[Emerging-updates] Daily Ruleset Update Summary 2016/05/27

Francis Trudeau ftrudeau at emergingthreats.net
Fri May 27 17:32:40 EDT 2016


 [***] Summary: [***]

 1 new Open signature, 11 new Pro.  ReactorBot, RIG EK, Hawkeye Keylogger,
fun, fun, fun, fun.

 [+++]          Added rules:          [+++]

 Open:

  2022841 - ET CURRENT_EVENTS Possible ReactorBot .bin Download
(current_events.rules)

 Pro:

  2820374 - ETPRO TROJAN PoisonIvy Keepalive to CnC 388 (trojan.rules)
  2820375 - ETPRO TROJAN PoisonIvy Keepalive to CnC 389 (trojan.rules)
  2820376 - ETPRO TROJAN PoisonIvy Keepalive to CnC 390 (trojan.rules)
  2820377 - ETPRO TROJAN Unknown Loader (dropped by RIG EK) Checkin
(trojan.rules)
  2820378 - ETPRO CURRENT_EVENTS Evil Redirector to EK May 27 2016
(current_events.rules)
  2820379 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Guerrilla.g
Checkin (mobile_malware.rules)
  2820380 - ETPRO TROJAN APT/ByeByeShell CnC Checkin (trojan.rules)
  2820381 - ETPRO TROJAN Hawkeye Keylogger SMTP Checkin M1 (trojan.rules)
  2820382 - ETPRO TROJAN Hawkeye Keylogger SMTP Checkin M2 (trojan.rules)
  2820383 - ETPRO TROJAN Hawkeye Keylogger SMTP Stolen Credentials
(trojan.rules)


 [///]     Modified active rules:     [///]

  2021730 - ET TROJAN Joanap CnC Checkin (trojan.rules)
  2022627 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex) (trojan.rules)
  2820328 - ETPRO TROJAN PowerShell/Agent.A HTTP CnC Beacon (trojan.rules)


 [---]  Disabled and modified rules:  [---]

  2815781 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Jan 14
(current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20160527/61b9538e/attachment.html>


More information about the Emerging-updates mailing list