[Emerging-updates] Daily Ruleset Update Summary 2016/11/10

Francis Trudeau ftrudeau at emergingthreats.net
Thu Nov 10 17:42:47 EST 2016


 [***] Summary: [***]

 1 new Open signature, 19 new Pro (1 + 18).  PoisonIvy, Vawtrak,
Cerber, XM1RPC Spam Backdoor.

 Thanks:  @abuse_ch.

 [+++]          Added rules:          [+++]

 Open:

  2023496 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Vawtrak CnC) (trojan.rules)

 Pro:

  2807926 - ETPRO POLICY Possible UltraVNC Usage Detected (policy.rules)
  2823200 - ETPRO TROJAN PoisonIvy Keepalive to CnC 584 (trojan.rules)
  2823201 - ETPRO TROJAN PoisonIvy Keepalive to CnC 585 (trojan.rules)
  2823202 - ETPRO TROJAN Observed Malicious Domain SSL Cert in SNI
(Remoto BR CnC) (trojan.rules)
  2823203 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher SSL
CnC Cert (mobile_malware.rules)
  2823204 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher SSL
CnC Cert (mobile_malware.rules)
  2823205 - ETPRO TROJAN DNS Query to Cerber Domain (z6a7f1 . bid)
(trojan.rules)
  2823206 - ETPRO TROJAN DNS Query to Cerber Domain (seemby . loan)
(trojan.rules)
  2823207 - ETPRO TROJAN DNS Query to Cerber Domain (zn90h4 . bid)
(trojan.rules)
  2823208 - ETPRO TROJAN DNS Query to Cerber Domain (csv7o6 . bid)
(trojan.rules)
  2823209 - ETPRO TROJAN DNS Query to Cerber Domain (yjy5dr . bid)
(trojan.rules)
  2823210 - ETPRO TROJAN DNS Query to Cerber Domain (j0n83w . bid)
(trojan.rules)
  2823211 - ETPRO TROJAN DNS Query to Cerber Domain (hlexdu . bid)
(trojan.rules)
  2823212 - ETPRO TROJAN DNS Query to Cerber Domain (n20b1c . top)
(trojan.rules)
  2823213 - ETPRO TROJAN DNS Query to Cerber Domain (7barzc . bid)
(trojan.rules)
  2823214 - ETPRO TROJAN DNS Query to Cerber Domain (aclox4 . bid)
(trojan.rules)
  2823215 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Ledoden.a
Checkin (mobile_malware.rules)
  2823216 - ETPRO WEB_SPECIFIC_APPS XM1RPC Spam Backdoor Access
(web_specific_apps.rules)


 [///]     Modified active rules:     [///]

  2020899 - ET EXPLOIT D-Link Devices Home Network Administration
Protocol Command Execution (exploit.rules)
  2022504 - ET TROJAN Alphacrypt/TeslaCrypt Ransomware CnC Beacon (trojan.rules)
  2820263 - ETPRO TROJAN Gozi ISFB CnC Checkin (trojan.rules)
  2822722 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS
Lookup (mobile_malware.rules)
  2822847 - ETPRO CURRENT_EVENTS Evil iframe Redirect to RIG-v EK Oct
24 2016 (current_events.rules)
  2823187 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher SSL
CnC Cert (mobile_malware.rules)


 [---]         Removed rules:         [---]

  2807926 - ETPRO TROJAN Trojan-Ransom.Win32.PornoAsset Checkin (trojan.rules)


More information about the Emerging-updates mailing list