[Emerging-updates] Daily Ruleset Update Summary 2016/01/14

Will Metcalf wmetcalf at emergingthreatspro.com
Thu Jan 14 20:18:54 EST 2016


 [***]          Summary:          [***]

  2 new Open. 20 new Pro (18/2). CVE-2016-0777, Pivy, Duuzer, etc. tks
Jeremy MJ.


 [+++]          Added rules:          [+++]

  Open:
  2022369 - ET EXPLOIT Possible CVE-2016-0777 Server Advertises Suspicious
Roaming Support (exploit.rules)
  2022370 - ET EXPLOIT Possible CVE-2016-0777 Client Sent Roaming Resume
Request (exploit.rules)

  Pro:
  2022371 - ET P2P MS WUDO Peer Sync (p2p.rules)
  2805265 - ETPRO MALWARE W32/Chistudi Checkin (malware.rules)
  2815777 - ETPRO TROJAN MSIL.Stealer Exfil Credentials via FTP
(trojan.rules)
  2815778 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set)
Jan 14 (current_events.rules)
  2815779 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set)
Jan 14 (current_events.rules)
  2815780 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set)
Jan 14 (current_events.rules)
  2815781 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Jan 14
(current_events.rules)
  2815782 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-01-11 1) (trojan.rules)
  2815783 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-01-11 2) (trojan.rules)
  2815784 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-01-11 3) (trojan.rules)
  2815785 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-01-11 4) (trojan.rules)
  2815786 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-01-11 5) (trojan.rules)
  2815787 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZHJzcHkwMDdfb20zcjoxMjM0RmFkaQ==) (trojan.rules)
  2815788 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(RmFwcGVyX05pZ2dlclNsYXZlOk5pZ2dlclNsYXZlMTAx) (trojan.rules)
  2815789 - ETPRO TROJAN Duuzer Cnc Beacon (trojan.rules)
  2815790 - ETPRO TROJAN PoisonIvy Keepalive to CnC 276 (trojan.rules)
  2815791 - ETPRO TROJAN Unknown RAT CnC Checkin (trojan.rules)
  2815792 - ETPRO TROJAN Unknown RAT CnC Checkin Response (trojan.rules)


 [///]     Modified active rules:     [///]

  Open:
  2000334 - ET P2P BitTorrent peer sync (p2p.rules)
  2018358 - ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake
Browser 1 (info.rules)

  Pro:
  2812237 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish July 28
(current_events.rules)
  2815494 - ETPRO CURRENT_EVENTS AES Crypto Observed in Javascript -
Possible Phishing Landing Dec 28 M1 (current_events.rules)


 [---]         Removed rules:         [---]

  2805265 - ETPRO TROJAN Win32/FlyStudio Checkin (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20160114/658b59f0/attachment.html>


More information about the Emerging-updates mailing list