[Emerging-updates] Daily Ruleset Update Summary 2016/02/18

Francis Trudeau ftrudeau at emergingthreats.net
Thu Feb 18 20:42:49 EST 2016


 [***] Summary: [***]

 12 Open signatures, 19 new Pro (12 + 7).  CVE-2015-7547, OceanLotus, Dridex.

 Thanks:  Kevin Ross.

 [+++]          Added rules:          [+++]

 Open:

  2022539 - ET TROJAN Possible OceanLotus Time Check to Microsoft.com
(trojan.rules)
  2022540 - ET TROJAN Possible OceanLotus CnC Heartbeat (trojan.rules)
  2022541 - ET TROJAN Possible OceanLotus C2 Checkin (trojan.rules)
  2022542 - ET EXPLOIT Possible 2015-7547 PoC Server Response (exploit.rules)
  2022543 - ET EXPLOIT Possible CVE-2015-7547 Long Response to A
lookup (exploit.rules)
  2022544 - ET EXPLOIT Possible CVE-2015-7547 Long Response to AAAA
lookup (exploit.rules)
  2022545 - ET EXPLOIT Possible CVE-2015-7547 Malformed Server
Response A/AAAA (exploit.rules)
  2022546 - ET EXPLOIT Possible CVE-2015-7547 A/AAAA Record Lookup
Possible Forced FallBack(fb set) (exploit.rules)
  2022547 - ET EXPLOIT Possible CVE-2015-7547 Large Response to A/AAAA
query (exploit.rules)
  2022548 - ET TROJAN Ransomware Locky .onion Payment Domain (trojan.rules)
  2022549 - ET CURRENT_EVENTS Dridex DL Pattern Feb 18 2016
(current_events.rules)
  2022550 - ET CURRENT_EVENTS Possible Malicious Macro DL EXE Feb 2016
(current_events.rules)

 Pro:

  2816305 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ak
Exfiltration of SMS via SMTP (mobile_malware.rules)
  2816306 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Igamo.a Checkin
(mobile_malware.rules)
  2816307 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Igamo.a Checkin
2 (mobile_malware.rules)
  2816308 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.fw
Checkin (mobile_malware.rules)
  2816309 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iv
Checkin (mobile_malware.rules)
  2816310 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.if
Checkin (mobile_malware.rules)
  2816311 - ETPRO TROJAN W32/Banload CnC (trojan.rules)


 [///]     Modified active rules:     [///]

  2007727 - ET P2P possible torrent download (p2p.rules)
  2022538 - ET TROJAN Ransomware Locky CnC Beacon (trojan.rules)


 [---]         Removed rules:         [---]

  2816273 - ETPRO TROJAN Ransomware Locky .onion Payment Domain (trojan.rules)


More information about the Emerging-updates mailing list