[Emerging-updates] Daily Ruleset Update Summary 2016/02/25

Francis Trudeau ftrudeau at emergingthreats.net
Thu Feb 25 18:09:39 EST 2016


Looks like 2816397 is a dupe of 2022569.  We will be killing off
2816397.  It should be in DELETED either later today or tomorrow.

Sorry for the inconvenience.

ft



On Thu, Feb 25, 2016 at 3:55 PM, Francis Trudeau
<ftrudeau at emergingthreats.net> wrote:
>  [***] Summary: [***]
>
>  4 new Open signatures, 24 new Pro (4 + 20).  PadCrypt, Nymaim, Mbot.
>
>  [+++]          Added rules:          [+++]
>
>  Open:
>
>   2022566 - ET CURRENT_EVENTS Possible Malicious Macro EXE DL
> AlphaNumL (current_events.rules)
>   2022567 - ET CURRENT_EVENTS Evil Redirect Leading to EK Feb 25 2016
> (current_events.rules)
>   2022568 - ET TROJAN Likely PadCrypt Locker PKG DL (trojan.rules)
>   2022569 - ET TROJAN PadCrypt .onion Payment Domain (trojan.rules)
>
>  Pro:
>
>   2816378 - ETPRO TROJAN Successful Maersk Phishing Feb 25 (trojan.rules)
>   2816379 - ETPRO TROJAN MBot CnC Checkin (trojan.rules)
>   2816380 - ETPRO TROJAN Win32/Evotob.B Variant Checkin 2 (trojan.rules)
>   2816381 - ETPRO TROJAN Win32/Evotob.B Variant Checkin 3 (trojan.rules)
>   2816382 - ETPRO TROJAN Win32/Evotob.B Variant Checkin Response 2
> (trojan.rules)
>   2816383 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
> (2016-02-25) (trojan.rules)
>   2816384 - ETPRO TROJAN Win32/Kaicone.B Checkin 1 (trojan.rules)
>   2816385 - ETPRO TROJAN Win32/Kaicone.B Checkin 2 (trojan.rules)
>   2816386 - ETPRO TROJAN Win32/Kaicone.B User Agent (trojan.rules)
>   2816387 - ETPRO MOBILE_MALWARE
> Trojan-Dropper.AndroidOS.Guerrilla.pac Checkin (mobile_malware.rules)
>   2816388 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Feb 24
> 2016 (Evil Keitaro FB Set) (current_events.rules)
>   2816389 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK EITest
> Feb 25 (current_events.rules)
>   2816390 - ETPRO MALWARE Liuliangbao.A Variant PUP Install Checkin
> (malware.rules)
>   2816391 - ETPRO TROJAN Java/Jacksbot CnC Beacon 2 (trojan.rules)
>   2816392 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.gh
> Exfiltration of SMS via SMTP (mobile_malware.rules)
>   2816393 - ETPRO TROJAN Obfuscated Phishing Landing Feb 25 (trojan.rules)
>   2816394 - ETPRO TROJAN Nymaim Checkin 5 (set) (trojan.rules)
>   2816395 - ETPRO TROJAN Nymaim Checkin 5 (trojan.rules)
>   2816396 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.hr
> Checkin (mobile_malware.rules)
>   2816397 - ETPRO TROJAN PadC_Downloader .onion Proxy Domain (trojan.rules)
>
>
>  [///]     Modified active rules:     [///]
>
>   2022535 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
> detected (Dridex) (trojan.rules)
>   2814022 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Leech.a
> Checkin (mobile_malware.rules)
>   2814881 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.hr
> Checkin (mobile_malware.rules)
>
>
>  [---]         Removed rules:         [---]
>
>   2014856 - ET TROJAN FakeAvCn-A Checkin 2 (trojan.rules)


More information about the Emerging-updates mailing list