[Emerging-updates] Daily Ruleset Update Summary 2016/01/04

Francis Trudeau ftrudeau at emergingthreats.net
Mon Jan 4 19:13:49 EST 2016


 [***] Summary: [***]

 4 new Open signatures, 22 new Pro (4 + 18).  BlackEnergy, Zbot, MoBi
RAT, Cl0wnbot.

 Thanks:  Pietro Delsante, @rmkml and @abuse_ch.

 [+++]          Added rules:          [+++]

 Open:

  2022327 - ET TROJAN BlackEnergy SSL Cert (trojan.rules)
  2022328 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2022329 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2022330 - ET TROJAN NanoLocker Check-in (ICMP) M2 (trojan.rules)

 Pro:

  2815567 - ETPRO MALWARE PUA.KUWO Checkin (malware.rules)
  2815568 - ETPRO TROJAN Terse HTTP 1.0 Request Possible Nivdort (trojan.rules)
  2815569 - ETPRO TROJAN Trojan.Win32.Generic .onion Proxy Domain (trojan.rules)
  2815570 - ETPRO TROJAN Win32/SpY-Agent.Pavica.W Checkin (trojan.rules)
  2815571 - ETPRO CURRENT_EVENTS Possible Nuclear EK Landing URI
struct Jan 04 2015 (current_events.rules)
  2815572 - ETPRO TROJAN Win32.SpywareLyndra.jh Checkin (trojan.rules)
  2815573 - ETPRO TROJAN StormDDOS/Jukbot Checkin (trojan.rules)
  2815574 - ETPRO TROJAN Zbot .onion Proxy Domain (trojan.rules)
  2815575 - ETPRO TROJAN Like4uBot Checkin (trojan.rules)
  2815576 - ETPRO TROJAN Win32/Comroki SSL Cert (trojan.rules)
  2815577 - ETPRO TROJAN Touasper SSL Cert (trojan.rules)
  2815578 - ETPRO TROJAN Unknown Ransomware .onion Proxy Domain (trojan.rules)
  2815579 - ETPRO TROJAN Possible NanoLocker Connectivity Check (trojan.rules)
  2815581 - ETPRO TROJAN MoBi RAT CnC Response 1 (trojan.rules)
  2815582 - ETPRO TROJAN MoBi RAT CnC Checkin 2 (trojan.rules)
  2815583 - ETPRO TROJAN MoBi RAT CnC Response 2 (trojan.rules)
  2815584 - ETPRO TROJAN MoBi RAT CnC Checkin (trojan.rules)
  2815585 - ETPRO TROJAN Win32.Cl0wnbot Checkin (trojan.rules)


 [///]     Modified active rules:     [///]

  2017707 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic
(OUTBOUND) 4 (trojan.rules)
  2021624 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (BlackEnergy CnC) (trojan.rules)
  2814067 - ETPRO TROJAN Backdoor.Win32.Fonten/BlackEnergy CnC Beacon
(trojan.rules)
  2815563 - ETPRO CURRENT_EVENTS Base64 Javascript URL Refresh -
Common Phish Landing Obfuscation Dec 31 (current_events.rules)


 [---]         Disabled rules:        [---]

  2022325 - ET POLICY SSHv2 Server KEX Detected within Banner on
Expected Port (policy.rules)
  2022326 - ET POLICY SSHv2 Server KEX Detected within Banner on
Unusual Port (policy.rules)


 [---]         Removed rules:         [---]

  2022324 - ET TROJAN Malicious SSL certificate detected (Possible
Sinkhole) (trojan.rules)
  2809186 - ETPRO TROJAN PUA.KwMusic Checkin (trojan.rules)


More information about the Emerging-updates mailing list