[Emerging-updates] Daily Ruleset Update Summary 2016/02/02

Francis Trudeau ftrudeau at emergingthreats.net
Tue Feb 2 17:34:04 EST 2016


 [***] Summary: [***]

 3 new Open signatures, 23 new Pro (3 + 20).  Dridex, Gootkit,
Vawtrak, VARIOUS PHISHING.

 Thanks:  Michał Purzyński, @sucurisecurity & @PietroDelsante.


 [+++]          Added rules:          [+++]

 Open:

  2022481 - ET CURRENT_EVENTS Evil Redirect Compromised WP Feb 01 2016
(current_events.rules)
  2022482 - ET TROJAN JS/Nemucod requesting EXE payload 2016-02-01
(trojan.rules)
  2022483 - ET TROJAN JS/Nemucod requesting EXE payload 2016-01-28
(trojan.rules)

 Pro:

  2816038 - ETPRO MALWARE Win32/WuJi.K Checkin (malware.rules)
  2816039 - ETPRO CURRENT_EVENTS Phishing Landing via Weebly.com (set)
Feb 2 (current_events.rules)
  2816040 - ETPRO CURRENT_EVENTS Phishing Landing via Weebly.com Feb 2
M1 (current_events.rules)
  2816041 - ETPRO CURRENT_EVENTS Phishing Landing via Weebly.com Feb 2
M2 (current_events.rules)
  2816042 - ETPRO CURRENT_EVENTS Phishing Landing via Weebly.com Feb 2
M3 (current_events.rules)
  2816043 - ETPRO CURRENT_EVENTS Phishing Landing via Weebly.com Feb 2
M4 (current_events.rules)
  2816044 - ETPRO CURRENT_EVENTS Lloyds Bank Phishing Landing Feb 1
(current_events.rules)
  2816045 - ETPRO CURRENT_EVENTS Successful Lloyds Bank Phish Feb 1
(current_events.rules)
  2816046 - ETPRO TROJAN Dridex Fakes/Redirects SSL Cert (trojan.rules)
  2816047 - ETPRO TROJAN Possible PeaceDuke/Cozer SSL Cert (trojan.rules)
  2816048 - ETPRO TROJAN Gootkit CnC SSL Cert (trojan.rules)
  2816049 - ETPRO TROJAN Bladabindi/njRAT Variant CnC Server Response
(trojan.rules)
  2816050 - ETPRO TROJAN Bladabindi/njRAT Variant CnC Checkin (trojan.rules)
  2816051 - ETPRO TROJAN Win32.Banload Variant Downloading EXE (trojan.rules)
  2816052 - ETPRO TROJAN Possible Vawtrak Injects SSL Cert (trojan.rules)
  2816053 - ETPRO TROJAN Possible Vawtrak Injects SSL Cert (trojan.rules)
  2816054 - ETPRO TROJAN Win32/Uloz Botnet CnC Checkin (trojan.rules)
  2816055 - ETPRO TROJAN APT.Everty CnC Beacon 1 (trojan.rules)
  2816056 - ETPRO TROJAN APT.Everty CnC Beacon 2 (trojan.rules)
  2816057 - ETPRO TROJAN Win32/iSpySoft PWS Asset Download (trojan.rules)


 [///]     Modified active rules:     [///]

  2017511 - ET TROJAN APT.Agtid callback (trojan.rules)
  2021526 - ET TROJAN Linux/ChinaZ 2.0 DDoS Bot Checkin 3 (trojan.rules)
  2402000 - ET DROP Dshield Block Listed Source group 1 (dshield.rules)
  2808649 - ETPRO TROJAN Backdoor.Win32.Stantinko.A Checkin 3 (trojan.rules)
  2815769 - ETPRO TROJAN W32.Blackmoon Uploading Stolen Certificates
(trojan.rules)
  2815901 - ETPRO CURRENT_EVENTS Phishing Landing via MoonFruit.com
Jan 22 M1 (current_events.rules)
  2815905 - ETPRO CURRENT_EVENTS Phishing Landing via Webeden.co.uk
Jan 22 M1 (current_events.rules)


 [///]    Modified inactive rules:    [///]

  2012848 - ET MOBILE_MALWARE Possible Mobile Malware POST of IMEI
International Mobile Equipment Identity in URI (mobile_malware.rules)
  2803305 - ETPRO TROJAN Common Downloader Header Pattern H (trojan.rules)


More information about the Emerging-updates mailing list