[Emerging-updates] Daily Ruleset Update Summary 2016/02/26

Francis Trudeau ftrudeau at emergingthreats.net
Fri Feb 26 18:48:31 EST 2016


 [***] Summary: [***]

 2 new Open signatures, 20 new Pro (2 + 18).  Qadars, Yeegram, Geodo.

 [+++]          Added rules:          [+++]

 Open:

  2022570 - ET CURRENT_EVENTS Possible Spam/Phish Campaign Feb 25 2016
(current_events.rules)
  2022571 - ET TROJAN Malicious SSL certificate detected (Geodo MITM)
(trojan.rules)

 Pro:

  2816399 - ETPRO TROJAN MSIL/Agent.GX Variant CnC Checkin (trojan.rules)
  2816400 - ETPRO TROJAN MSIL/Agent.GX Variant CnC Beacon (trojan.rules)
  2816401 - ETPRO MALWARE MSIL.Livate Checkin (malware.rules)
  2816402 - ETPRO TROJAN Yeegram Downloader HTTP Request (trojan.rules)
  2816403 - ETPRO TROJAN Win32/Evotob.B Variant Checkin Response (trojan.rules)
  2816404 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Feb 26
2016 (current_events.rules)
  2816405 - ETPRO TROJAN Win32/Tepoyx Malicious SSL Certificate
Detected (trojan.rules)
  2816406 - ETPRO TROJAN Win32/Tepoyx Banking Injects SSL Certificate
(trojan.rules)
  2816407 - ETPRO TROJAN Win32/Pawxnic.A Malicious SSL Certificate
Detected (trojan.rules)
  2816408 - ETPRO TROJAN Qadars 2.0 Onion Domain Lookup (trojan.rules)
  2816409 - ETPRO TROJAN Qadars 2.0 CnC DNS Lookup (kakaja24.com) (trojan.rules)
  2816410 - ETPRO TROJAN Qadars 2.0 CnC DNS Lookup (halopov.com) (trojan.rules)
  2816411 - ETPRO TROJAN Qadars 2.0 CnC DNS Lookup (kisliy.com) (trojan.rules)
  2816412 - ETPRO TROJAN Qadars 2.0 CnC DNS Lookup (angela127.com)
(trojan.rules)
  2816413 - ETPRO TROJAN Qadars 2.0 CnC DNS Lookup (photo-a5.pw) (trojan.rules)
  2816414 - ETPRO TROJAN Qadars 2.0 CnC DNS Lookup (koktail24.com)
(trojan.rules)
  2816415 - ETPRO TROJAN Qadars 2.0 Injects DNS Lookup
(ssldigic3rt.com) (trojan.rules)
  2816416 - ETPRO TROJAN Qadars 2.0 Injects DNS Lookup
(digidetectsys.com) (trojan.rules)


 [///]     Modified active rules:     [///]

  2802902 - ETPRO TROJAN Win32/Forcud.A Spam Bot Checkin (trojan.rules)
  2803366 - ETPRO TROJAN Backdoor.Win32.Idicaf.B Checkin 2 (trojan.rules)
  2807549 - ETPRO TROJAN Zeleffo Checkin (trojan.rules)


 [---]         Removed rules:         [---]

  2800755 - ETPRO EXPLOIT Microsoft Help Workshop HPJ OPTIONS Section
Buffer Overflow (exploit.rules)
  2816397 - ETPRO TROJAN PadC_Downloader .onion Proxy Domain (trojan.rules)


More information about the Emerging-updates mailing list