[Emerging-updates] Daily Ruleset Update Summary 2016/11/02

Francis Trudeau ftrudeau at emergingthreats.net
Wed Nov 2 16:59:10 EDT 2016


 [***] Summary: [***]

 6 new Open signatures, 21 new Pro (6 + 15).  Linux Moose, Sundown/Xer
EK, HadesLocker, NoobCrypt.

 Thanks:  @abuse_ch and @obilodeau from @gosecure_inc

 [+++]          Added rules:          [+++]

 Open:

  2023476 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex) (trojan.rules)
  2023477 - ET TROJAN Moose CnC Request M1 (trojan.rules)
  2023478 - ET TROJAN Moose CnC Response (trojan.rules)
  2023479 - ET TROJAN Moose CnC Request M2 (trojan.rules)
  2023480 - ET CURRENT_EVENTS Sundown/Xer EK Landing Jul 06 2016 M1
(current_events.rules)
  2023481 - ET TROJAN MSIL/HadesLocker Ransomware Checkin (trojan.rules)

 Pro:

  2823058 - ETPRO CURRENT_EVENTS Evil 302 Redirect to RIG-v EK Oct 24
2016 (current_events.rules)
  2823059 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Keitaro
TDS Nov 01 2016 (current_events.rules)
  2823060 - ETPRO CURRENT_EVENTS MalDoc Retrieving Inbound PowerShell
Payload (current_events.rules)
  2823061 - ETPRO TROJAN MSIL.NoobCrypt CnC (trojan.rules)
  2823062 - ETPRO TROJAN DNS Query to Cerber Domain (3do9h1 . bid)
(trojan.rules)
  2823063 - ETPRO TROJAN DNS Query to Cerber Domain (whmykv . bid)
(trojan.rules)
  2823064 - ETPRO TROJAN DNS Query to Cerber Domain (cc0r87 . bid)
(trojan.rules)
  2823065 - ETPRO TROJAN DNS Query to Cerber Domain (4xiiup . bid)
(trojan.rules)
  2823066 - ETPRO TROJAN DNS Query to Cerber Domain (wl52rt . bid)
(trojan.rules)
  2823067 - ETPRO TROJAN DNS Query to Cerber Domain (x9le66 . top)
(trojan.rules)
  2823068 - ETPRO TROJAN DNS Query to Cerber Domain (endsdoubt . loan)
(trojan.rules)
  2823069 - ETPRO TROJAN DNS Query to Cerber Domain (childsten . site)
(trojan.rules)
  2823070 - ETPRO TROJAN DNS Query to Cerber Domain (myaddress . link)
(trojan.rules)
  2823071 - ETPRO TROJAN DNS Query to Cerber Domain (56185u . bid)
(trojan.rules)
  2823072 - ETPRO MALWARE Win32/Adware.CloudGuard.D Checkin (malware.rules)


 [///]     Modified active rules:     [///]

  2021203 - ET TROJAN Possible Deep Panda - Sakula/Mivast RAT CnC
Beacon 5 (trojan.rules)
  2022535 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex) (trojan.rules)
  2809615 - ETPRO TROJAN Critroni Likely Malicious Tor Proxy Cookie
(trojan.rules)
  2816864 - ETPRO TROJAN Locky downloader Mar 28 2016 checkin (trojan.rules)


 [---]         Removed rules:         [---]

  2820987 - ETPRO CURRENT_EVENTS Sundown/Xer EK Landing Jul 06 2016 M1
(current_events.rules)
  2822388 - ETPRO TROJAN MSIL/HadesLocker Ransomware Checkin (trojan.rules)


More information about the Emerging-updates mailing list