[Emerging-updates] Daily Ruleset Update Summary 2016/05/17

Francis Trudeau ftrudeau at emergingthreats.net
Tue May 17 17:27:11 EDT 2016


 [***] Summary: [***]

 6 new Open signatures, 18 new Pro (6 + 12).  PoisonIvy, Ursnif, DMA Locker.

 Thanks:  @C4RR41G and James Lay.

 [+++]          Added rules:          [+++]

 Open

  2022811 - ET TROJAN NOVO_G0LP3 Checkin (trojan.rules)
  2022812 - ET MALWARE Successful QuizScope Installation (malware.rules)
  2022813 - ET MALWARE SearchProtect PUA User-Agent Observed (malware.rules)
  2022814 - ET MALWARE Conduit Trovi Adware/PUA (malware.rules)
  2022815 - ET POLICY Possible SQLi Attempt in User Agent (Outbound)
(policy.rules)
  2022816 - ET WEB_SERVER Possible SQLi Attempt in User Agent (Inbound)
(web_server.rules)

 Pro:

  2820249 - ETPRO TROJAN Observed Domain SSL Cert (trojan.rules)
  2820250 - ETPRO TROJAN Unknown Checkin (via requestb.in) (trojan.rules)
  2820251 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.Altcha.a Checkin
(mobile_malware.rules)
  2820252 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.bh Checkin
(mobile_malware.rules)
  2820253 - ETPRO TROJAN Unknown Python RAT Checkin (trojan.rules)
  2820254 - ETPRO TROJAN Unknown Python RAT Keepalive (trojan.rules)
  2820255 - ETPRO TROJAN PoisonIvy Keepalive to CnC 367 (trojan.rules)
  2820256 - ETPRO TROJAN Win32.Troj.Cidox Checkin 2 (trojan.rules)
  2820257 - ETPRO MOBILE_MALWARE Trojan-FakeAV.AndroidOS.Balsec.a
Downloading Config (mobile_malware.rules)
  2820258 - ETPRO MOBILE_MALWARE Trojan-FakeAV.AndroidOS.Balsec.a
Downloading Config (mobile_malware.rules)
  2820259 - ETPRO TROJAN Ursnif Inject CnC Request 4 (trojan.rules)
  2820260 - ETPRO TROJAN Win32/DMA Locker CnC Checkin (trojan.rules)


 [///]     Modified active rules:     [///]

  2806258 - ETPRO TROJAN Backdoor/Winnti.l CnC traffic (trojan.rules)
  2820207 - ETPRO MOBILE_MALWARE Android Adware ADAD Client sending phone
info (mobile_malware.rules)


 [---]         Removed rules:         [---]

  2019077 - ET CURRENT_EVENTS Possible Upatre SSL Cert venturesonsite.com
(current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20160517/d3e64bae/attachment.html>


More information about the Emerging-updates mailing list