[Emerging-updates] Daily Ruleset Update Summary 2016/02/03

Francis Trudeau ftrudeau at emergingthreats.net
Wed Feb 3 17:16:14 EST 2016


 [***] Summary: [***]

 3 new Open signatures, 23 new Pro.  Cyborg RAT, APT.HelKit, HydraCrypt.

 Thanks:  @PietroDelsante & @a_de_pasquale.

 [+++]          Added rules:          [+++]

 Open:

  2022485 - ET WEB_SERVER Possible Compromised Webserver Retriving
Inject (web_server.rules)
  2022486 - ET CURRENT_EVENTS Possible Phishing Landing via GetGoPhish
Phishing Tool (current_events.rules)
  2022487 - ET CURRENT_EVENTS Successful Phishing Attempt via
GetGoPhish Phishing Tool (current_events.rules)

 Pro:

  2816058 - ETPRO TROJAN Cyborg RAT Exfil via FTP 1 (trojan.rules)
  2816059 - ETPRO TROJAN Cyborg RAT Exfil via FTP 2 (trojan.rules)
  2816060 - ETPRO TROJAN Cyborg RAT Exfil via FTP 3 (trojan.rules)
  2816061 - ETPRO TROJAN APT.HelKit (BLACKCOFFEE) CnC Beacon M1 (trojan.rules)
  2816062 - ETPRO TROJAN APT.HelKit (BLACKCOFFEE) CnC Beacon M2 (trojan.rules)
  2816063 - ETPRO TROJAN W32/Daviany IP Check (trojan.rules)
  2816065 - ETPRO TROJAN APT.Preshin CnC Beacon (trojan.rules)
  2816066 - ETPRO TROJAN APT.Preshin HTTP Request to Google (trojan.rules)
  2816067 - ETPRO CURRENT_EVENTS Nuclear EK Flash Version PostBack T2
Feb 03 2016 (current_events.rules)
  2816068 - ETPRO CURRENT_EVENTS Nuclear EK Landing T2 Feb 03 2016
(current_events.rules)
  2816069 - ETPRO MALWARE Win32/Adware.Kuaiba.E Sending System
Information (malware.rules)
  2816070 - ETPRO TROJAN PoisonIvy Keepalive to CnC 292 (trojan.rules)
  2816071 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif
Injects) (trojan.rules)
  2816072 - ETPRO CURRENT_EVENTS Successful DHL Phish Feb 3
(current_events.rules)
  2816073 - ETPRO CURRENT_EVENTS Phishing Fake Document Loading Error
Feb 3 (current_events.rules)
  2816074 - ETPRO CURRENT_EVENTS DHL Phishing Landing Feb 3
(current_events.rules)
  2816075 - ETPRO TROJAN Ransomware Raas/Sarento .onion Proxy Domain
(trojan.rules)
  2816076 - ETPRO TROJAN Win32/HydraCrypt CnC Beacon 1 (trojan.rules)
  2816077 - ETPRO TROJAN Win32/HydraCrypt Ransom Image Inbound (trojan.rules)
  2816078 - ETPRO CURRENT_EVENTS TorrentLocker Localization Redirect
Feb 3 (current_events.rules)


 [///]     Modified active rules:     [///]

  2019469 - ET TROJAN APT.Fexel Checkin (trojan.rules)
  2021245 - ET TROJAN Possible Dridex Download URI Struct with no
referer (trojan.rules)
  2022466 - ET CURRENT_EVENTS Possible Keitaro TDS Redirect
(current_events.rules)
  2022483 - ET TROJAN JS/Nemucod requesting EXE payload 2016-01-28
(trojan.rules)
  2815395 - ETPRO TROJAN Linux/Fysbis or Sofacy/CHOPSTICK CnC Beacon
M2 (trojan.rules)


More information about the Emerging-updates mailing list