[Emerging-updates] Daily Ruleset Update Summary 2016/05/18

Francis Trudeau ftrudeau at emergingthreats.net
Wed May 18 16:58:54 EDT 2016


 [***] Summary: [***]

 12 new Open signatures, 24 new Pro (12 + 12).  Locky, CVE-2016-1287, Gozi.

 Thanks:  @C4RR41G.

 [+++]          Added rules:          [+++]

 Open:

  2022817 - ET TROJAN Ransomware Locky .onion Payment Domain
(eqrvbczir5ua2emd) (trojan.rules)
  2022818 - ET TROJAN Generic gate[.].php GET with minimal headers
(trojan.rules)
  2022819 - ET ATTACK_RESPONSE Possible CVE-2016-1287 Inbound Reverse CLI
Shellcode (attack_response.rules)
  2022820 - ET EXPLOIT CVE-2016-1287 Public Exploit ShellCode
(exploit.rules)
  2022821 - ET MALWARE InstallCore PUA/Adware Activity M1 (malware.rules)
  2022822 - ET MALWARE InstallCore PUA/Adware Activity M2 (malware.rules)
  2022823 - ET MALWARE InstallCore PUA/Adware Activity M3 (malware.rules)
  2022824 - ET MALWARE InstallCore PUA/Adware Activity M4 (malware.rules)
  2022825 - ET MALWARE Toolbar User-Agent (BrandThunderHelper)
(malware.rules)
  2022826 - ET MALWARE W32/Toolbar.WIDGI User-Agent (WidgiToolbar-)
(malware.rules)
  2022827 - ET MALWARE PUP/DriverRestore Sending System Information to
Affiliate (malware.rules)
  2022828 - ET MALWARE PCAcceleratePro PUA/Adware User-Agent (malware.rules)

 Pro:

  2820261 - ETPRO CURRENT_EVENTS Successful Sign PDF Phish May 18
(current_events.rules)
  2820262 - ETPRO CURRENT_EVENTS Successful Facebook Phish May 18
(current_events.rules)
  2820263 - ETPRO TROJAN Gozi ISFB CnC Checkin (trojan.rules)
  2820264 - ETPRO TROJAN PoisonIvy Keepalive to CnC 368 (trojan.rules)
  2820265 - ETPRO TROJAN PoisonIvy Keepalive to CnC 369 (trojan.rules)
  2820266 - ETPRO WEB_CLIENT Microsoft Rich Text File download with
embedded Flash File Uncompressed (web_client.rules)
  2820267 - ETPRO WEB_CLIENT Microsoft Rich Text File download with
embedded Flash File Compressed (web_client.rules)
  2820268 - ETPRO POLICY DNS Query to .onion proxy Domain (kipfgs65s.com)
(policy.rules)
  2820269 - ETPRO POLICY DNS Query to .onion proxy Domain (fastpaybtc.com)
(policy.rules)
  2820270 - ETPRO TROJAN Win32.Floxif.A Checkin (trojan.rules)
  2820271 - ETPRO TROJAN Possible Banking Injects JS Inbound (trojan.rules)
  2820272 - ETPRO WEB_CLIENT Microsoft Rich Text File download with
embedded Flash File Possible (CVE-2016-4117) (web_client.rules)


 [///]     Modified active rules:     [///]

  2022736 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Qadars CnC) (trojan.rules)
  2820257 - ETPRO MOBILE_MALWARE TTrojan-FakeAV.AndroidOS.Balsec.a
Downloading APK (mobile_malware.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20160518/b0e6cf7a/attachment.html>


More information about the Emerging-updates mailing list