[Emerging-updates] Daily Ruleset Update Summary 2016/01/26

Francis Trudeau ftrudeau at emergingthreats.net
Tue Jan 26 18:28:14 EST 2016


 [***] Summary: [***]

 3 new Open signatures, 33 new Pro.  Ursnif, Dridex, PoisonIvy.

 Thanks:  Anthony Rodgers and @abuse_ch.

 [+++]          Added rules:          [+++]

 Open:

  2022408 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex) (trojan.rules)
  2022409 - ET CURRENT_EVENTS Fake AV Phone Scam Landing Jan 26 2016
(current_events.rules)
  2022410 - ET CURRENT_EVENTS Chrome Tech Support Scam Landing Jan 26
2016 (current_events.rules)

 Pro:

  2815959 - ETPRO TROJAN APT Related DNS Lookup (PlugX, Gh0st,
Bergard) (trojan.rules)
  2815960 - ETPRO MALWARE OSX/Adware.InstallCore Install Activity
(malware.rules)
  2815961 - ETPRO CURRENT_EVENTS Phishing Landing via Sitey.me Jan 26
M2 (current_events.rules)
  2815962 - ETPRO CURRENT_EVENTS Phishing Landing via Webeden.co.uk
Jan 26 M2 (current_events.rules)
  2815963 - ETPRO CURRENT_EVENTS Phishing Landing via Moonfruit Jan 26
M2 (current_events.rules)
  2815964 - ETPRO CURRENT_EVENTS Phishing Landing via Jimdo.com Jan 26
M2 (current_events.rules)
  2815965 - ETPRO CURRENT_EVENTS Phishing Landing via Stinge.com Jan
26 M2 (current_events.rules)
  2815966 - ETPRO CURRENT_EVENTS Phishing Landing via Ezweb123.com Jan
26 M2 (current_events.rules)
  2815967 - ETPRO CURRENT_EVENTS Successful Jimdo Phishing Jan 26
(current_events.rules)
  2815968 - ETPRO MALWARE Win32.PopAd Variant Checkin (malware.rules)
  2815969 - ETPRO MALWARE OSX/Adware.VSearch.DK Install Activity (malware.rules)
  2815970 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif
Injects) (trojan.rules)
  2815971 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif
Injects) (trojan.rules)
  2815972 - ETPRO TROJAN Dridex Injects SSL Cert (trojan.rules)
  2815973 - ETPRO TROJAN Win32/Qhost.Banker.PR Checkin 1 (trojan.rules)
  2815974 - ETPRO TROJAN Win32/Qhost.Banker.PR Checkin 2 (trojan.rules)
  2815975 - ETPRO WEB_SPECIFIC_APPS WP Appointment Booking Calendar
SQLi Attempt (web_specific_apps.rules)
  2815976 - ETPRO TROJAN CnC SSL Cert (trojan.rules)
  2815977 - ETPRO TROJAN Possible EK Redirector SSL Cert (trojan.rules)
  2815978 - ETPRO CURRENT_EVENTS Phishing Landing via Sitey.me Jan 26
M1 (current_events.rules)
  2815979 - ETPRO CURRENT_EVENTS Phishing Landing via Webeden.co.uk
Jan 26 M1 (current_events.rules)
  2815980 - ETPRO CURRENT_EVENTS Phishing Landing via Moonfruit Jan 26
M1 (current_events.rules)
  2815981 - ETPRO CURRENT_EVENTS Phishing Landing via Jimdo.com Jan 26
M1 (current_events.rules)
  2815982 - ETPRO CURRENT_EVENTS Phishing Landing via Stinge.com Jan
26 M1 (current_events.rules)
  2815983 - ETPRO CURRENT_EVENTS Phishing Landing via Ezweb123.com Jan
26 M1 (current_events.rules)
  2815984 - ETPRO TROJAN Malicious SSL certificate detected (Qadars
CnC) (trojan.rules)
  2815985 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-01-26 1) (trojan.rules)
  2815986 - ETPRO TROJAN Dridex Fakes/Redirects SSL Cert (trojan.rules)
  2815987 - ETPRO TROJAN PoisonIvy Keepalive to CnC 290 (trojan.rules)
  2815988 - ETPRO WEB_SERVER Possible CVE 2016-0752 Log Tainting
Attempt (web_server.rules)


 [///]     Modified active rules:     [///]


  2809397 - ETPRO TROJAN Win32/Spy.Ranbyus.J Checkin (trojan.rules)
  2815897 - ETPRO CURRENT_EVENTS Phishing Landing via Jimdo.com Jan 22
M1 (current_events.rules)
  2815905 - ETPRO CURRENT_EVENTS Phishing Landing via Webeden.co.uk
Jan 22 M1 (current_events.rules)


More information about the Emerging-updates mailing list