[Emerging-updates] Daily Ruleset Update Summary 2016/11/11

Francis Trudeau ftrudeau at emergingthreats.net
Fri Nov 11 17:23:24 EST 2016


 [***] Summary: [***]

 6 new Open signatures, 23 new Pro (6 + 17).  Gozi, FindPOS,
CryptoLocker, Reincarna/Linux.Wifatch.

 Thanks:  @abuse_ch and Kelley Misata from @OISFoundation for #SuriCon

 [+++]          Added rules:          [+++]

  2023497 - ET DOS Microsoft Windows LSASS Remote Memory Corruption (dos.rules)
  2023498 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023499 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (FindPOS CnC) (trojan.rules)
  2023500 - ET MOBILE_MALWARE Possible iOS WebView Auto Dialer 1
(mobile_malware.rules)
  2023501 - ET MOBILE_MALWARE Possible iOS WebView Auto Dialer 2
(mobile_malware.rules)
  2023502 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gootkit C2) (trojan.rules)

 Pro:

  2823218 - ETPRO TROJAN CryptoLocker Ransomware Variant CnC Checkin
(trojan.rules)
  2823219 - ETPRO TROJAN Reincarna/Linux.Wifatch Banner Served (trojan.rules)
  2823220 - ETPRO TROJAN DNS Query to Cerber Domain (w8yolm . bid)
(trojan.rules)
  2823221 - ETPRO TROJAN DNS Query to Cerber Domain (91006j . bid)
(trojan.rules)
  2823222 - ETPRO TROJAN DNS Query to Cerber Domain (nh47ri . bid)
(trojan.rules)
  2823223 - ETPRO TROJAN DNS Query to Cerber Domain (d3j2xd . bid)
(trojan.rules)
  2823224 - ETPRO TROJAN DNS Query to Cerber Domain (djintc . bid)
(trojan.rules)
  2823225 - ETPRO TROJAN DNS Query to Cerber Domain (uhi7to . bid)
(trojan.rules)
  2823226 - ETPRO TROJAN DNS Query to Cerber Domain (payours . men)
(trojan.rules)
  2823227 - ETPRO TROJAN DNS Query to Cerber Domain (o8hpwj . top)
(trojan.rules)
  2823228 - ETPRO TROJAN DNS Query to Cerber Domain (wf9li1 . bid)
(trojan.rules)
  2823229 - ETPRO TROJAN DNS Query to Cerber Domain (f0jlbj . bid)
(trojan.rules)
  2823230 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-11-11 1) (trojan.rules)
  2823231 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(YXN5bHVtXzE6MTIz) (trojan.rules)
  2823232 - ETPRO TROJAN Linux/Mr.Black.DDoS Checkin (trojan.rules)
  2823233 - ETPRO TROJAN Linux/Mr.Black.DDoS Keep-Alive (trojan.rules)
  2823234 - ETPRO TROJAN MSIL.Neutron Checkin (trojan.rules)


 [///]     Modified active rules:     [///]

  2022627 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex) (trojan.rules)
  2815562 - ETPRO CURRENT_EVENTS Base64 HTTP URL Refresh - Common
Phish Landing Obfuscation Dec 31 (current_events.rules)


 [---]  Disabled and modified rules:  [---]

  2022372 - ET CURRENT_EVENTS Chrome Extension Phishing DNS Request
(current_events.rules)


More information about the Emerging-updates mailing list