[Emerging-updates] Daily Ruleset Update Summary 2016/01/27

Francis Trudeau ftrudeau at emergingthreats.net
Wed Jan 27 18:48:24 EST 2016


 [***] Summary: [***]

 55 Open signatures, 62 Pro (55 + 7).  Scarlet Mimic, Neutrino, Keitaro.

 Thanks:  Jeremy Hedges.

 [+++]          Added rules:          [+++]

 Open:

  2022411 - ET TROJAN Scarlet Mimic DNS Lookup 1 (trojan.rules)
  2022412 - ET TROJAN Scarlet Mimic DNS Lookup 2 (trojan.rules)
  2022413 - ET TROJAN Scarlet Mimic DNS Lookup 3 (trojan.rules)
  2022414 - ET TROJAN Scarlet Mimic DNS Lookup 4 (trojan.rules)
  2022415 - ET TROJAN Scarlet Mimic DNS Lookup 5 (trojan.rules)
  2022416 - ET TROJAN Scarlet Mimic DNS Lookup 6 (trojan.rules)
  2022417 - ET TROJAN Scarlet Mimic DNS Lookup 7 (trojan.rules)
  2022418 - ET TROJAN Scarlet Mimic DNS Lookup 8 (trojan.rules)
  2022419 - ET TROJAN Scarlet Mimic DNS Lookup 9 (trojan.rules)
  2022420 - ET TROJAN Scarlet Mimic DNS Lookup 10 (trojan.rules)
  2022421 - ET TROJAN Scarlet Mimic DNS Lookup 11 (trojan.rules)
  2022422 - ET TROJAN Scarlet Mimic DNS Lookup 12 (trojan.rules)
  2022423 - ET TROJAN Scarlet Mimic DNS Lookup 13 (trojan.rules)
  2022424 - ET TROJAN Scarlet Mimic DNS Lookup 14 (trojan.rules)
  2022425 - ET TROJAN Scarlet Mimic DNS Lookup 15 (trojan.rules)
  2022426 - ET TROJAN Scarlet Mimic DNS Lookup 16 (trojan.rules)
  2022427 - ET TROJAN Scarlet Mimic DNS Lookup 17 (trojan.rules)
  2022428 - ET TROJAN Scarlet Mimic DNS Lookup 18 (trojan.rules)
  2022429 - ET TROJAN Scarlet Mimic DNS Lookup 19 (trojan.rules)
  2022430 - ET TROJAN Scarlet Mimic DNS Lookup 20 (trojan.rules)
  2022431 - ET TROJAN Scarlet Mimic DNS Lookup 21 (trojan.rules)
  2022432 - ET TROJAN Scarlet Mimic DNS Lookup 22 (trojan.rules)
  2022433 - ET TROJAN Scarlet Mimic DNS Lookup 23 (trojan.rules)
  2022434 - ET TROJAN Scarlet Mimic DNS Lookup 24 (trojan.rules)
  2022435 - ET TROJAN Scarlet Mimic DNS Lookup 25 (trojan.rules)
  2022436 - ET TROJAN Scarlet Mimic DNS Lookup 26 (trojan.rules)
  2022437 - ET TROJAN Scarlet Mimic DNS Lookup 27 (trojan.rules)
  2022438 - ET TROJAN Scarlet Mimic DNS Lookup 28 (trojan.rules)
  2022439 - ET TROJAN Scarlet Mimic DNS Lookup 29 (trojan.rules)
  2022440 - ET TROJAN Scarlet Mimic DNS Lookup 30 (trojan.rules)
  2022441 - ET TROJAN Scarlet Mimic DNS Lookup 31 (trojan.rules)
  2022442 - ET TROJAN Scarlet Mimic DNS Lookup 32 (trojan.rules)
  2022443 - ET TROJAN Scarlet Mimic DNS Lookup 33 (trojan.rules)
  2022444 - ET TROJAN Scarlet Mimic DNS Lookup 34 (trojan.rules)
  2022445 - ET TROJAN Scarlet Mimic DNS Lookup 35 (trojan.rules)
  2022446 - ET TROJAN Scarlet Mimic DNS Lookup 36 (trojan.rules)
  2022447 - ET TROJAN Scarlet Mimic DNS Lookup 37 (trojan.rules)
  2022448 - ET TROJAN Scarlet Mimic DNS Lookup 38 (trojan.rules)
  2022449 - ET TROJAN Scarlet Mimic DNS Lookup 39 (trojan.rules)
  2022450 - ET TROJAN Scarlet Mimic DNS Lookup 40 (trojan.rules)
  2022451 - ET TROJAN Scarlet Mimic DNS Lookup 41 (trojan.rules)
  2022452 - ET TROJAN Scarlet Mimic DNS Lookup 42 (trojan.rules)
  2022453 - ET TROJAN Scarlet Mimic DNS Lookup 43 (trojan.rules)
  2022455 - ET TROJAN Scarlet Mimic DNS Lookup 45 (trojan.rules)
  2022456 - ET TROJAN Scarlet Mimic DNS Lookup 46 (trojan.rules)
  2022457 - ET TROJAN Scarlet Mimic DNS Lookup 47 (trojan.rules)
  2022458 - ET TROJAN Scarlet Mimic DNS Lookup 48 (trojan.rules)
  2022459 - ET TROJAN Scarlet Mimic DNS Lookup 49 (trojan.rules)
  2022460 - ET TROJAN Scarlet Mimic DNS Lookup 50 (trojan.rules)
  2022461 - ET TROJAN Scarlet Mimic DNS Lookup 44 (trojan.rules)
  2022462 - ET TROJAN Neutrino Checkin 2 (trojan.rules)
  2022463 - ET TROJAN Neutrino Checkin 3 (trojan.rules)
  2022464 - ET CURRENT_EVENTS Evil Redirector Leading to EK Jan 27
2016 (Evil Keitaro FB Set) (current_events.rules)
  2022465 - ET CURRENT_EVENTS Evil Redirector Leading to EK (Known
Evil Keitaro TDS) (current_events.rules)
  2022466 - ET CURRENT_EVENTS Possible Keitaro TDS Redirect
(current_events.rules)

 Pro:

  2815989 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif
Injects) (trojan.rules)
  2815990 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif
Injects) (trojan.rules)
  2815991 - ETPRO WEB_SERVER Possible Rails Inline ERB in URL (web_server.rules)
  2815993 - ETPRO TROJAN Win32/Jongiti.A Checkin 3 (trojan.rules)
  2815994 - ETPRO TROJAN Unknown/PyInstaller CnC Checkin M1 (trojan.rules)
  2815995 - ETPRO TROJAN Unknown/PyInstaller CnC Checkin M2 (trojan.rules)
  2815996 - ETPRO TROJAN MSIL/Spy.Banker.DJ .onion Proxy Domain (trojan.rules)


 [///]     Modified active rules:     [///]

  2021418 - ET TROJAN Bedep HTTP POST CnC Beacon (trojan.rules)
  2809527 - ETPRO TROJAN Infostealer.Gamania Checkin (trojan.rules)
  2815804 - ETPRO CURRENT_EVENTS Possible Nuclear EK Landing URI
Struct Jan 14 M1 (current_events.rules)
  2815805 - ETPRO CURRENT_EVENTS Possible Nuclear EK Landing URI
Struct Jan 14 M2 (current_events.rules)
  2815806 - ETPRO CURRENT_EVENTS Possible Nuclear EK Landing URI
Struct Jan 14 M3 (current_events.rules)
  2815817 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash URI Struct
Jan 14 M1 (current_events.rules)
  2815818 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash URI Struct
Jan 14 M2 (current_events.rules)
  2815826 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash URI Struct
Jan 14 M3 (current_events.rules)
  2815837 - ETPRO TROJAN Rekaf Checkin (trojan.rules)
  2815838 - ETPRO TROJAN Rekaf CnC Beacon 1 (trojan.rules)
  2815839 - ETPRO TROJAN Rekaf CnC Beacon 2 (trojan.rules)
  2815943 - ETPRO TROJAN Win32/Toga!rfn Checkin (trojan.rules)


 [---]         Removed rules:         [---]

  2806562 - ETPRO MALWARE Win32.Airostor.A Checkin (malware.rules)


More information about the Emerging-updates mailing list