[Emerging-updates] Daily Ruleset Update Summary 2016/02/12

Francis Trudeau ftrudeau at emergingthreats.net
Fri Feb 12 18:23:37 EST 2016


 [***] Summary: [***]

 9 new Open signatures, 15 new Pro (9 + 6).  CVE-2016-1287, Loxes, PlugX.

 Thanks:  @abuse_ch & @rmkml.

 [+++]          Added rules:          [+++]

 Open:

  2022510 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Qadars CnC) (trojan.rules)
  2022511 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Qadars CnC) (trojan.rules)
  2022512 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Qadars CnC) (trojan.rules)
  2022513 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Qadars CnC) (trojan.rules)
  2022514 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gootkit CnC) (trojan.rules)
  2022515 - ET EXPLOIT Possible CVE-2016-1287 Invalid Fragment Size
Inbound 2 (exploit.rules)
  2022516 - ET EXPLOIT Possible CVE-2016-1287 Invalid Fragment Size
Inbound 3 (exploit.rules)
  2022517 - ET MOBILE_MALWARE Android/Fakeinst.KD .onion Proxy Domain
(mobile_malware.rules)
  2022518 - ET EXPLOIT D-Link DCS-930L Remote Command Execution
attempt (exploit.rules)

 Pro:

  2816217 - ETPRO TROJAN Loxes CnC Beacon (trojan.rules)
  2816218 - ETPRO TROJAN Loxes CnC Beacon (trojan.rules)
  2816219 - ETPRO TROJAN Loxes CnC Beacon Response (trojan.rules)
  2816220 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-02-12 1) (trojan.rules)
  2816221 - ETPRO TROJAN W32/JobCrypter Reporting Infection via SMTP
(trojan.rules)
  2816222 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)


 [///]     Modified active rules:     [///]

  2018554 - ET TROJAN Putter Panda HTTPClient CnC HTTP Request (trojan.rules)
  2021255 - ET CURRENT_EVENTS Fake AV Phone Scam Landing June 11 2015
M1 (current_events.rules)
  2022365 - ET CURRENT_EVENTS Fake Virus Phone Scam Landing Jan 13 M2
(current_events.rules)
  2816152 - ETPRO TROJAN Backdoor.Mizzmo CnC Beacon 2 (trojan.rules)


 [---]         Disabled rules:        [---]

  2103134 - GPL WEB_CLIENT PNG large colour depth download attempt
(web_client.rules)


 [---]         Removed rules:         [---]

  2816160 - ETPRO TROJAN Qadars CnC SSL Cert (trojan.rules)


More information about the Emerging-updates mailing list