[Emerging-updates] Daily Ruleset Update Summary 2016/08/31

Francis Trudeau ftrudeau at emergingthreats.net
Wed Aug 31 17:55:12 EDT 2016


 [***] Summary: [***]

 1 new Open signature, 29 new Pro (1 + 28).  TorrentLocker, Ursnif, Cerber.

 Thanks:  Kevin Branch, Kevin Ross and @malwaretraffic.

 [+++]          Added rules:          [+++]

Open:

  2023142 - ET TROJAN TorrentLocker DNS Lookup (bigcrashcar.net)
(trojan.rules)

 Pro:

  2821922 - ETPRO TROJAN Ursnif Variant Connectivity Check to gnu.org
(trojan.rules)  2821923 - ETPRO POLICY DNS Query to .onion proxy Domain
(onion.my) (policy.rules)
  2821924 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.tech)
(policy.rules)
  2821925 - ETPRO POLICY DNS Query to .onion proxy Domain (hiddenservice.net)
(policy.rules)
  2821926 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.cl)
(policy.rules)
  2821927 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.it)
(policy.rules)
  2821928 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.ink)
(policy.rules)
  2821929 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.live)
(policy.rules)
  2821930 - ETPRO POLICY DNS Query to .onion proxy Domain (torlink.co)
(policy.rules)
  2821931 - ETPRO POLICY DNS Query to .onion proxy Domain (tor2.club)
(policy.rules)
  2821932 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.co)
(policy.rules)
  2821933 - ETPRO TROJAN ReverseShell Download .onion Proxy Domain
(trojan.rules)
  2821934 - ETPRO TROJAN Meterpreter .onion Proxy Domain (trojan.rules)
  2821935 - ETPRO CURRENT_EVENTS Successful Paypal Phish Aug 31 2016
(current_events.rules)
  2821936 - ETPRO CURRENT_EVENTS Successful Facebook Phish Aug 31 2016
(current_events.rules)
  2821937 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 Aug 31
2016 (current_events.rules)
  2821938 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M2 Aug 31
2016 (current_events.rules)
  2821939 - ETPRO CURRENT_EVENTS Successful Westpac Bank Phish Aug 31 2016
(current_events.rules)
  2821940 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish Aug 31 2016
(current_events.rules)
  2821941 - ETPRO CURRENT_EVENTS Successful FR Paypal Phish Aug 31 2016
(current_events.rules)
  2821942 - ETPRO CURRENT_EVENTS Successful Outlook Phish Aug 31 2016
(current_events.rules)
  2821943 - ETPRO CURRENT_EVENTS DHL Phishing Landing Aug 31 2016
(current_events.rules)
  2821944 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Aug 31 2016
(current_events.rules)
  2821948 - ETPRO TROJAN Trojan.MSIL.Ranos.A Bot USER Command (trojan.rules)
  2821949 - ETPRO MALWARE Win32/CN.PUPDropper Checkin (malware.rules)
  2821950 - ETPRO TROJAN PoisonIvy Keepalive to CnC 500 (trojan.rules)
  2821951 - ETPRO TROJAN Ransomware/Cerber Onion Domain Lookup
(trojan.rules)
  2821952 - ETPRO CURRENT_EVENTS Evil Redirector to EK - Observed Malicious
SSL Cert (current_events.rules)


 [///]     Modified active rules:     [///]

  2021977 - ET TROJAN NetWire / Ozone / Darktrack Alien RAT - Server Hello
(trojan.rules)
  2021978 - ET TROJAN NetWire / Ozone / Darktrack Alien RAT - Client
KeepAlive (trojan.rules)
  2809943 - ETPRO MALWARE Win32/Adware.iBryte.BX CnC Beacon (malware.rules)
  2815979 - ETPRO CURRENT_EVENTS Phishing Landing via Webeden.co.uk Jan 26
M1 (current_events.rules)
  2816063 - ETPRO TROJAN W32/Galaxy Keylogger IP Check (trojan.rules)
  2820237 - ETPRO CURRENT_EVENTS Successful Dropbox Phish May 16
(current_events.rules)
  2821562 - ETPRO TROJAN Win32/CryptFile2 Ransomware Fake Image Response
(trojan.rules)
  2821881 - ETPRO INFO Suspicious Dropbox Page - Possible Phishing Landing
(info.rules)
  2821882 - ETPRO INFO Suspicious Yahoo Page - Possible Phishing Landing
(info.rules)
  2821883 - ETPRO INFO Suspicious Google Docs Page - Possible Phishing
Landing (info.rules)


 [---]         Removed rules:         [---]

  2816570 - ETPRO TROJAN AgentTesla PWS HTTP CnC Checkin (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20160831/09b5f137/attachment.html>


More information about the Emerging-updates mailing list