[Emerging-updates] Daily Ruleset Update Summary 2016/11/15

Francis Trudeau ftrudeau at emergingthreats.net
Tue Nov 15 17:28:18 EST 2016


 [***] Summary: [***]

 7 new Open signatures, 42 new Pro (7 + 35).  REDIS SSH Vulns,
ScanPOS, Magnitude, VARIOUS PHISHING.

 Thanks:  Eoin Miller.

 [+++]          Added rules:          [+++]

 Open:

  2023507 - ET MOBILE_MALWARE Android.Trojan.HiddenApp.OU Checkin
(mobile_malware.rules)
  2023508 - ET MOBILE_MALWARE Android.Trojan.HiddenApp.OU Checkin 2
(mobile_malware.rules)
  2023509 - ET MOBILE_MALWARE Android.Trojan.HiddenApp.OU SSL CnC Cert
(mobile_malware.rules)
  2023510 - ET SCAN Redis SSH Key Overwrite Probing (scan.rules)
  2023511 - ET EXPLOIT REDIS Attemted SSH Authorized Key Writing
Attempt (exploit.rules)
  2023512 - ET EXPLOIT REDIS Attempted SSH Key Upload (exploit.rules)
  2023513 - ET CURRENT_EVENTS Evil Redirector Leading to EK Nov 15
2016 (current_events.rules)

 Pro:

  2823253 - ETPRO CURRENT_EVENTS MalDoc Requesting Payload Nov 14
(current_events.rules)
  2823254 - ETPRO TROJAN ScanPOS Exfiltrating CC Data (trojan.rules)
  2823255 - ETPRO CURRENT_EVENTS Magnitude EK Landing Nov 14 2016
(current_events.rules)
  2823256 - ETPRO CURRENT_EVENTS Magnitude EK Landing Nov 14 2016 M2
(current_events.rules)
  2823257 - ETPRO TROJAN PoisonIvy Keepalive to CnC 586 (trojan.rules)
  2823258 - ETPRO TROJAN PoisonIvy Keepalive to CnC 587 (trojan.rules)
  2823259 - ETPRO TROJAN PoisonIvy Keepalive to CnC 588 (trojan.rules)
  2823260 - ETPRO TROJAN PoisonIvy Keepalive to CnC 589 (trojan.rules)
  2823261 - ETPRO TROJAN PoisonIvy Keepalive to CnC 590 (trojan.rules)
  2823262 - ETPRO TROJAN PoisonIvy Keepalive to CnC 591 (trojan.rules)
  2823263 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
(set) Nov 15 2016 (current_events.rules)
  2823264 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Rootnik.f
Checkin (mobile_malware.rules)
  2823265 - ETPRO MALWARE W32.DLHelper Checkin (malware.rules)
  2823266 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phish Nov
15 2016 (current_events.rules)
  2823267 - ETPRO CURRENT_EVENTS Successful Apple Phish M1 Nov 15 2016
(current_events.rules)
  2823268 - ETPRO CURRENT_EVENTS Successful Apple Phish M2 Nov 15 2016
(current_events.rules)
  2823269 - ETPRO CURRENT_EVENTS Successful Personalized Realtor.com
Phish Nov 15 2016 (current_events.rules)
  2823270 - ETPRO CURRENT_EVENTS Successful DHL Phish Nov 15 2016
(current_events.rules)
  2823271 - ETPRO CURRENT_EVENTS Successful Netflix Phish Nov 15 2016
(current_events.rules)
  2823272 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document
Phish Nov 15 2016 (current_events.rules)
  2823273 - ETPRO CURRENT_EVENTS Successful OWA Phish Nov 15 2016
(current_events.rules)
  2823274 - ETPRO CURRENT_EVENTS Successful WhatsApp Payment Phish M1
Nov 15 2016 (current_events.rules)
  2823275 - ETPRO CURRENT_EVENTS Successful WhatsApp Payment Phish M2
Nov 15 2016 (current_events.rules)
  2823276 - ETPRO TROJAN DNS Query to Cerber Domain (51a47u . bid)
(trojan.rules)
  2823277 - ETPRO TROJAN DNS Query to Cerber Domain (lpnef4 . bid)
(trojan.rules)
  2823278 - ETPRO TROJAN DNS Query to Cerber Domain (l6nhw7 . bid)
(trojan.rules)
  2823279 - ETPRO TROJAN DNS Query to Cerber Domain (sx90yk . bid)
(trojan.rules)
  2823280 - ETPRO TROJAN DNS Query to Cerber Domain (cm5ohx . bid)
(trojan.rules)
  2823281 - ETPRO TROJAN DNS Query to Cerber Domain (v9y6z8 . bid)
(trojan.rules)
  2823282 - ETPRO TROJAN DNS Query to Cerber Domain (ohpw50 . top)
(trojan.rules)
  2823283 - ETPRO TROJAN DNS Query to Cerber Domain (catfills . mobi)
(trojan.rules)
  2823284 - ETPRO TROJAN DNS Query to Cerber Domain (j5spvw . bid)
(trojan.rules)
  2823285 - ETPRO TROJAN DNS Query to Cerber Domain (byeraser . lol)
(trojan.rules)
  2823286 - ETPRO TROJAN Observed Malicious SSL Cert (Gootkit CnC)
(trojan.rules)
  2823288 - ETPRO TROJAN Zeus Variant CnC SSL Cert (trojan.rules)


 [///]     Modified active rules:     [///]

  2022225 - ET TROJAN Vawtrak HTTP CnC Beacon (trojan.rules)
  2022504 - ET TROJAN Alphacrypt/TeslaCrypt Ransomware CnC Beacon (trojan.rules)
  2823171 - ETPRO CURRENT_EVENTS MalDoc Payload Inbound Nov 08
(current_events.rules)
  2823251 - ETPRO CURRENT_EVENTS Malicious JS to PS Dropping PE Nov 14
(current_events.rules)
  2823252 - ETPRO TROJAN CryptoLuck / YafunnLocker Ransomware CnC
Checkin (trojan.rules)


 [---]         Removed rules:         [---]

  2820993 - ETPRO SCAN Redis SSH Key Overwrite Probing (scan.rules)


More information about the Emerging-updates mailing list