[Emerging-updates] Daily Ruleset Update Summary 2016/05/25

Francis Trudeau ftrudeau at emergingthreats.net
Wed May 25 17:43:14 EDT 2016


 [***] Summary: [***]

 3 new Open signatures, 16 new Pro (3 + 13).  CryptXXX, VARIOUS PHISHING.

 [+++]          Added rules:          [+++]

 Open:

  2022838 - ET TROJAN Possible CryptXXX Ransomware Renaming Encrypted File
SMB v1 Unicode (trojan.rules)
  2022839 - ET TROJAN Possible CryptXXX Ransomware Renaming Encrypted File
SMB v1 ASCII (trojan.rules)
  2022840 - ET TROJAN Possible CryptXXX Ransomware Renaming Encrypted File
SMB v2 (trojan.rules)

 Pro:

  2820344 - ETPRO TROJAN PowerShell/Agent.B Checkin to Tor Domain
(trojan.rules)
  2820345 - ETPRO TROJAN PowerShell/Agent.B .onion Domain
(4nzchpngrtdhn27u) (trojan.rules)
  2820346 - ETPRO TROJAN PowerShell/Agent.B .onion Domain
(jj6yu3vr5chfxnyc) (trojan.rules)
  2820347 - ETPRO TROJAN PowerShell/Agent.B .onion Domain
(27vmq54zu46vmiel) (trojan.rules)
  2820348 - ETPRO TROJAN PowerShell/Agent.B .onion Domain
(6h5junbsz6gfssha) (trojan.rules)
  2820349 - ETPRO TROJAN APT.Danti Variant CnC Beacon (trojan.rules)
  2820350 - ETPRO CURRENT_EVENTS Suspicious Redirect - Possible Phishing
May 25 (current_events.rules)
  2820351 - ETPRO CURRENT_EVENTS Phishing Fake Mailbox Quota Increase
Messages May 25 (current_events.rules)
  2820352 - ETPRO CURRENT_EVENTS Excel Phishing Landing Page May 25
(current_events.rules)
  2820353 - ETPRO CURRENT_EVENTS Successful Excel Online Phish May 25
(current_events.rules)
  2820354 - ETPRO CURRENT_EVENTS Suspicious File Download Post-Phishing May
25 (current_events.rules)
  2820355 - ETPRO CURRENT_EVENTS Phishing Fake Document Loading Messages
May 25 (current_events.rules)
  2820356 - ETPRO TROJAN PoisonIvy Keepalive to CnC 383 (trojan.rules)


 [///]     Modified active rules:     [///]

  2003927 - ET TROJAN Suspicious User-Agent (HTTPTEST) - Seen used by
downloaders (trojan.rules)
  2014103 - ET WEB_SERVER Unusually Fast HTTP Requests With Referer Url
Matching DoS Tool (web_server.rules)
  2022834 - ET CURRENT_EVENTS Possible Malicious Macro DL BIN May 2016 (No
UA) (current_events.rules)
  2816562 - ETPRO TROJAN Danti Variant CnC Beacon (trojan.rules)
  2819805 - ETPRO TROJAN CryptXXX CnC Beacon (trojan.rules)
  2820198 - ETPRO TROJAN APT.SVCMONDR CnC Checkin (trojan.rules)


 [---]         Removed rules:         [---]

  2820179 - ETPRO TROJAN CryptXXX Possible Payment Page (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20160525/b2ecec82/attachment.html>


More information about the Emerging-updates mailing list