[Emerging-updates] Daily Ruleset Update Summary 2016/05/19

Francis Trudeau ftrudeau at emergingthreats.net
Thu May 19 16:52:09 EDT 2016


 [***] Summary: [***]

 4 new Open signatures, 17 new Pro (4 + 13).  Hidden-Tear, Bayrob, Ixeshe.

 Thanks:  @abuse_ch and @a_de_pasquale.

 [+++]          Added rules:          [+++]

 Open:

  2022829 - ET MALWARE TopTools PUP Install Activity (malware.rules)
  2022830 - ET CURRENT_EVENTS Possible Malicious Macro DL EXE May 2016
(Mozilla compatible) (current_events.rules)
  2022831 - ET TROJAN Hidden-Tear Ransomware Variant (.bloccato) DNS
Request to CnC Domain (trojan.rules)
  2022832 - ET TROJAN ABUSE.CH Ransomware Domain Detected (TorrentLocker
C2) (trojan.rules)

 Pro:

  2820273 - ETPRO TROJAN W32/Bayrob Attempted Checkin (trojan.rules)
  2820274 - ETPRO TROJAN Ixeshe SSL Cert (trojan.rules)
  2820275 - ETPRO TROJAN PoisonIvy Keepalive to CnC 370 (trojan.rules)
  2820276 - ETPRO TROJAN PoisonIvy Keepalive to CnC 371 (trojan.rules)
  2820277 - ETPRO TROJAN PoisonIvy Keepalive to CnC 372 (trojan.rules)
  2820278 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.net)
(policy.rules)
  2820279 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.org)
(policy.rules)
  2820280 - ETPRO POLICY DNS Query to .onion proxy Domain (torspaces.li)
(policy.rules)
  2820281 - ETPRO POLICY DNS Query to .onion proxy Domain (torclever.li)
(policy.rules)
  2820282 - ETPRO POLICY DNS Query to .onion proxy Domain (torspeed.li)
(policy.rules)
  2820283 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-05-19) (trojan.rules)
  2820284 - ETPRO POLICY DNS Query to .onion proxy Domain (easypaybtc.com)
(policy.rules)
  2820285 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Tiny.az Checkin 3
(mobile_malware.rules)


 [///]     Modified active rules:     [///]

  2022789 - ET WEB_SERVER ImageMagick CVE-2016-3714 Inbound (mvg)
(web_server.rules)
  2022790 - ET WEB_SERVER ImageMagick CVE-2016-3714 Inbound (svg)
(web_server.rules)
  2820059 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Tiny.az Checkin 2
(mobile_malware.rules)


 [---]         Removed rules:         [---]

  2815135 - ETPRO MALWARE TopTools PUP Install Activity (malware.rules)
  2815164 - ETPRO TROJAN W32/Bayrob Attempted Checkin 1 (trojan.rules)
  2815165 - ETPRO TROJAN W32/Bayrob Attempted Checkin 2 (trojan.rules)
  2815166 - ETPRO TROJAN W32/Bayrob Attempted Checkin 3 (trojan.rules)
  2815167 - ETPRO TROJAN W32/Bayrob Attempted Checkin 4 (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20160519/c834dc25/attachment.html>


More information about the Emerging-updates mailing list