[Emerging-updates] Daily Ruleset Update Summary 2016/02/17

Francis Trudeau ftrudeau at emergingthreats.net
Wed Feb 17 17:43:57 EST 2016


 [***] Summary: [***]

 8 new Open signatures, 31 new Pro (8 + 23).  CVE-2015-7547, Locky,
VARIOUS PHISHING.

 Thanks:  Duane Howard, Kevin Ross, Anthony Rodgers & @abuse_ch.

 [+++]          Added rules:          [+++]

 Open:

  2022530 - ET CURRENT_EVENTS Fake Virus Phone Scam Landing Feb 17
(current_events.rules)
  2022531 - ET EXPLOIT Possible 2015-7547 Malformed Server response
(exploit.rules)
  2022533 - ET POLICY HotSpotShield Activity (policy.rules)
  2022534 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Quakbot CnC) (trojan.rules)
  2022535 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex) (trojan.rules)
  2022536 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Qadars CnC) (trojan.rules)
  2022537 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Quakbot CnC) (trojan.rules)
  2022538 - ET TROJAN Ransomware Locky CnC Beacon (trojan.rules)

 Pro:

  2816282 - ETPRO TROJAN Win32/Dacic.A!rfn Backdoor CnC Checkin (trojan.rules)
  2816283 - ETPRO CURRENT_EVENTS Mailbox Update Phishing Landing Feb
17 (current_events.rules)
  2816284 - ETPRO CURRENT_EVENTS Successful Mailbox Update Phish Feb
17 M1 (current_events.rules)
  2816285 - ETPRO CURRENT_EVENTS Successful Mailbox Update Phish Feb
17 M2 (current_events.rules)
  2816286 - ETPRO TROJAN Tendrit CnC Beacon 3 (trojan.rules)
  2816287 - ETPRO TROJAN Tendrit CnC Beacon 4 (trojan.rules)
  2816288 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Xbot.b Checkin
(mobile_malware.rules)
  2816289 - ETPRO CURRENT_EVENTS Google Maps Phishing Landing Feb 17
(current_events.rules)
  2816290 - ETPRO CURRENT_EVENTS Igg.biz Phishing Redirector (set) Feb
17 (current_events.rules)
  2816291 - ETPRO CURRENT_EVENTS Igg.biz Phishing Redirector Feb 17
(current_events.rules)
  2816292 - ETPRO CURRENT_EVENTS Possible Phishing Landing - Data URI
Inline Javascript Feb 9 (current_events.rules)
  2816293 - ETPRO CURRENT_EVENTS Successful Google Credential Phish
Feb 9 (current_events.rules)
  2816294 - ETPRO CURRENT_EVENTS Evil HTA (Kovter) (current_events.rules)
  2816295 - ETPRO CURRENT_EVENTS Fake Flash Player Update (Kovter)
(current_events.rules)
  2816296 - ETPRO CURRENT_EVENTS Evil HTA (Kovter) M2 (current_events.rules)
  2816297 - ETPRO TROJAN Andromeda CnC 2 (trojan.rules)
  2816298 - ETPRO TROJAN PoisonIvy Keepalive to CnC 297 (trojan.rules)
  2816299 - ETPRO TROJAN PoisonIvy Keepalive to CnC 298 (trojan.rules)
  2816300 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.ii Checkin
(mobile_malware.rules)
  2816301 - ETPRO TROJAN Unknown CnC (trojan.rules)
  2816302 - ETPRO TROJAN GooNky SSL Cert (trojan.rules)
  2816303 - ETPRO TROJAN GooNky SSL Cert (trojan.rules)
  2816304 - ETPRO TROJAN GooNky SSL Cert (trojan.rules)


 [///]     Modified active rules:     [///]

  2007727 - ET P2P possible torrent download (p2p.rules)
  2014734 - ET P2P BitTorrent - Torrent File Downloaded (p2p.rules)
  2020380 - ET TROJAN Possible Deep Panda User-Agent (trojan.rules)
  2021761 - ET CURRENT_EVENTS Possible PHISH - Generic Status Messages
Sept 11 (current_events.rules)
  2022488 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Quakbot CnC) (trojan.rules)
  2814736 - ETPRO TROJAN Pirpi CnC Beacon (trojan.rules)
  2815666 - ETPRO CURRENT_EVENTS Successful PNC Bank Phish Jan 8
(current_events.rules)
  2815781 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Jan
14 (current_events.rules)


 [---]         Removed rules:         [---]

  2816272 - ETPRO TROJAN Ransomware Locky CnC Beacon (trojan.rules)


More information about the Emerging-updates mailing list