[Emerging-updates] Daily Ruleset Update Summary 2016/01/15

Will Metcalf wmetcalf at emergingthreatspro.com
Fri Jan 15 17:42:13 EST 2016


 [***]          Summary:              [***]

 17 new Pro rules. Qadars, Banload, SSL Evil Redirectors, Various Phish etc.

 [+++]          Added rules:          [+++]

  2815793 - ETPRO MOBILE_MALWARE Android.Trojan.HiddenApp.EN Checkin 2
(mobile_malware.rules)
  2815794 - ETPRO CURRENT_EVENTS Possible EK SSL Redir DNS Lookup
(current_events.rules)
  2815795 - ETPRO CURRENT_EVENTS Possible EK SSL Redir DNS Lookup
(current_events.rules)
  2815796 - ETPRO CURRENT_EVENTS Possible EK SSL Redir DNS Lookup
(current_events.rules)
  2815797 - ETPRO CURRENT_EVENTS Possible EK SSL Redir DNS Lookup
(current_events.rules)
  2815798 - ETPRO CURRENT_EVENTS Possible EK Redir SSL Cert
(current_events.rules)
  2815799 - ETPRO CURRENT_EVENTS IRS Phishing Landing Jan 15
(current_events.rules)
  2815800 - ETPRO CURRENT_EVENTS Successful IRS Phish Jan 15
(current_events.rules)
  2815801 - ETPRO CURRENT_EVENTS Successful Formbuddy Credential Phish
Submission Jan 15 (current_events.rules)
  2815802 - ETPRO CURRENT_EVENTS Webmail Update Phishing Landing Jan 15
(current_events.rules)
  2815803 - ETPRO TROJAN Win32/Banload Variant CnC Checkin (trojan.rules)
  2815811 - ETPRO TROJAN Qadars CnC SSL Cert (trojan.rules)
  2815812 - ETPRO TROJAN Qadars CnC SSL Cert (trojan.rules)
  2815813 - ETPRO TROJAN Qadars CnC SSL Cert (trojan.rules)
  2815814 - ETPRO TROJAN Qadars Injects SSL Cert (trojan.rules)
  2815815 - ETPRO CURRENT_EVENTS Observed Malvertising Domain DNS Request (
markets.mediasoftmac.com) (current_events.rules)
  2815816 - ETPRO CURRENT_EVENTS Observed Malvertising Domain DNS Request (
advertising.northside-market.com) (current_events.rules)


 [///]     Modified active rules:     [///]

  Open:
  2018358 - ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake
Browser 1 (info.rules)
  2019780 - ET TROJAN W32/CloudScout CnC Beacon (trojan.rules)
  2022370 - ET EXPLOIT Possible CVE-2016-0777 Client Sent Roaming Resume
Request (exploit.rules)

  Pro:
  2812465 - ETPRO USER_AGENTS Suspicious User-Agent (User-Agent)
(user_agents.rules)
  2814577 - ETPRO DNS SkullSecurity Encrypted Shell Possible Tunnel 1
(dns.rules)


 [---]         Removed rules:         [---]

  2815757 - ETPRO CURRENT_EVENTS Nuclear EK Landing Jan 12 M1
(current_events.rules)
  2815758 - ETPRO CURRENT_EVENTS Nuclear EK Landing Jan 12 M2
(current_events.rules)
  2815759 - ETPRO CURRENT_EVENTS Nuclear EK Landing Jan 12 M3
(current_events.rules)
  2815760 - ETPRO CURRENT_EVENTS Nuclear EK Landing Jan 12 M4
(current_events.rules)
  2815761 - ETPRO CURRENT_EVENTS Nuclear EK Landing Jan 12 M5
(current_events.rules)
  2815762 - ETPRO CURRENT_EVENTS Nuclear EK Landing Jan 12 M6
(current_events.rules)
  2815763 - ETPRO CURRENT_EVENTS Nuclear EK Landing Jan 12 M7
(current_events.rules)
  2815764 - ETPRO CURRENT_EVENTS Nuclear EK Landing Jan 12 M8
(current_events.rules)
  2815765 - ETPRO CURRENT_EVENTS Nuclear EK Landing Jan 12 M9
(current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20160115/0dc24606/attachment.html>


More information about the Emerging-updates mailing list