[Emerging-updates] Daily Ruleset Update Summary 2016/05/09

Francis Trudeau ftrudeau at emergingthreats.net
Mon May 9 17:25:53 EDT 2016


 [***] Summary: [***]

 2 new Open signatures, 15 new Pro (2 + 13).  H1N1 Loader, Cryptolocker,
CryptXXX, Zeus.

 Thanks:  @abuse_ch.

 [+++]          Added rules:          [+++]

 Open:

  2022799 - ET TROJAN Malicious SSL certificate detected (Ursnif Injects)
(trojan.rules)
  2022800 - ET TROJAN ABUSE.CH Cryptolocker Payment Page (3qbyaoohkcqkzrz6)
(trojan.rules)

 Pro:

  2820095 - ETPRO TROJAN H1N1 Loader CnC Beacon M3 (trojan.rules)
  2820096 - ETPRO TROJAN H1N1 Loader CnC Beacon HTTP Header (trojan.rules)
  2820097 - ETPRO TROJAN CryptXXX 2.06 Checkin (trojan.rules)
  2820098 - ETPRO TROJAN Zeus Variant CnC SSL Cert (trojan.rules)
  2820099 - ETPRO MALWARE Fake Software Update Redirect (malware.rules)
  2820100 - ETPRO POLICY DNS Query to .onion proxy Domain (tormanager.org)
(policy.rules)
  2820101 - ETPRO POLICY DNS Query to .onion proxy Domain (
balisticoption.com) (policy.rules)
  2820102 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-05-09 1) (trojan.rules)
  2820103 - ETPRO TROJAN PoisonIvy Keepalive to CnC 332 (trojan.rules)
  2820104 - ETPRO TROJAN PoisonIvy Keepalive to CnC 333 (trojan.rules)
  2820105 - ETPRO TROJAN PoisonIvy Keepalive to CnC 334 (trojan.rules)
  2820106 - ETPRO TROJAN PoisonIvy Keepalive to CnC 335 (trojan.rules)
  2820107 - ETPRO TROJAN PoisonIvy Keepalive to CnC 336 (trojan.rules)


 [///]     Modified active rules:     [///]

  2013935 - ET TROJAN Win32.Zbot.chas/Unruy.H Covert DNS CnC Channel TXT
Response (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20160509/f429b7b5/attachment.html>


More information about the Emerging-updates mailing list