[Emerging-updates] Daily Ruleset Update Summary 2016/05/05

Francis Trudeau ftrudeau at emergingthreats.net
Thu May 5 18:25:18 EDT 2016


 [***] Summary: [***]

 2 new Open signatures, 19 new Pro (2 + 17).  Magnitude EK, Rexpot, Quakbot.

 Thanks:  @abuse_ch.

 [+++]          Added rules:          [+++]

 Open:

  2022795 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Quakbot CnC) (trojan.rules)
  2022796 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Shifu CnC) (trojan.rules)

 Pro:

  2820063 - ETPRO CURRENT_EVENTS Magnitude EK Payload May 04 2016
(current_events.rules)
  2820064 - ETPRO TROJAN Backdoor.Absolute Eye CnC Info Request
(trojan.rules)
  2820065 - ETPRO TROJAN Backdoor.Absolute Eye Activity (trojan.rules)
  2820066 - ETPRO TROJAN W32/Wizz CnC SSL Cert (trojan.rules)
  2820067 - ETPRO TROJAN W32/Wizz Checkin (trojan.rules)
  2820068 - ETPRO CURRENT_EVENTS Magnitude EK Secondary Landing May 04 2016
(current_events.rules)
  2820069 - ETPRO TROJAN Encryptor Raas .onion Proxy Domain (trojan.rules)
  2820070 - ETPRO TROJAN PoisonIvy Keepalive to CnC 328 (trojan.rules)
  2820071 - ETPRO TROJAN PoisonIvy Keepalive to CnC 329 (trojan.rules)
  2820072 - ETPRO TROJAN Trojan-PSW.Win32.KeyLogger.j CnC Beacon
(trojan.rules)
  2820073 - ETPRO TROJAN Win32/Upgilf CnC Beacon (trojan.rules)
  2820074 - ETPRO TROJAN NanoCore RAT CnC 9 (trojan.rules)
  2820075 - ETPRO TROJAN Win32/Spy.Agent.OQX CnC Beacon (trojan.rules)
  2820076 - ETPRO TROJAN Win32/Winlocker Ransomware Conn Check
(trojan.rules)
  2820077 - ETPRO TROJAN APT.Rexpot Variant CnC Beacon 4 (trojan.rules)
  2820078 - ETPRO TROJAN APT.Rexpot Variant CnC Beacon 5 (trojan.rules)
  2820080 - ETPRO TROJAN Possible APT.Rexpot Variant User-Agent
(trojan.rules)


 [///]     Modified active rules:     [///]

  2003492 - ET MALWARE Suspicious Mozilla User-Agent - Likely Fake
(Mozilla/4.0) (malware.rules)
  2022627 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex) (trojan.rules)
  2819978 - ETPRO TROJAN Tordal/Hancitor/Chanitor (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20160505/6685dad8/attachment.html>


More information about the Emerging-updates mailing list