[Emerging-updates] Daily Ruleset Update Summary 2016/1/13

Will Metcalf wmetcalf at emergingthreatspro.com
Thu Jan 14 00:54:06 EST 2016


[***]          Summary:          [***]

5 new Open rules. 13 new Pro (8/5). ELF.STD.ddos, Micrass, Blackmoon,
Ixeshe, Alphacrypt, etc. tks @rmkml, @MalwareMustDie.

[+++]          Added rules:          [+++]

  Open:
  2022364 - ET CURRENT_EVENTS Fake Virus Phone Scam Landing Jan 13 M1
(current_events.rules)
  2022365 - ET CURRENT_EVENTS Fake Virus Phone Scam Landing Jan 13 M2
(current_events.rules)
  2022366 - ET CURRENT_EVENTS Fake Virus Phone Scam Landing Jan 13 M3
(current_events.rules)
  2022367 - ET TROJAN ELF.STD.ddos Checkin (trojan.rules)
  2022368 - ET POLICY External IP Lookup - ip.tyk.nu (policy.rules)

  Pro:
  2815766 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Dec 13 2015
(current_events.rules)
  2815768 - ETPRO TROJAN Trojan.Agent.BPOG Dropping EXE (trojan.rules)
  2815769 - ETPRO TROJAN W32.Blackmoon Uploading Stolen Certificates
(trojan.rules)
  2815770 - ETPRO TROJAN Alphacrypt/TeslaCrypt Ransomware CnC Beacon
(trojan.rules)
  2815771 - ETPRO TROJAN Ixeshe SSL Cert (trojan.rules)
  2815774 - ETPRO TROJAN Win32/Micrass Checkin (trojan.rules)
  2815775 - ETPRO TROJAN Win32/Micrass.B Checkin (trojan.rules)
  2815776 - ETPRO TROJAN Win32/Micrass.B CnC Beacon (trojan.rules)


 [///]     Modified active rules:     [///]

  Open:
  2014636 - ET TROJAN FakeM RAT CnC Beacon (trojan.rules)
  2020422 - ET MALWARE MultiPlug.J Checkin (malware.rules)
  2022348 - ET WEB_SERVER WEBSHELL JSP/Backdoor Shell Access
(web_server.rules)

  Pro:
  2810561 - ETPRO TROJAN Win32/TrojanDownloader.Banload.VKN CnC Beacon
(trojan.rules)
  2814897 - ETPRO TROJAN W32.YoungLotus Checkin (trojan.rules)
  2815661 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
(mobile_malware.rules)
  2815676 - ETPRO TROJAN W32.Blackmoon Checkin 2 (trojan.rules)


 [---]  Disabled and modified rules:  [---]

  2016807 - ET CURRENT_EVENTS Eval With Base64.decode seen in DOL Watering
Hole Attack 05/01/13 (current_events.rules)


 [---]         Removed rules:         [---]

  Open:
  2014842 - ET TROJAN Blackhole Loading Gif Inline Image (trojan.rules)

  Pro:
  2814680 - ETPRO TROJAN AbaddonPOS Exfiltrating CC Numbers 4 (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20160113/554dfcd1/attachment.html>


More information about the Emerging-updates mailing list