[Emerging-updates] Daily Ruleset Update Summary 2016/02/15

Francis Trudeau ftrudeau at emergingthreats.net
Mon Feb 15 12:49:51 EST 2016


 [***] Summary: [***]

 5 new Open signatures, 15 new Pro (5 + 10). Sundown EK, Bedep, HydraCrypt.

 Thanks:  @abuse_ch.

 [+++]          Added rules:          [+++]

 Open:

  2022519 - ET TROJAN Bedep Connectivity Check M3 (trojan.rules)
  2022520 - ET POLICY Possible HTA Application Download (policy.rules)
  2022521 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex) (trojan.rules)
  2022522 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex) (trojan.rules)
  2403388 - ET CINS Active Threat Intelligence Poor Reputation IP
group 89 (ciarmy.rules)

 Pro:

  2816224 - ETPRO TROJAN Win32/HydraCrypt CnC Beacon 2 (trojan.rules)
  2816225 - ETPRO TROJAN Win32/HydraCrypt Ransom Image GET (trojan.rules)
  2816226 - ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2016 M1
(current_events.rules)
  2816227 - ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2016 M2
(current_events.rules)
  2816228 - ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2016 M3
(current_events.rules)
  2816229 - ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2016 M4
(current_events.rules)
  2816230 - ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2016 M5
(current_events.rules)
  2816231 - ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2016 M6
(current_events.rules)
  2816232 - ETPRO CURRENT_EVENTS SSL Redirector Leading to EK Feb 13
2016 (current_events.rules)
  2816233 - ETPRO TROJAN AlphaBot CnC Post (trojan.rules)

 [---]  Disabled and modified rules:  [---]

  2017648 - ET CURRENT_EVENTS Possible Sweet Orange payload Request
(current_events.rules)
  2017649 - ET CURRENT_EVENTS Sweet Orange encrypted payload
(current_events.rules)
  2017706 - ET CURRENT_EVENTS Possible Sweet Orange IE Payload Request
(current_events.rules)
  2019544 - ET CURRENT_EVENTS Possible Sweet Orange Flash/IE Payload
Request (current_events.rules)
  2019752 - ET CURRENT_EVENTS Possible Sweet Orange CVE-2014-6332
Payload Request (current_events.rules)


More information about the Emerging-updates mailing list