[Emerging-updates] Daily Ruleset Update Summary 2016/02/01

Francis Trudeau ftrudeau at emergingthreats.net
Mon Feb 1 17:27:28 EST 2016


 [***] Summary: [***]

 4 new Open signatures, 30 new Pro (4 + 26).  Mokes, Nuclear, Various
Duke action, Dridex.

 Thanks:  @malware_traffic & @abuse_ch.

 [+++]          Added rules:          [+++]

 Open:

  2022477 - ET TROJAN Mokes CnC Keep-Alive (trojan.rules)
  2022478 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Zeus CnC) (trojan.rules)
  2022479 - ET CURRENT_EVENTS EITest Evil Redirect Leading to EK Feb
01 2016 (current_events.rules)
  2022480 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gootkit CnC) (trojan.rules)

 Pro:

  2816012 - ETPRO TROJAN Unknown Stealer Checkin 1 (trojan.rules)
  2816013 - ETPRO CURRENT_EVENTS Navy Federal Credit Union Phishing
Landing Jan 30 (current_events.rules)
  2816014 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union
Phish Jan 30 (current_events.rules)
  2816015 - ETPRO TROJAN Yuckyll CnC Beacon 1 M1 (trojan.rules)
  2816016 - ETPRO TROJAN Yuckyll CnC Beacon 1 M2 (trojan.rules)
  2816017 - ETPRO TROJAN Yuckyll CnC Beacon 2 (trojan.rules)
  2816018 - ETPRO CURRENT_EVENTS Successful Email Account Phishing Feb
1 (current_events.rules)
  2816019 - ETPRO CURRENT_EVENTS Successful UK Tax Phishing Feb 1 M1
(current_events.rules)
  2816020 - ETPRO CURRENT_EVENTS Successful UK Tax Phishing Feb 1 M2
(current_events.rules)
  2816021 - ETPRO TROJAN Win32/Venik HTTP CnC Beacon (set) (trojan.rules)
  2816022 - ETPRO CURRENT_EVENTS Nuclear EK Landing Jan 29 M1
(current_events.rules)
  2816023 - ETPRO CURRENT_EVENTS RIG EK Landing Jan 29 M1 (current_events.rules)
  2816024 - ETPRO CURRENT_EVENTS RIG EK Landing Jan 29 M2 (current_events.rules)
  2816025 - ETPRO CURRENT_EVENTS RIG EK Landing Jan 29 M3 (current_events.rules)
  2816026 - ETPRO TROJAN PoisonIvy Keepalive to CnC 291 (trojan.rules)
  2816027 - ETPRO TROJAN Mini/Cosmic Duke variant FTP download (trojan.rules)
  2816028 - ETPRO TROJAN MiniDuke CnC Beacon (trojan.rules)
  2816029 - ETPRO TROJAN Win32/OnionDuke CnC Beacon (trojan.rules)
  2816030 - ETPRO TROJAN Banker.Win32.BestaFera Checkin (trojan.rules)
  2816031 - ETPRO TROJAN Fakben .onion Proxy Domain (trojan.rules)
  2816032 - ETPRO POLICY OSX/Potential Vulnerable Application using
Sparkle Updater (policy.rules)
  2816033 - ETPRO TROJAN Python/Rozena.E Connectivity Check (trojan.rules)
  2816034 - ETPRO TROJAN MiniDuke Variant HTTP Request to Google (trojan.rules)
  2816035 - ETPRO TROJAN Dridex Injects SSL Cert (trojan.rules)
  2816036 - ETPRO TROJAN Dridex Fakes SSL Cert (trojan.rules)
  2816037 - ETPRO TROJAN Python/Kaazar SSL Cert (trojan.rules)


 [///]     Modified active rules:     [///]

  2812408 - ETPRO TROJAN Win32/Venik HTTP CnC Beacon Response 1 (trojan.rules)
  2812409 - ETPRO TROJAN Win32/Venik HTTP CnC Beacon Response 2 (trojan.rules)
  2815660 - ETPRO CURRENT_EVENTS Suspicious Wordpress Redirect -
Possible Phishing Landing Jan 7 (current_events.rules)
  2815854 - ETPRO CURRENT_EVENTS Adobe Shared Document Base64 Phishing
Landing Jan 19 (current_events.rules)
  2816005 - ETPRO TROJAN Unknown Stealer Checkin 1 (trojan.rules)


 [---]         Removed rules:         [---]

  2020998 - ET CURRENT_EVENTS Fiesta Payload/Exploit URI Struct M3
(current_events.rules)


More information about the Emerging-updates mailing list