[Emerging-updates] Daily Ruleset Update Summary 2016/08/25

Francis Trudeau ftrudeau at emergingthreats.net
Thu Aug 25 16:51:40 EDT 2016


 [***] Summary: [***]

 45 new Open signatures, 59 new Pro (45 + 14).  Pegasus, PNScan,
SteamStealerX, CVE-2016-6366.

 Thanks:  @MalwareMustDie.

 [+++]          Added rules:          [+++]

 Pro:

  2023086 - ET EXPLOIT CISCO FIREWALL SNMP Buffer Overflow Extrabacon
(CVE-2016-6366) (exploit.rules)
  2023087 - ET TROJAN PNScan.2 Inbound Status Check - set (trojan.rules)
  2023088 - ET TROJAN PNScan.2 Inbound Status Check Response (trojan.rules)
  2023089 - ET TROJAN PNScan.2 CnC Beacon (trojan.rules)
  2023090 - ET TROJAN PNScan.2 CnC Beacon 2 (trojan.rules)
  2023091 - ET TROJAN Backdoor.Win32.DarkComet Keepalive Outbound
(trojan.rules)
  2023092 - ET CURRENT_EVENTS Possible Google Drive Phishing Domain Aug 25
2016 (current_events.rules)
  2023093 - ET TROJAN Possible Pegasus Related DNS Lookup (aalaan .tv)
(trojan.rules)
  2023094 - ET TROJAN Possible Pegasus Related DNS Lookup (accounts .mx)
(trojan.rules)
  2023095 - ET TROJAN Possible Pegasus Related DNS Lookup
(adjust-local-settings .com) (trojan.rules)
  2023096 - ET TROJAN Possible Pegasus Related DNS Lookup (alawaeltech
.com) (trojan.rules)
  2023097 - ET TROJAN Possible Pegasus Related DNS Lookup (alljazeera .co)
(trojan.rules)
  2023098 - ET TROJAN Possible Pegasus Related DNS Lookup (asrararabiya
.co) (trojan.rules)
  2023099 - ET TROJAN Possible Pegasus Related DNS Lookup (asrararablya
.com) (trojan.rules)
  2023100 - ET TROJAN Possible Pegasus Related DNS Lookup (asrarrarabiya
.com) (trojan.rules)
  2023101 - ET TROJAN Possible Pegasus Related DNS Lookup (bahrainsms .co)
(trojan.rules)
  2023102 - ET TROJAN Possible Pegasus Related DNS Lookup (bbc-africa .com)
(trojan.rules)
  2023103 - ET TROJAN Possible Pegasus Related DNS Lookup (bulbazaur .com)
(trojan.rules)
  2023104 - ET TROJAN Possible Pegasus Related DNS Lookup
(checkinonlinehere .com) (trojan.rules)
  2023105 - ET TROJAN Possible Pegasus Related DNS Lookup (cnn-africa .co)
(trojan.rules)
  2023106 - ET TROJAN Possible Pegasus Related DNS Lookup (damanhealth
.online) (trojan.rules)
  2023107 - ET TROJAN Possible Pegasus Related DNS Lookup
(emiratesfoundation .net) (trojan.rules)
  2023108 - ET TROJAN Possible Pegasus Related DNS Lookup (fb-accounts
.com) (trojan.rules)
  2023109 - ET TROJAN Possible Pegasus Related DNS Lookup (googleplay-store
.com) (trojan.rules)
  2023110 - ET TROJAN Possible Pegasus Related DNS Lookup (icloudcacher
.com) (trojan.rules)
  2023111 - ET TROJAN Possible Pegasus Related DNS Lookup (icrcworld .com)
(trojan.rules)
  2023112 - ET TROJAN Possible Pegasus Related DNS Lookup (manoraonline
.net) (trojan.rules)
  2023113 - ET TROJAN Possible Pegasus Related DNS Lookup (mz-vodacom
.info) (trojan.rules)
  2023114 - ET TROJAN Possible Pegasus Related DNS Lookup (newtarrifs .net)
(trojan.rules)
  2023115 - ET TROJAN Possible Pegasus Related DNS Lookup (ooredoodeals
.com) (trojan.rules)
  2023116 - ET TROJAN Possible Pegasus Related DNS Lookup (pickuchu .com)
(trojan.rules)
  2023117 - ET TROJAN Possible Pegasus Related DNS Lookup (redcrossworld
.com) (trojan.rules)
  2023118 - ET TROJAN Possible Pegasus Related DNS Lookup (sabafon .info)
(trojan.rules)
  2023119 - ET TROJAN Possible Pegasus Related DNS Lookup (smser .net)
(trojan.rules)
  2023120 - ET TROJAN Possible Pegasus Related DNS Lookup (sms .webadv.co)
(trojan.rules)
  2023121 - ET TROJAN Possible Pegasus Related DNS Lookup (topcontactco
.com) (trojan.rules)
  2023122 - ET TROJAN Possible Pegasus Related DNS Lookup (tpcontact .co.uk)
(trojan.rules)
  2023123 - ET TROJAN Possible Pegasus Related DNS Lookup
(track-your-fedex-package .org) (trojan.rules)
  2023124 - ET TROJAN Possible Pegasus Related DNS Lookup
(turkeynewsupdates .com) (trojan.rules)
  2023125 - ET TROJAN Possible Pegasus Related DNS Lookup (turkishairines
.info) (trojan.rules)
  2023126 - ET TROJAN Possible Pegasus Related DNS Lookup (uaenews .online)
(trojan.rules)
  2023127 - ET TROJAN Possible Pegasus Related DNS Lookup (univision
.click) (trojan.rules)
  2023128 - ET TROJAN Possible Pegasus Related DNS Lookup (unonoticias
.net) (trojan.rules)
  2023129 - ET TROJAN Possible Pegasus Related DNS Lookup (whatsapp-app
.com) (trojan.rules)
  2023130 - ET TROJAN Possible Pegasus Related DNS Lookup (y0utube .com.mx)
(trojan.rules)

 Pro:

  2821845 - ETPRO TROJAN W32/SteamStealerX Uploading Creds (trojan.rules)
  2821846 - ETPRO CURRENT_EVENTS Successful Generic Phish - JS Redirect to
PDF Aug 24 2016 (current_events.rules)
  2821847 - ETPRO TROJAN PoisonIvy Keepalive to CnC 486 (trojan.rules)
  2821848 - ETPRO TROJAN PoisonIvy Keepalive to CnC 487 (trojan.rules)
  2821849 - ETPRO TROJAN PoisonIvy Keepalive to CnC 488 (trojan.rules)
  2821850 - ETPRO CURRENT_EVENTS Successful Google Drive Phish M1 Aug 25
2016 (current_events.rules)
  2821851 - ETPRO CURRENT_EVENTS Google Drive Phishing Landing Aug 25 2016
(current_events.rules)
  2821852 - ETPRO CURRENT_EVENTS Successful Google Drive Phish M2 Aug 25
2016 (current_events.rules)
  2821853 - ETPRO MALWARE Adware/Dotdo.J Activity (malware.rules)
  2821854 - ETPRO TROJAN Win32/Shade/Troldesh Ransomware External IP Check
2 (trojan.rules)
  2821855 - ETPRO TROJAN Win32/Shade/Troldesh Ransomware External IP Check
3 (trojan.rules)
  2821856 - ETPRO TROJAN Win32/Fantom Ransomware Checkin (trojan.rules)
  2821857 - ETPRO TROJAN Observed Malicious Domain SSL Cert in SNI (Zeus
Panda) (trojan.rules)
  2821858 - ETPRO TROJAN Win32.KillProc.eewdhh Checkin (trojan.rules)


 [///]     Modified active rules:     [///]

  2013091 - ET TROJAN Backdoor.Win32.DarkComet Keepalive Inbound
(trojan.rules)
  2021641 - ET TROJAN Fareit/Pony Loader User-Agent (Charon/Inferno)
(trojan.rules)
  2810366 - ETPRO TROJAN Win32/Shade/Troldesh Ransomware External IP Check
(trojan.rules)


 [---]         Removed rules:         [---]

  2821619 - ETPRO CURRENT_EVENTS Successful USAA Phish Aug 11 2016
(current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20160825/8aabbefe/attachment.html>


More information about the Emerging-updates mailing list