[Emerging-updates] Daily Ruleset Update Summary 2016/01/05

Francis Trudeau ftrudeau at emergingthreats.net
Tue Jan 5 18:48:00 EST 2016


 [***] Summary: [***]

 4 new Open signatures, 18 new Pro (4 + 14).  NanoLocker, Cryptojoker, Sacto.

 [+++]          Added rules:          [+++]

 Open:

  2022331 - ET TROJAN NanoLocker Check-in (ICMP) M1 (trojan.rules)
  2022332 - ET POLICY DNS Query to .onion proxy Domain (onion.link)
(policy.rules)
  2022333 - ET TROJAN Cryptojoker Checkin (trojan.rules)
  2022334 - ET TROJAN Malicious VBS Downloader fake image zip (trojan.rules)

 Pro:

  2815586 - ETPRO TROJAN Encryptor Raas Unlock Instructions Access
(trojan.rules)
  2815587 - ETPRO POLICY DNS Query to .onion proxy Domain
(encpayment23.com) (policy.rules)
  2815588 - ETPRO POLICY DNS Query to .onion proxy Domain
(expay34.com) (policy.rules)
  2815589 - ETPRO TROJAN Sacto DNS Lookup (trojan.rules)
  2815590 - ETPRO TROJAN Sacto DNS Lookup (trojan.rules)
  2815591 - ETPRO CURRENT_EVENTS HTTP Request to Fake Virus Warning
(current_events.rules)
  2815592 - ETPRO TROJAN Win32.Rifdoor Checkin (set) (trojan.rules)
  2815593 - ETPRO TROJAN Win32.Rifdoor Checkin (trojan.rules)
  2815594 - ETPRO CURRENT_EVENTS Successful Excel Online Phish Jan 5
(current_events.rules)
  2815595 - ETPRO CURRENT_EVENTS Successful Docusign Phish Jan 5
(current_events.rules)
  2815596 - ETPRO CURRENT_EVENTS Docusign Phish Landing Page Jan 5
(current_events.rules)
  2815597 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union
Phish Jan 5 (current_events.rules)
  2815598 - ETPRO TROJAN Win32/Jukbot.B Checkin 14 (trojan.rules)
  2815599 - ETPRO MALWARE Win32/Fourthrem SoftwareBundler Activity
(malware.rules)


 [///]     Modified active rules:     [///]

  2014366 - ET TROJAN Suspicious User-Agent Post (trojan.rules)
  2018228 - ET TROJAN Possible PlugX Common Header Struct (trojan.rules)
  2021747 - ET TROJAN Backdoor.Win32.Spy.Pavica.O/TVRat Checkin (trojan.rules)
  2807627 - ETPRO TROJAN Backdoor.Win32.Ceckno CnC (OUTBOUND) (trojan.rules)
  2812789 - ETPRO TROJAN Tofsee Spambot Retrieving Config (trojan.rules)
  2815452 - ETPRO CURRENT_EVENTS Angler EK Landing/RIG EK Landing Dec
23 2015 Common Construct (current_events.rules)
  2815475 - ETPRO CURRENT_EVENTS Possible Nuclear EK Landing URI
struct Dec 27 2015 M1 (current_events.rules)
  2815476 - ETPRO CURRENT_EVENTS Possible Nuclear EK Landing URI
struct Dec 27 2015 M2 (current_events.rules)
  2815477 - ETPRO CURRENT_EVENTS Possible Nuclear EK Landing URI
struct Dec 27 2015 M3 (current_events.rules)
  2815478 - ETPRO CURRENT_EVENTS Possible Nuclear EK Landing URI
struct Dec 27 2015 M4 (current_events.rules)
  2815479 - ETPRO CURRENT_EVENTS Possible Nuclear EK Landing URI
struct Dec 27 2015 M5 (current_events.rules)
  2815480 - ETPRO CURRENT_EVENTS Possible Nuclear EK Landing URI
struct Dec 27 2015 M6 (current_events.rules)
  2815481 - ETPRO CURRENT_EVENTS Possible Nuclear EK Landing URI
struct Dec 27 2015 M7 (current_events.rules)
  2815482 - ETPRO CURRENT_EVENTS Possible Nuclear EK Landing URI
struct Dec 27 2015 M8 (current_events.rules)
  2815483 - ETPRO CURRENT_EVENTS Possible Nuclear EK Landing URI
struct Dec 27 2015 M9 (current_events.rules)


 [---]         Removed rules:         [---]

  2815528 - ETPRO TROJAN Win32/SpY-Agent.Pavica.W Checkin (trojan.rules)


More information about the Emerging-updates mailing list