[Emerging-updates] Daily Ruleset Update Summary 2016/01/25

Francis Trudeau ftrudeau at emergingthreats.net
Mon Jan 25 18:44:02 EST 2016


 [***] Summary: [***]

 3 new Open signatures, 29 new Pro (3 + 26).  LeChiffre, XpertRAT, Nymaim.

 Thanks:  @a_de_pasquale.

 [+++]          Added rules:          [+++]

  2022405 - ET POLICY External IP Lookup - meuip.net.br (policy.rules)
  2022406 - ET TROJAN LeChiffre Ransomware CnC (trojan.rules)
  2022407 - ET TROJAN Win32/Kaicone.A Checkin via HTTP POST (trojan.rules)

 Pro:

  2815933 - ETPRO CURRENT_EVENTS Canada Revenue Agency Phishing
Landing Jan 22 (current_events.rules)
  2815934 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ff
Checkin 6 (mobile_malware.rules)
  2815935 - ETPRO TROJAN XpertRAT Initial CnC Beacon (trojan.rules)
  2815936 - ETPRO TROJAN XpertRAT CnC Checkin (trojan.rules)
  2815937 - ETPRO TROJAN XpertRAT CnC Response (trojan.rules)
  2815938 - ETPRO TROJAN Win32.Banbra.bkbw Checkin (trojan.rules)
  2815939 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-01-25 1) (trojan.rules)
  2815940 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(YXZhbmRhMTEyMS5sZWdpb246c2tham5lb3M=) (trojan.rules)
  2815941 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(a2FycG90a2luQGdtYWlsLmNvbTp4ZjN6NTRkbGM=) (trojan.rules)
  2815942 - ETPRO TROJAN W32/Nymaim Checkin 3 (trojan.rules)
  2815943 - ETPRO TROJAN Win32/Toga!rfn Checkin (trojan.rules)
  2815944 - ETPRO TROJAN LDPinch Checkin HTTP Post 2 (trojan.rules)
  2815945 - ETPRO TROJAN Observed Malvertising Domain SSL Cert (trojan.rules)
  2815946 - ETPRO TROJAN PoisonIvy Keepalive to CnC 288 (trojan.rules)
  2815947 - ETPRO TROJAN PoisonIvy Keepalive to CnC 289 (trojan.rules)
  2815948 - ETPRO CURRENT_EVENTS Successful Resona Bank Phish Jan 25
(current_events.rules)
  2815949 - ETPRO CURRENT_EVENTS Successful Workspace Phish Jan 25
(current_events.rules)
  2815950 - ETPRO CURRENT_EVENTS Successful Suntrust Bank Phish Jan 25
M1 (current_events.rules)
  2815951 - ETPRO CURRENT_EVENTS Successful Suntrust Bank Phish Jan 25
M2 (current_events.rules)
  2815952 - ETPRO CURRENT_EVENTS Successful Suntrust Bank Phish Jan 25
M3 (current_events.rules)
  2815953 - ETPRO CURRENT_EVENTS Phishing Landing via Sitey.me (set)
Jan 26 (current_events.rules)
  2815954 - ETPRO CURRENT_EVENTS Phishing Landing via Sitey.me Jan 25
M1 (current_events.rules)
  2815955 - ETPRO CURRENT_EVENTS Phishing Landing via Sitey.me Jan 25
M2 (current_events.rules)
  2815956 - ETPRO CURRENT_EVENTS Phishing Landing via Sitey.me Jan 25
M3 (current_events.rules)
  2815957 - ETPRO CURRENT_EVENTS Possible Successful Phish via
Sitey.me Jan 26 (current_events.rules)
  2815958 - ETPRO MALWARE Win32/Adload.NPR Checkin (malware.rules)


 [///]     Modified active rules:     [///]

  2021813 - ET TROJAN Ursnif Variant CnC Beacon (trojan.rules)
  2022401 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic
(OUTBOUND) 104 (trojan.rules)
  2807561 - ETPRO TROJAN Bunitu Covert Channel port 53 (trojan.rules)
  2815853 - ETPRO CURRENT_EVENTS Successful Credential Phish via
FormLogix Jan 19 (current_events.rules)
  2815863 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.dy
Checkin 2 (mobile_malware.rules)


More information about the Emerging-updates mailing list