[Emerging-updates] Daily Ruleset Update Summary 2016/11/01

Francis Trudeau ftrudeau at emergingthreats.net
Tue Nov 1 18:40:38 EDT 2016


 [***] Summary: [***]

 5 new Open signatures, 22 new Pro (5 + 17).  DNSChanger EK,
TorrentLocker, Dreambot.

 [+++]          Added rules:          [+++]

 Open:

  2023471 - ET CURRENT_EVENTS Possible Malicious Tor Module Download
(current_events.rules)
  2023472 - ET POLICY OpenDNS IP Lookup (policy.rules)
  2023473 - ET CURRENT_EVENTS DNSChanger EK Secondary Landing Oct 31
2016 (current_events.rules)
  2023474 - ET CURRENT_EVENTS Evil Redirector Leading to EK Nov 01
2016 (current_events.rules)
  2023475 - ET MOBILE_MALWARE Adware.Adwo.A (mobile_malware.rules)

 Pro:

  2823041 - ETPRO CURRENT_EVENTS Successful Apple Phish Oct 31 2016
(current_events.rules)
  2823042 - ETPRO TROJAN Win32/Unk.Banker.BR Checkin (trojan.rules)
  2823043 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.ke Checkin
(mobile_malware.rules)
  2823044 - ETPRO TROJAN W32.Unk.Dropper Downloading Binary (trojan.rules)
  2823045 - ETPRO TROJAN Win32.BestaFera Domain in SNI (trojan.rules)
  2823046 - ETPRO TROJAN Malicious SSL Certificate Detected (Dreambot
Variant) (trojan.rules)
  2823047 - ETPRO TROJAN DNS Query to Cerber Domain (nxmu0x . bid)
(trojan.rules)
  2823048 - ETPRO TROJAN DNS Query to Cerber Domain (5r1sol . bid)
(trojan.rules)
  2823049 - ETPRO TROJAN DNS Query to Cerber Domain (8hphyr . top)
(trojan.rules)
  2823050 - ETPRO TROJAN DNS Query to Cerber Domain (x43d02 . top)
(trojan.rules)
  2823051 - ETPRO TROJAN DNS Query to Cerber Domain (zmr4fn . bid)
(trojan.rules)
  2823052 - ETPRO TROJAN DNS Query to Cerber Domain (y5j7e6 . top)
(trojan.rules)
  2823053 - ETPRO TROJAN DNS Query to Cerber Domain (packetair . us)
(trojan.rules)
  2823054 - ETPRO TROJAN DNS Query to Cerber Domain (boxmodern . date)
(trojan.rules)
  2823055 - ETPRO TROJAN DNS Query to Cerber Domain (7asel7 . top)
(trojan.rules)
  2823056 - ETPRO TROJAN DNS Query to Cerber Domain (iait3w . bid)
(trojan.rules)
  2823057 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)


 [+++]  Enabled and modified rules:   [+++]

  2810099 - ETPRO TROJAN Chthonic CnC Beacon 7 (trojan.rules)


 [///]     Modified active rules:     [///]

  2021918 - ET TROJAN DustySky Checkin (trojan.rules)
  2022535 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex) (trojan.rules)
  2008433 - ET TROJAN Razy Variant Checkin (trojan.rules)
  2010140 - ET P2P Vuze BT UDP Connection (p2p.rules)
  2014198 - ET TROJAN ZeuS - ICE-IX cid= in cookie (trojan.rules)
  2014199 - ET CURRENT_EVENTS Exploit Kit Exploiting IEPeers
(current_events.rules)
  2015028 - ET TROJAN Cridex Post to CnC (trojan.rules)
  2020826 - ET CURRENT_EVENTS Potential Dridex.Maldoc Minimal
Executable Request (current_events.rules)
  2021918 - ET TROJAN DustySky Checkin (trojan.rules)
  2815653 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Ewind.ao Checkin
(mobile_malware.rules)
  2816665 - ETPRO TROJAN Win32/TrojanDownloader.Banload.XAK Fake Doc
Request Retrieving Payload (trojan.rules)
  2816666 - ETPRO TROJAN Win32/TrojanDownloader.Banload.XAK
Downloading PE (trojan.rules)


 [///]    Modified inactive rules:    [///]

  2822537 - ETPRO EXPLOIT Possible Win32k Elevation of Privilege
Vulnerability (CVE-2016-7191) (exploit.rules)


 [---]         Removed rules:         [---]

  2020649 - ET CURRENT_EVENTS Possible CryptoWall download from e-mail
link March 9 2015 (current_events.rules)


More information about the Emerging-updates mailing list