[Emerging-updates] Daily Ruleset Update Summary 2016/01/19

Will Metcalf wmetcalf at emergingthreatspro.com
Tue Jan 19 19:08:02 EST 2016


 [***]          Summary:          [***]

 12 new Open rules. 30 new Pro (12/18). PadCrypt, Qadars, Poshcoder, Script
src from Pastebin, etc. Tks Pietro Delsante, @c_APT_ure

 [+++]          Added rules:          [+++]

  Open:
  2022372 - ET CURRENT_EVENTS Chrome Extension Phishing DNS Request
(current_events.rules)
  2022373 - ET CURRENT_EVENTS Chrome Extension Phishing HTTP Request
(current_events.rules)
  2022374 - ET CURRENT_EVENTS Suspicious LastPass URI Structure - Possible
Phishing (current_events.rules)
  2022376 - ET CURRENT_EVENTS Suspicious Script Loaded from Pastebin
(current_events.rules)
  2022377 - ET INFO DYNAMIC_DNS HTTP Request to a *.dnsip.ru Domain
(info.rules)
  2022378 - ET INFO DYNAMIC_DNS HTTP Request to a *.dnsip.ru Domain
(info.rules)
  2022379 - ET INFO DYNAMIC_DNS HTTP Request to a *.dnsip.ru Domain
(info.rules)
  2022380 - ET INFO DYNAMIC_DNS HTTP Request to a *.dnsip.ru Domain
(info.rules)
  2022381 - ET INFO DYNAMIC_DNS Query to a Suspicious *.dnsip.ru Domain
(info.rules)
  2022382 - ET INFO DYNAMIC_DNS Query to a Suspicious *.dnsip.ru Domain
(info.rules)
  2022383 - ET INFO DYNAMIC_DNS Query to a Suspicious *.dnsip.ru Domain
(info.rules)
  2022384 - ET INFO DYNAMIC_DNS Query to a Suspicious *.dnsip.ru Domain
(info.rules)

  Pro:
  2815827 - ETPRO TROJAN PadCrypt CnC Checkin (trojan.rules)
  2815828 - ETPRO TROJAN PadCrypt CnC Checkin 2 (trojan.rules)
  2815829 - ETPRO TROJAN Win32.Pincher.vjcnz Checkin (trojan.rules)
  2815830 - ETPRO CURRENT_EVENTS Ezweb123.com Phishing Landing Jan 15
(current_events.rules)
  2815831 - ETPRO CURRENT_EVENTS Form Submission to Ezweb123.com - Possible
Successful Phish Jan 15 (current_events.rules)
  2815832 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jan 15 M1
(current_events.rules)
  2815833 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jan 15 M2
(current_events.rules)
  2815834 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jan 15 M3
(current_events.rules)
  2815843 - ETPRO TROJAN Qadars CnC SSL Cert (trojan.rules)
  2815844 - ETPRO TROJAN Qadars CnC SSL Cert (trojan.rules)
  2815845 - ETPRO TROJAN DarkComet RAT Init Connection 10 (trojan.rules)
  2815846 - ETPRO POLICY External IP Lookup dns-free.com (policy.rules)
  2815847 - ETPRO TROJAN Unknown Checkin (trojan.rules)
  2815848 - ETPRO TROJAN Win32/LockScreen CnC Beacon 4 (trojan.rules)
  2815849 - ETPRO TROJAN MegalodonHTTP Traffic to Panel (trojan.rules)
  2815850 - ETPRO MOBILE_MALWARE Android.Trojan.Tefoni.A Checkin
(mobile_malware.rules)
  2815851 - ETPRO TROJAN Ransomware/Poshcoder Onion Domain Lookup
(trojan.rules)
  2815852 - ETPRO MALWARE Win32/Adware.HPDefender.D Checkin (malware.rules)


 [///]     Modified active rules:     [///]

  Open:
  2022318 - ET TROJAN Zbot download config (trojan.rules)

  Pro:
  2812237 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish July 28
(current_events.rules)
  2815285 - ETPRO TROJAN  Dexter POS CnC Beacon (trojan.rules)


 [---]         Removed rules:         [---]

  2007649 - ET MALWARE Spylog.ru Related Spyware Checkin (malware.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20160119/92309300/attachment.html>


More information about the Emerging-updates mailing list