[Emerging-updates] Daily Ruleset Update Summary 2016/01/06

Francis Trudeau ftrudeau at emergingthreats.net
Wed Jan 6 21:26:22 EST 2016


 [***] Summary: [***]

 6 new Open signatures, 41 new Pro (6 + 35).  ELF.MrBlack, Dridex,
Nitol.K, Darkhotel.

 Thanks:  Kevin Ross and @MalwareMustDie.

 [+++]          Added rules:          [+++]

 Open:

  2022335 - ET TROJAN ELF.MrBlack DOS.TF Malformed Lookup
(/lib32/libc.so.6) (trojan.rules)
  2022336 - ET TROJAN ELF.MrBlack DOS.TF Variant (trojan.rules)
  2022337 - ET TROJAN Win32.Nitol.K Variant CnC (trojan.rules)
  2022338 - ET CURRENT_EVENTS Evil Redirector Leading to EK Jan 6th
2016 M1 (current_events.rules)
  2022339 - ET CURRENT_EVENTS Dridex Download 6th Jan 2016 Flowbit
(current_events.rules)
  2022340 - ET CURRENT_EVENTS W32/Dridex Binary Download 6th Jan 2016
(current_events.rules)

 Pro:

  2815600 - ETPRO CURRENT_EVENTS DHL Phishing Javascript Jan 5
(current_events.rules)
  2815601 - ETPRO CURRENT_EVENTS DHL Phishing Landing Jan 5
(current_events.rules)
  2815602 - ETPRO TROJAN Win32.Nitol.K Variant Checkin 2 (trojan.rules)
  2815603 - ETPRO TROJAN Win32.Nitol.K Variant Checkin 1 (trojan.rules)
  2815604 - ETPRO TROJAN Inexsmar/Darkhotel Stage1 Checkin (trojan.rules)
  2815605 - ETPRO TROJAN Inexsmar/Darkhotel Stage1 CnC Beacon (trojan.rules)
  2815606 - ETPRO TROJAN Inexsmar/Darkhotel Stage2 Checkin (trojan.rules)
  2815607 - ETPRO TROJAN Inexsmar/Darkhotel Stage2 CnC Beacon (trojan.rules)
  2815608 - ETPRO CURRENT_EVENTS Successful Jimdo Phishing Jan 6
(current_events.rules)
  2815609 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ff
Checkin 5 (mobile_malware.rules)
  2815610 - ETPRO MOBILE_MALWARE Android/SMSreg.LL Checkin
(mobile_malware.rules)
  2815611 - ETPRO TROJAN Win32/Jukbot.B Checkin 15 (trojan.rules)
  2815612 - ETPRO MOBILE_MALWARE Android/AdDisplay.Shixot.A Checkin
(mobile_malware.rules)
  2815613 - ETPRO MOBILE_MALWARE Android/Adware.AdsWo.A Checkin 2
(mobile_malware.rules)
  2815614 - ETPRO TROJAN APT.T9000 Requesting Payload M1 (trojan.rules)
  2815615 - ETPRO TROJAN APT.T9000 Requesting Payload M2 (trojan.rules)
  2815616 - ETPRO TROJAN Elmer CnC Beacon 1 M2 (trojan.rules)
  2815617 - ETPRO TROJAN Elmer CnC Beacon 2 M3 (trojan.rules)
  2815618 - ETPRO TROJAN Plugx DNS Lookup (trojan.rules)
  2815619 - ETPRO TROJAN Sacto DNS Lookup (trojan.rules)
  2815620 - ETPRO TROJAN Sacto DNS Lookup (trojan.rules)
  2815621 - ETPRO TROJAN Sacto DNS Lookup (trojan.rules)
  2815622 - ETPRO TROJAN Sacto SSL Cert (trojan.rules)
  2815623 - ETPRO TROJAN Win32/Danginex Dorking for Targets (trojan.rules)
  2815624 - ETPRO TROJAN Win32/Danginex Checkin (trojan.rules)
  2815625 - ETPRO TROJAN APT.WinHTTPHelper SSL Cert (trojan.rules)
  2815626 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-01-06 1) (trojan.rules)
  2815627 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-01-06 2) (trojan.rules)
  2815628 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(UmVhc2VuLmFuZHJvOmFuZHJv) (trojan.rules)
  2815629 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(a2FydGlrYm4xOjk0NDI1MDI4MjE=) (trojan.rules)
  2815630 - ETPRO TROJAN APT.SSLSneak SSL Cert (trojan.rules)
  2815631 - ETPRO TROJAN Possible APT.SSLSneak DNS Lookup (trojan.rules)
  2815632 - ETPRO TROJAN Possible APT.SSLSneak DNS Lookup (trojan.rules)
  2815633 - ETPRO TROJAN Possible APT.SSLSneak DNS Lookup (trojan.rules)
  2815634 - ETPRO TROJAN Possible APT.SSLSneak DNS Lookup (trojan.rules)


 [///]     Modified active rules:     [///]

  2014472 - ET INFO JAVA - Java Archive Download (info.rules)
  2021752 - ET CURRENT_EVENTS SUSPICIOUS Likely Neutrino EK or other
EK IE Flash request to DYNDNS set non-standard filename
(current_events.rules)
  2022330 - ET TROJAN NanoLocker Check-in (ICMP) M2 (trojan.rules)
  2022331 - ET TROJAN NanoLocker Check-in (ICMP) M1 (trojan.rules)
  2814651 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.CT
Checkin 2 (mobile_malware.rules)
  2815432 - ETPRO TROJAN Emissary CnC Beacon M2 (trojan.rules)
  2815440 - ETPRO TROJAN Elmer Checkin (trojan.rules)


More information about the Emerging-updates mailing list