[Emerging-updates] Daily Ruleset Update Summary 2016/01/22

Francis Trudeau ftrudeau at emergingthreats.net
Fri Jan 22 19:12:37 EST 2016


 [***] Summary: [***]

 4 new Open signatures, 47 new Pro.  7ev3n Ransomware, PoisonIvy,
VARIOUS PHISHING.

 Thanks:  @abuse_ch.

 [+++]          Added rules:          [+++]

  2022401 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic
(OUTBOUND) 104 (trojan.rules)
  2022402 - ET TROJAN Win32/7ev3n Ransomware Initial Checkin (trojan.rules)
  2022403 - ET TROJAN Win32/7ev3n Ransomware Process Checkin (trojan.rules)
  2022404 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Qadars CnC) (trojan.rules)


  2815889 - ETPRO TROJAN Backdoor.Jolob CnC Beacon (trojan.rules)
  2815890 - ETPRO TROJAN Win32/Unknown.DDoS Checkin (trojan.rules)
  2815891 - ETPRO CURRENT_EVENTS Phishing Landing via Ezweb123.com Jan
22 (current_events.rules)
  2815892 - ETPRO CURRENT_EVENTS Phishing Landing via Stinge.com (set)
Jan 22 (current_events.rules)
  2815893 - ETPRO CURRENT_EVENTS Phishing Landing via Stinge.com Jan
22 M1 (current_events.rules)
  2815894 - ETPRO CURRENT_EVENTS Phishing Landing via Stinge.com Jan
22 M2 (current_events.rules)
  2815895 - ETPRO CURRENT_EVENTS Phishing Landing via Stinge.com Jan
22 M3 (current_events.rules)
  2815896 - ETPRO CURRENT_EVENTS Phishing Landing via Jimdo.com (set)
Jan 22 (current_events.rules)
  2815897 - ETPRO CURRENT_EVENTS Phishing Landing via Jimdo.com Jan 22
M1 (current_events.rules)
  2815898 - ETPRO CURRENT_EVENTS Phishing Landing via Jimdo.com Jan 22
M2 (current_events.rules)
  2815899 - ETPRO CURRENT_EVENTS Phishing Landing via Jimdo.com Jan 22
M3 (current_events.rules)
  2815900 - ETPRO CURRENT_EVENTS Phishing Landing via MoonFruit.com
(set) Jan 22 (current_events.rules)
  2815901 - ETPRO CURRENT_EVENTS Phishing Landing via MoonFruit.com
Jan 22 M1 (current_events.rules)
  2815902 - ETPRO CURRENT_EVENTS Phishing Landing via MoonFruit.com
Jan 22 M2 (current_events.rules)
  2815903 - ETPRO CURRENT_EVENTS Phishing Landing via MoonFruit.com
Jan 22 M3 (current_events.rules)
  2815904 - ETPRO CURRENT_EVENTS Phishing Landing via Webeden.co.uk
(set) Jan 22 (current_events.rules)
  2815905 - ETPRO CURRENT_EVENTS Phishing Landing via Webeden.co.uk
Jan 22 M1 (current_events.rules)
  2815906 - ETPRO MALWARE Win32/PCCleanerPro PUP Install Checkin (malware.rules)
  2815907 - ETPRO CURRENT_EVENTS Phishing Landing via Webeden.co.uk
Jan 22 M2 (current_events.rules)
  2815908 - ETPRO CURRENT_EVENTS Phishing Landing via Webeden.co.uk
Jan 22 M3 (current_events.rules)
  2815909 - ETPRO TROJAN Win32/Unknown CnC Checkin (trojan.rules)
  2815910 - ETPRO TROJAN Win32/LockScreen CnC HTTP Pattern (trojan.rules)
  2815911 - ETPRO MOBILE_MALWARE Android/Xippa.A SSL CnC Cert
(mobile_malware.rules)
  2815912 - ETPRO TROJAN PoisonIvy Keepalive to CnC 277 (trojan.rules)
  2815913 - ETPRO TROJAN PoisonIvy Keepalive to CnC 278 (trojan.rules)
  2815914 - ETPRO TROJAN PoisonIvy Keepalive to CnC 279 (trojan.rules)
  2815915 - ETPRO TROJAN PoisonIvy Keepalive to CnC 280 (trojan.rules)
  2815916 - ETPRO TROJAN PoisonIvy Keepalive to CnC 281 (trojan.rules)
  2815917 - ETPRO TROJAN PoisonIvy Keepalive to CnC 282 (trojan.rules)
  2815918 - ETPRO TROJAN PoisonIvy Keepalive to CnC 283 (trojan.rules)
  2815919 - ETPRO TROJAN PoisonIvy Keepalive to CnC 284 (trojan.rules)
  2815920 - ETPRO TROJAN PoisonIvy Keepalive to CnC 285 (trojan.rules)
  2815921 - ETPRO TROJAN PoisonIvy Keepalive to CnC 286 (trojan.rules)
  2815922 - ETPRO TROJAN PoisonIvy Keepalive to CnC 287 (trojan.rules)
  2815924 - ETPRO TROJAN Win32/Banbra Variant Checkin (trojan.rules)
  2815925 - ETPRO CURRENT_EVENTS Successful IRS Phish (set) Jan 22
(current_events.rules)
  2815926 - ETPRO CURRENT_EVENTS Successful IRS Phish Jan 22
(current_events.rules)
  2815927 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(emVwaHlyLm9pb2lvaW9pb2lvaW9pb2k6TnU3Nzg4MDA=) (trojan.rules)
  2815928 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(S2luZ3ouNTp4) (trojan.rules)
  2815929 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bWlrZWouMTp4) (trojan.rules)
  2815930 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bWl5YXlpLjE6eA==) (trojan.rules)
  2815931 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZG9jLjE6MTIzNDU2) (trojan.rules)
  2815932 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(UjQ3SUs0TC4xOng=) (trojan.rules)


 [///]     Modified active rules:     [///]

  2019780 - ET TROJAN W32/CloudScout CnC Beacon (trojan.rules)
  2815667 - ETPRO CURRENT_EVENTS Ezweb123 Phishing (set) Jan 8
(current_events.rules)
  2815668 - ETPRO CURRENT_EVENTS Ezweb123.com Phishing Landing Jan 8
(current_events.rules)
  2815698 - ETPRO POLICY OpenDNS DNSCrypt (policy.rules)
  2815766 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Dec 13
2015 (current_events.rules)
  2815830 - ETPRO CURRENT_EVENTS Ezweb123.com Phishing Landing Jan 15
(current_events.rules)


More information about the Emerging-updates mailing list