[Emerging-updates] Daily Ruleset Update Summary 2016/08/29

Francis Trudeau ftrudeau at emergingthreats.net
Mon Aug 29 17:39:44 EDT 2016


 [***] Summary: [***]

 2 new Open signatures, 14 new Pro (2 + 12).  Challack, NanoCore RAT, Zeus
Panda Banker.

 Thanks:  @rmkml and tdzmont.

 [+++]          Added rules:          [+++]

 Open:

  2023140 - ET EXPLOIT Possible Challack Tool in use (exploit.rules)
  2023141 - ET EXPLOIT RST Flood With Window (exploit.rules)

 Pro:

  2821874 - ETPRO TROJAN NanoCore RAT CnC 15 (trojan.rules)
  2821875 - ETPRO TROJAN Win32/UnknownRAT Checkin (trojan.rules)
  2821876 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.o Checkin
(mobile_malware.rules)
  2821877 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.o Checkin
2 (mobile_malware.rules)
  2821878 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate
Detected (trojan.rules)
  2821879 - ETPRO TROJAN MSIL/OmegaNET HTTP Bot CnC Checkin (trojan.rules)
  2821880 - ETPRO TROJAN MSIL/Unknown HTTP Bot/BTCminer CnC Checkin
(trojan.rules)
  2821881 - ETPRO INFO Suspicious Dropbox Page - Possible Phishing Landing
(info.rules)
  2821882 - ETPRO INFO Suspicious Yahoo Page - Possible Phishing Landing
(info.rules)
  2821883 - ETPRO INFO Suspicious Google Docs Page - Possible Phishing
Landing (info.rules)
  2821884 - ETPRO TROJAN Tardar Exfiltration CnC Beacon M1 (trojan.rules)
  2821885 - ETPRO TROJAN Tardar Exfiltration CnC Beacon M2 (trojan.rules)


 [///]     Modified active rules:     [///]

  2023133 - ET TROJAN Possible Pegasus/Trident Related HTTP Beacon 3
(trojan.rules)
  2807968 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.a Checkin
(mobile_malware.rules)


 [---]         Removed rules:         [---]

  2013222 - ET SHELLCODE Excessive Use of HeapLib Objects Likely Malicious
Heap Spray Attempt (shellcode.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20160829/02b3ff2c/attachment.html>


More information about the Emerging-updates mailing list