  2023017 - ET TELNET SUSPICIOUS busybox shell (telnet.rules)
  2023018 - ET TELNET SUSPICIOUS busybox enable (telnet.rules)
  2808469 - ETPRO TROJAN VanToM RAT Checkin 2 (trojan.rules)
  2821014 - ETPRO WEB_CLIENT suspicious .CAB containing single executable
file (observed in maldoc campaign) (web_client.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20160823/51f622b5/attachment.html>


More information about the Emerging-updates mailing list