[Emerging-updates] Daily Ruleset Update Summary 2016/01/07

Francis Trudeau ftrudeau at emergingthreats.net
Thu Jan 7 21:07:43 EST 2016


 [***] Summary: [***]

 3 new Open signatures, 30 new Pro (3 + 27).  DustySky, Zbot, VARIOUS PHISHING.

 Thanks:  Anthony Rodgers.

 [+++]          Added rules:          [+++]

 Open:

  2022341 - ET CURRENT_EVENTS Evil Redirector Leading to EK Jan 6th
2016 M2 (current_events.rules)
  2022342 - ET POLICY HotSpotShield Activity (policy.rules)
  2022343 - ET TROJAN DustySky Payload Link Request (trojan.rules)

 Pro:

  2815635 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Apofer.a Checkin
(mobile_malware.rules)
  2815636 - ETPRO MOBILE_MALWARE Android/Agent.FZ Checkin (mobile_malware.rules)
  2815637 - ETPRO TROJAN Win32/Agent.XOA Checkin (trojan.rules)
  2815638 - ETPRO CURRENT_EVENTS Successful WZ-REKLAMA Phish Jan 6
(current_events.rules)
  2815639 - ETPRO CURRENT_EVENTS USPS Phishing Landing Jan 6
(current_events.rules)
  2815640 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phishing
Jan 6 (current_events.rules)
  2815641 - ETPRO MALWARE Win32/ClientConnect.A PUP Checkin (malware.rules)
  2815642 - ETPRO TROJAN Zbot .onion Proxy Domain (trojan.rules)
  2815643 - ETPRO CURRENT_EVENTS Job314/Neutrino Reboot EK Landing Jan
07 2015 (current_events.rules)
  2815644 - ETPRO TROJAN Win32/Jongiti.A Checkin 1 (trojan.rules)
  2815645 - ETPRO TROJAN Win32/Jongiti.A Checkin 2 (trojan.rules)
  2815646 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.D Checkin 2
(mobile_malware.rules)
  2815647 - ETPRO MALWARE PUP.SimplyInstaller Checkin (malware.rules)
  2815648 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Fetcha.a Checkin
(mobile_malware.rules)
  2815649 - ETPRO CURRENT_EVENTS Wells Fargo Phishing Landing Jan 7
(current_events.rules)
  2815650 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish Loading
Page Jan 7 (current_events.rules)
  2815651 - ETPRO CURRENT_EVENTS Successful Mailbox Update Phish Jan 7
(current_events.rules)
  2815652 - ETPRO CURRENT_EVENTS Mailbox Update Phish Landing Page Jan
7 (current_events.rules)
  2815653 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Ewind.ao Checkin
(mobile_malware.rules)
  2815654 - ETPRO TROJAN Win32/Agent.XOA Checkin 2 (trojan.rules)
  2815655 - ETPRO TROJAN Win32/Agent.XOA Checkin 3 (trojan.rules)
  2815656 - ETPRO MOBILE_MALWARE Android.Trojan.AndroRAT.A Checkin
(mobile_malware.rules)
  2815657 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Binka.d
Checkin (mobile_malware.rules)
  2815658 - ETPRO TROJAN W32.Unknown Checkin (trojan.rules)
  2815659 - ETPRO CURRENT_EVENTS Suspicious Wordpress Redirect -
Possible Phishing Landing (set) Jan 7 (current_events.rules)
  2815660 - ETPRO CURRENT_EVENTS Suspicious Wordpress Redirect -
Possible Phishing Landing Jan 7 (current_events.rules)
  2815661 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a
Checkin (mobile_malware.rules)


 [///]     Modified active rules:     [///]

  2010066 - ET POLICY Data POST to an image file (gif) (policy.rules)
  2013193 - ET MOBILE_MALWARE Android.CruseWin Retriving XML File from
Hard Coded CnC (mobile_malware.rules)
  2014726 - ET POLICY Outdated Windows Flash Version IE (policy.rules)
  2811838 - ETPRO CURRENT_EVENTS Suspicious Terse HTTP Request to
Pastebin (current_events.rules)


More information about the Emerging-updates mailing list