[Emerging-updates] Daily Ruleset Update Summary 2016/01/11

Francis Trudeau ftrudeau at emergingthreats.net
Mon Jan 11 18:30:40 EST 2016


 [***] Summary: [***]

 4 new Open signatures, 23 new Pro (4 + 19).  Dridex, FrauDrop,
Bladabindi/njRAT.

 Thanks:  Tom Kreiner, JeffH, @foxit, @Briz0lator, and @MalwareMustDie.

 [+++]          Added rules:          [+++]

 Open:

  2022348 - ET WEB_SERVER WEBSHELL JSP/Backdoor Shell Access (web_server.rules)
  2022349 - ET CURRENT_EVENTS CoinMiner Malicious Authline Seen in JAR
Backdoor (current_events.rules)
  2022350 - ET WEB_SPECIFIC_APPS Invalid/Suspicious User-Agent (PHP)
(web_specific_apps.rules)
  2022351 - ET POLICY External IP Lookup - ipecho.net (policy.rules)

 Pro:

  2814604 - ETPRO MALWARE Win32/Dorv.A CnC Beacon (malware.rules)
  2815443 - ETPRO MALWARE Win32/Dorv.A Checkin 2 (malware.rules)
  2815682 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.FT Checkin
(mobile_malware.rules)
  2815683 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.FT Checkin
2 (mobile_malware.rules)
  2815684 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.FT Checkin
3 (mobile_malware.rules)
  2815685 - ETPRO TROJAN Malicious SSL certificate detected (KINS CnC)
(trojan.rules)
  2815686 - ETPRO TROJAN Malicious SSL certificate detected (KINS CnC)
(trojan.rules)
  2815687 - ETPRO CURRENT_EVENTS DRIVEBY Possible Status Report M1
(current_events.rules)
  2815693 - ETPRO TROJAN Dridex Injects SSL Cert (trojan.rules)
  2815694 - ETPRO TROJAN Win32.FrauDrop.akljo Backdoor Keepalive
Response (trojan.rules)
  2815695 - ETPRO TROJAN Win32.FrauDrop.akljo Backdoor Keepalive (trojan.rules)
  2815696 - ETPRO TROJAN Win32.FrauDrop.akljo Backdoor Beacon (trojan.rules)
  2815697 - ETPRO TROJAN Bladabindi/njRAT CnC Response (trojan.rules)
  2815698 - ETPRO POLICY OpenDNS DNSCrypt (policy.rules)
  2815699 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Jan 8
(current_events.rules)
  2815700 - ETPRO CURRENT_EVENTS Adobe Phishing Landing Jan 8
(current_events.rules)
  2815701 - ETPRO CURRENT_EVENTS Successful Adobe Phish Jan 8
(current_events.rules)
  2815702 - ETPRO CURRENT_EVENTS Successful Adobe Phish Jan 8
(current_events.rules)
  2815703 - ETPRO TROJAN Maldoc Downloader SSL Cert Jan 08 (trojan.rules)


 [///]     Modified active rules:     [///]

  2013031 - ET POLICY Python-urllib/ Suspicious User Agent (policy.rules)
  2810703 - ETPRO TROJAN MSIL/Golroted.B or HawkEye External IP Check
with minimal headers (trojan.rules)
  2814067 - ETPRO TROJAN Backdoor.Win32.Fonten/BlackEnergy CnC Beacon
(trojan.rules)
  2815124 - ETPRO TROJAN Trojan.Crypt.Delf.X Upload (trojan.rules)


 [---]         Removed rules:         [---]

  2807593 - ETPRO MALWARE Adware.Downware.918 Checkin (malware.rules)
  2811470 - ETPRO TROJAN Kazy Variant CnC traffic (trojan.rules)
  2814604 - ETPRO TROJAN Win32/Dorv.A CnC Beacon (trojan.rules)
  2815443 - ETPRO TROJAN Win32/Dorv.A Checkin 2 (trojan.rules)


More information about the Emerging-updates mailing list