[Emerging-updates] Daily Ruleset Update Summary 2016/05/24

Francis Trudeau ftrudeau at emergingthreats.net
Tue May 24 17:41:57 EDT 2016


 [***] Summary: [***]

 4 new Open signatures, 26 new Pro (4 + 22).  SilentShade, Zyklon, Solcno.

 [+++]          Added rules:          [+++]

 Open:

  2022834 - ET CURRENT_EVENTS Possible Malicious Macro DL BIN May 2016 (No
UA) (current_events.rules)
  2022835 - ET TROJAN PowerShell/Agent.A DNS Lookup (go0gIe.com)
(trojan.rules)
  2022836 - ET TROJAN PowerShell/Agent.A DNS Checkin (trojan.rules)
  2022837 - ET TROJAN PowerShell/Agent.A DNS File Transfer CnC Beacon
(trojan.rules)

 Pro:

  2820322 - ETPRO MOBILE_MALWARE Android.Trojan.HiddenApp.KB Checkin
(mobile_malware.rules)
  2820323 - ETPRO TROJAN MSIL/SilentShade Ransomware CnC Checkin
(trojan.rules)
  2820324 - ETPRO TROJAN MSIL/SilentShade Ransomware CnC Checkin 2
(trojan.rules)
  2820325 - ETPRO MALWARE Mindspark Adware/PUA User Agent (malware.rules)
  2820326 - ETPRO TROJAN Zyklon Ransomware Checkin (trojan.rules)
  2820327 - ETPRO TROJAN Panda Banker Malicious SSL Certificate Detected
(trojan.rules)
  2820328 - ETPRO TROJAN PowerShell/Agent.A HTTP CnC Beacon (trojan.rules)
  2820329 - ETPRO CURRENT_EVENTS Successful Citizenbank Phish May 24 M1
(current_events.rules)
  2820330 - ETPRO CURRENT_EVENTS Successful Citizenbank Phish May 24 M2
(current_events.rules)
  2820331 - ETPRO TROJAN Win32/Solcno.A Retrieving Payload (trojan.rules)
  2820332 - ETPRO CURRENT_EVENTS Tripod/Lycos Spanish Webmail Phishing
Landing Page May 24 M1 (current_events.rules)
  2820333 - ETPRO CURRENT_EVENTS Tripod/Lycos Spanish Webmail Phishing
Landing Page May 24 M2 (current_events.rules)
  2820334 - ETPRO POLICY Tripod/Lycos Form Submission - Possible Successful
Phish (policy.rules)
  2820335 - ETPRO MALWARE MSIL/Adware.JoeDown.A Requesting Download
(malware.rules)
  2820336 - ETPRO TROJAN PoisonIvy Keepalive to CnC 377 (trojan.rules)
  2820337 - ETPRO TROJAN PoisonIvy Keepalive to CnC 378 (trojan.rules)
  2820338 - ETPRO TROJAN PoisonIvy Keepalive to CnC 379 (trojan.rules)
  2820339 - ETPRO TROJAN PoisonIvy Keepalive to CnC 380 (trojan.rules)
  2820340 - ETPRO TROJAN PoisonIvy Keepalive to CnC 381 (trojan.rules)
  2820341 - ETPRO TROJAN PoisonIvy Keepalive to CnC 382 (trojan.rules)
  2820342 - ETPRO TROJAN Win32/Banker Checkin 1 (trojan.rules)
  2820343 - ETPRO TROJAN Win32/Banker Checkin 2 (trojan.rules)


 [///]     Modified active rules:     [///]

  2019780 - ET MALWARE Win32/CloudScout Checkin (malware.rules)
  2020978 - ET TROJAN DDoS.Win32.Agent.bay Variant Covert Channel
(VERSONEX) (trojan.rules)
  2022594 - ET TROJAN Possible Godzilla Loader Base64 Filename
(trojan.rules)
  2405001 - ET CNC Shadowserver Reported CnC Server Port 80 Group 1
(botcc.portgrouped.rules)
  2405007 - ET CNC Shadowserver Reported CnC Server Port 3303 Group 1
(botcc.portgrouped.rules)
  2405019 - ET CNC Shadowserver Reported CnC Server Port 6666 Group 1
(botcc.portgrouped.rules)
  2405020 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 1
(botcc.portgrouped.rules)
  2405021 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 2
(botcc.portgrouped.rules)
  2405022 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 3
(botcc.portgrouped.rules)
  2405023 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 4
(botcc.portgrouped.rules)
  2405024 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 5
(botcc.portgrouped.rules)
  2405025 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 6
(botcc.portgrouped.rules)
  2405026 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 7
(botcc.portgrouped.rules)
  2405027 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 8
(botcc.portgrouped.rules)
  2405028 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 9
(botcc.portgrouped.rules)
  2405029 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 10
(botcc.portgrouped.rules)
  2405031 - ET CNC Shadowserver Reported CnC Server Port 6669 Group 1
(botcc.portgrouped.rules)
  2405033 - ET CNC Shadowserver Reported CnC Server Port 7000 Group 1
(botcc.portgrouped.rules)
  2405039 - ET CNC Shadowserver Reported CnC Server Port 8090 Group 1
(botcc.portgrouped.rules)
  2405040 - ET CNC Shadowserver Reported CnC Server Port 8585 Group 1
(botcc.portgrouped.rules)
  2405041 - ET CNC Shadowserver Reported CnC Server Port 9000 Group 1
(botcc.portgrouped.rules)
  2405042 - ET CNC Shadowserver Reported CnC Server Port 10324 Group 1
(botcc.portgrouped.rules)
  2405043 - ET CNC Shadowserver Reported CnC Server Port 11830 Group 1
(botcc.portgrouped.rules)
  2405044 - ET CNC Shadowserver Reported CnC Server Port 13001 Group 1
(botcc.portgrouped.rules)
  2405045 - ET CNC Shadowserver Reported CnC Server Port 17405 Group 1
(botcc.portgrouped.rules)
  2405046 - ET CNC Shadowserver Reported CnC Server Port 19899 Group 1
(botcc.portgrouped.rules)
  2820260 - ETPRO TROJAN Win32/DMA Locker CnC Checkin (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20160524/0b4c5cdf/attachment.html>


More information about the Emerging-updates mailing list