[Emerging-updates] Daily Ruleset Update Summary 2016/02/08

Francis Trudeau ftrudeau at emergingthreats.net
Mon Feb 8 18:13:05 EST 2016


 [***] Summary: [***]

 6 new Open signatures, 27 new Pro (6 + 21).  Chinoxy, Ursnif, SteamStealer.

 Thanks:  Kevin Ross, @jeffhammett & @esentire.

 [+++]          Added rules:          [+++]

 Open:

  2022494 - ET TROJAN Win32/LockScreen CnC HTTP Pattern (trojan.rules)
  2022495 - ET TROJAN Win32/HydraCrypt CnC Beacon 1 (trojan.rules)
  2022496 - ET CURRENT_EVENTS Evil Redirector Leading to EK Feb 07
2016 (current_events.rules)
  2022497 - ET CURRENT_EVENTS Successful Apple Phish Feb 6th M1
(current_events.rules)
  2022498 - ET CURRENT_EVENTS Successful Apple Phish Feb 6th M2
(current_events.rules)
  2022499 - ET CURRENT_EVENTS Successful Apple Phish Feb 6th M3
(current_events.rules)

 Pro:

  2816102 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Feb
8 (current_events.rules)
  2816103 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif
Injects) (trojan.rules)
  2816104 - ETPRO TROJAN Possible Chinoxy Receiving Alternative CnC
(trojan.rules)
  2816105 - ETPRO TROJAN Chinoxy GET CnC Beacon (trojan.rules)
  2816106 - ETPRO TROJAN Chinoxy POST CnC Beacon (trojan.rules)
  2816107 - ETPRO TROJAN Chinoxy TCP CnC Beacon (trojan.rules)
  2816108 - ETPRO TROJAN Chinoxy TCP CnC Beacon Response (trojan.rules)
  2816109 - ETPRO MALWARE W32/Mostar Checkin (malware.rules)
  2816110 - ETPRO TROJAN Sylavriu.A/TorCT RAT CnC Checkin (trojan.rules)
  2816111 - ETPRO CURRENT_EVENTS Common /mpp/ Phishing URI Structure
Feb 8 (current_events.rules)
  2816112 - ETPRO POLICY DNS Query to .onion proxy Domain
(billingdetros.com) (policy.rules)
  2816113 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-02-08 1) (trojan.rules)
  2816114 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-02-08 2) (trojan.rules)
  2816115 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(QW5vbnltb3VzQ29pbmVyX0JvdDI6Yml0Y29pbm1pbmVyMg==) (trojan.rules)
  2816116 - ETPRO TROJAN SteamStealer Item Value Check (trojan.rules)
  2816117 - ETPRO TROJAN Win32/Pottieq.A Ransomware CnC Checkin (trojan.rules)
  2816118 - ETPRO TROJAN Win32/Pottieq.A Ransomware CnC Crypted Files
(trojan.rules)
  2816119 - ETPRO CURRENT_EVENTS Successful DHL Phish Feb 8
(current_events.rules)
  2816120 - ETPRO CURRENT_EVENTS DHL Phish Landing Feb 8 (current_events.rules)
  2816121 - ETPRO TROJAN Possible Ransomware Variant .onion Proxy
Domain (trojan.rules)
  2816122 - ETPRO TROJAN W32/Unknown Checkin (trojan.rules)


 [///]     Modified active rules:     [///]

  2813009 - ETPRO CURRENT_EVENTS DHL Phish Landing Sept 14
(current_events.rules)
  2815778 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
(set) Jan 14 (current_events.rules)
  2815804 - ETPRO CURRENT_EVENTS Possible Nuclear EK Landing URI
Struct Jan 14 M1 (current_events.rules)
  2815805 - ETPRO CURRENT_EVENTS Possible Nuclear EK Landing URI
Struct Jan 14 M2 (current_events.rules)
  2815806 - ETPRO CURRENT_EVENTS Possible Nuclear EK Landing URI
Struct Jan 14 M3 (current_events.rules)
  2815817 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash URI Struct
Jan 14 M1 (current_events.rules)
  2815818 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash URI Struct
Jan 14 M2 (current_events.rules)


 [---]         Removed rules:         [---]

  2021760 - ET CURRENT_EVENTS PHISH Generic Webmail - Landing Page
Sept 11 (current_events.rules)
  2811431 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(CGX2U2oeocN3DTJhyPG2cPg7xpRRTzNZkz) (trojan.rules)
  2815910 - ETPRO TROJAN Win32/LockScreen CnC HTTP Pattern (trojan.rules)
  2816076 - ETPRO TROJAN Win32/HydraCrypt CnC Beacon 1 (trojan.rules)


More information about the Emerging-updates mailing list