[Emerging-updates] Daily Ruleset Update Summary 2016/02/20

Francis Trudeau ftrudeau at emergingthreats.net
Mon Feb 22 17:43:59 EST 2016


 [***] Summary: [***]

 9 new Open signatures, 20 new Pro (9 + 11).  FrameworkPOS, Magnitude
EK, Dridex.

 Thanks:  @rmkml and @abuse_ch.

 [+++]          Added rules:          [+++]

 Open:

  2022551 - ET POLICY Logmein.com/Join.me SSL Remote Control Access
(policy.rules)
  2022553 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Malware CnC) (trojan.rules)
  2022554 - ET EXPLOIT FireEye Detection Evasion %temp% attempt -
Inbound (exploit.rules)
  2022555 - ET TROJAN Linux/Tsunami DNS Request
(updates.absentvodka.com) (trojan.rules)
  2022556 - ET TROJAN Linux/Tsunami DNS Request
(updates.mintylinux.com) (trojan.rules)
  2022557 - ET TROJAN Linux/Tsunami DNS Request
(eggstrawdinarry.mylittlerepo.com) (trojan.rules)
  2022558 - ET TROJAN Linux/Tsunami DNS Request
(linuxmint.kernel-org.org) (trojan.rules)
  2022559 - ET TROJAN FrameworkPOS Covert DNS CnC Initial Check In
(trojan.rules)
  2022560 - ET TROJAN Ransomware Locky .onion Payment Domain (trojan.rules)

 Pro:

  2816329 - ETPRO CURRENT_EVENTS Possible Magnitude EK Flash Exploit
URI Struct Feb 19 2016 (current_events.rules)
  2816331 - ETPRO TROJAN PoisonIvy Keepalive to CnC 301 (trojan.rules)
  2816332 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif
Injects) (trojan.rules)
  2816333 - ETPRO TROJAN Dridex Injects SSL Cert (trojan.rules)
  2816334 - ETPRO POLICY DNS Query to .onion proxy Domain
(newhost2tor.ch) (policy.rules)
  2816335 - ETPRO MOBILE_MALWARE Trojan-Clicker.AndroidOS.Simpo.i
Checkin (mobile_malware.rules)
  2816336 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ay
Checkin 2 (mobile_malware.rules)
  2816339 - ETPRO CURRENT_EVENTS Magnitude EK Flash Payload Feb 19
2016 (current_events.rules)
  2816340 - ETPRO MOBILE_MALWARE Android.Trojan.SLocker.U Checkin
(mobile_malware.rules)
  2816341 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Hqwar.j
Checkin (mobile_malware.rules)
  2816342 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Agent.bm
Checkin (mobile_malware.rules)


 [///]     Modified active rules:     [///]

  2812137 - ETPRO TROJAN W32.YoungLotus Checkin (trojan.rules)
  2814897 - ETPRO TROJAN W32.YoungLotus Checkin (trojan.rules)
  2816327 - ETPRO CURRENT_EVENTS Angler EK Payload Feb 19 Primer M1
(current_events.rules)


 [---]  Disabled and modified rules:  [---]

  2016371 - ET CURRENT_EVENTS Exploit Kit Java jpg download
(current_events.rules)


 [---]         Removed rules:         [---]

  2016320 - ET CURRENT_EVENTS Exploit Kit Java gif download
(current_events.rules)
  2016321 - ET CURRENT_EVENTS Possible g01pack Jar download
(current_events.rules)
  2016402 - ET CURRENT_EVENTS Exploit Kit Java png download
(current_events.rules)
  2016495 - ET CURRENT_EVENTS Exploit Kit Java .psd download
(current_events.rules)
  2016506 - ET CURRENT_EVENTS Exploit Kit Java jpeg download
(current_events.rules)


More information about the Emerging-updates mailing list