[Emerging-updates] Daily Ruleset Update Summary 2016/11/03

Francis Trudeau ftrudeau at emergingthreats.net
Thu Nov 3 17:28:42 EDT 2016


 [***] Summary: [***]

 2 new Open signatures, 19 new Pro (2 + 17).  EITest, Cerber,
CryptoRoger, Locky.

 Thanks:  Kevin Ross.

 [+++]          Added rules:          [+++]

 Open:

  2023482 - ET CURRENT_EVENTS Evil Redirector Leading to EK EITest
Inject Oct 17 2016 M2 (current_events.rules)
  2023483 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher Sending
Credit Card Info (mobile_malware.rules)

 Pro:

  2823076 - ETPRO TROJAN MSIL/CryptoRoger Ransomware CnC Checkin (trojan.rules)
  2823077 - ETPRO CURRENT_EVENTS GreenFlash SunDown EK Flash Exploit
(current_events.rules)
  2823080 - ETPRO TROJAN DNS Query to Cerber Domain (j8873f . bid)
(trojan.rules)
  2823081 - ETPRO TROJAN DNS Query to Cerber Domain (rg51ik . bid)
(trojan.rules)
  2823082 - ETPRO TROJAN DNS Query to Cerber Domain (eventsresg .
info) (trojan.rules)
  2823083 - ETPRO TROJAN DNS Query to Cerber Domain (hossy5 . bid)
(trojan.rules)
  2823084 - ETPRO TROJAN DNS Query to Cerber Domain (31wkhu . top)
(trojan.rules)
  2823085 - ETPRO TROJAN DNS Query to Cerber Domain (gi49w8 . bid)
(trojan.rules)
  2823086 - ETPRO TROJAN DNS Query to Cerber Domain (7iups0 . top)
(trojan.rules)
  2823087 - ETPRO TROJAN DNS Query to Cerber Domain (pbpju9 . bid)
(trojan.rules)
  2823088 - ETPRO TROJAN DNS Query to Cerber Domain (r21wmw . top)
(trojan.rules)
  2823089 - ETPRO TROJAN DNS Query to Cerber Domain (dks71o . bid)
(trojan.rules)
  2823092 - ETPRO MALWARE Win32/CainCleaner.D CnC (malware.rules)
  2823093 - ETPRO MALWARE Win32/CainCleaner.D CnC (malware.rules)
  2823094 - ETPRO TROJAN Ransomware Locky .onion Payment Domain
(mwddgguaa5rj7b54) (trojan.rules)
  2823097 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-11-03 1) (trojan.rules)
  2823098 - ETPRO TROJAN MSIL/Unknown.Keylogger.BRM CnC Checkin (trojan.rules)


 [///]     Modified active rules:     [///]

  2021382 - ET TROJAN Zberp/ZeusVM receiving config via image file
(steganography) (trojan.rules)
  2021383 - ET TROJAN Zberp/ZeusVM receiving config via image file
(steganography) 2 (trojan.rules)
  2021527 - ET TROJAN Zberp/ZeusVM receiving config via image file
(steganography) 3 (trojan.rules)
  2023429 - ET TROJAN Houdini/Hworm CnC Checkin M1 (trojan.rules)
  2820455 - ETPRO TROJAN Houdini/Hworm CnC Checkin M2 (trojan.rules)


More information about the Emerging-updates mailing list