[Emerging-updates] Daily Ruleset Update Summary 2016/02/29

Francis Trudeau ftrudeau at emergingthreats.net
Mon Feb 29 17:44:04 EST 2016


 [***] Summary: [***]

 6 new Open signatures, 29 new Pro (6 + 23).  Andromeda, DarkComet, PoisonIvy.


 [+++]          Added rules:          [+++]

 Open:

  2022572 - ET TROJAN Andromeda Download (set) (trojan.rules)
  2022573 - ET TROJAN Andromeda Download (trojan.rules)
  2022574 - ET CURRENT_EVENTS Possible Fake AV Phone Scam Landing Feb
26 (current_events.rules)
  2022575 - ET CURRENT_EVENTS Possible Fake AV Phone Scam Long Domain
M1 Feb 29 (current_events.rules)
  2022576 - ET CURRENT_EVENTS Possible Fake AV Phone Scam Long Domain
M2 Feb 29 (current_events.rules)
  2022577 - ET CURRENT_EVENTS Possible Fake AV Phone Scam Long Domain
M3 Feb 29 (current_events.rules)

 Pro:

  2816419 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
(set) Feb 26 (current_events.rules)
  2816420 - ETPRO CURRENT_EVENTS Successful Chase Phish Feb 26
(current_events.rules)
  2816421 - ETPRO CURRENT_EVENTS USAA Phishing Landing Feb 26
(current_events.rules)
  2816422 - ETPRO TROJAN DarkComet-RAT CnC Activity (version) (trojan.rules)
  2816423 - ETPRO TROJAN DarkComet-RAT CnC Activity (verack) (trojan.rules)
  2816424 - ETPRO TROJAN DarkComet-RAT CnC Activity (getdata) (trojan.rules)
  2816425 - ETPRO TROJAN DarkComet-RAT CnC Activity (addr) (trojan.rules)
  2816426 - ETPRO TROJAN DarkComet-RAT CnC Response (version) (trojan.rules)
  2816427 - ETPRO TROJAN DarkComet-RAT CnC Response (addr) (trojan.rules)
  2816428 - ETPRO TROJAN DarkComet-RAT CnC Response (block) (trojan.rules)
  2816429 - ETPRO TROJAN DarkComet-RAT CnC Response (inv) (trojan.rules)
  2816430 - ETPRO TROJAN MoBi RAT CnC Checkin 3 (trojan.rules)
  2816431 - ETPRO TROJAN MoBi RAT CnC Checkin 4 (trojan.rules)
  2816432 - ETPRO TROJAN Win32/Kaicone.B Checkin 3 (trojan.rules)
  2816433 - ETPRO MOBILE_MALWARE Trojan.Android.AndroRAT.D Checkin
(mobile_malware.rules)
  2816434 - ETPRO TROJAN ZeroHTTP Bot CnC Checkin (trojan.rules)
  2816435 - ETPRO TROJAN ZeroHTTP Bot CnC Beacon (trojan.rules)
  2816436 - ETPRO TROJAN W32/Unknown Banker Checkin Via Mysql (trojan.rules)
  2816437 - ETPRO TROJAN PoisonIvy Keepalive to CnC 306 (trojan.rules)
  2816438 - ETPRO CURRENT_EVENTS Possible Evil Redirector Leading to
EK EITest Feb 29 (current_events.rules)
  2816439 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Feb 29
2016 (Evil Keitaro FB Set) (current_events.rules)
  2816440 - ETPRO TROJAN Unknown Bot CnC Checkin (trojan.rules)
  2816441 - ETPRO TROJAN MSIL/Datsup.A Activity (trojan.rules)


 [///]     Modified active rules:     [///]


  2811887 - ETPRO TROJAN Python/Peppy RAT Connectivity Check to C2
(trojan.rules)
  2811888 - ETPRO TROJAN Python/Peppy RAT Checkin (trojan.rules)
  2814262 - ETPRO TROJAN MSIL/Crimson CnC Client Command (update) (trojan.rules)
  2814263 - ETPRO TROJAN MSIL/Crimson CnC Server Command (info) (trojan.rules)
  2814264 - ETPRO TROJAN MSIL/Crimson CnC Client Response (info) (trojan.rules)
  2815639 - ETPRO CURRENT_EVENTS USPS Phishing Landing Jan 6
(current_events.rules)
  2815778 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
(set) Feb 26 (current_events.rules)
  2815780 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
(set) Feb 26 (current_events.rules)
  2815781 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Jan
14 (current_events.rules)
  2816276 - ETPRO TROJAN MSIL/Crimson CnC Client Command (update
client) (trojan.rules)
  2816277 - ETPRO TROJAN MSIL/Crimson Receiving Command (dirs list)
(trojan.rules)
  2816278 - ETPRO TROJAN MSIL/Crimson Receiving Command (folders list)
(trojan.rules)
  2816279 - ETPRO TROJAN MSIL/Crimson Receiving Command (files list)
(trojan.rules)
  2816280 - ETPRO TROJAN MSIL/Crimson Receiving Command (ping) (trojan.rules)
  2816403 - ETPRO TROJAN Win32/Evotob.B Variant Checkin Response (trojan.rules)


 [---]         Removed rules:         [---]

  2815779 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
(set) Jan 14 (current_events.rules)


More information about the Emerging-updates mailing list