[Emerging-updates] Daily Ruleset Update Summary 2016/11/17

Francis Trudeau ftrudeau at emergingthreats.net
Thu Nov 17 18:31:09 EST 2016


 [***] Summary: [***]

 3 new Open signatures, 34 new Pro (3 + 31).  Vawtrak, Crypton, Cerber.

 Thanks:  @abuse_ch.

 [+++]          Added rules:          [+++]

 Open:

  2023520 - ET POLICY External IP Lookup (tinytools.nu) (policy.rules)
  2023521 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Vawtrak CnC) (trojan.rules)
  2023522 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Vawtrak CnC) (trojan.rules)

 Pro:

  2823303 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Nov 16
2016 (current_events.rules)
  2823304 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Nov 16
2016 (current_events.rules)
  2823305 - ETPRO CURRENT_EVENTS Shared Document Phishing Landing Nov
16 2016 (current_events.rules)
  2823306 - ETPRO CURRENT_EVENTS Successful Dropbox Business Phish Nov
16 2016 (current_events.rules)
  2823307 - ETPRO CURRENT_EVENTS Successful Personalized Email Update
Phish Nov 16 2016 (current_events.rules)
  2823308 - ETPRO CURRENT_EVENTS Successful Docusign Phish Nov 16 2016
(current_events.rules)
  2823309 - ETPRO CURRENT_EVENTS Successful Excel Phish Nov 16 2016
(current_events.rules)
  2823310 - ETPRO CURRENT_EVENTS Successful Shared Adobe PDF Phish Nov
16 2016 (current_events.rules)
  2823311 - ETPRO CURRENT_EVENTS Successful Linkedin Phish Nov 16 2016
(current_events.rules)
  2823312 - ETPRO CURRENT_EVENTS Email Settings Error Phishing Landing
Nov 16 2016 (current_events.rules)
  2823313 - ETPRO CURRENT_EVENTS Successful Email Settings Error Phish
Nov 16 2016 (current_events.rules)
  2823314 - ETPRO TROJAN DNS Query to Cerber Domain (nnb83b . bid)
(trojan.rules)
  2823315 - ETPRO TROJAN DNS Query to Cerber Domain (2eu9zl . bid)
(trojan.rules)
  2823316 - ETPRO TROJAN DNS Query to Cerber Domain (forththat . pw)
(trojan.rules)
  2823317 - ETPRO TROJAN DNS Query to Cerber Domain (hclz73 . top)
(trojan.rules)
  2823318 - ETPRO TROJAN DNS Query to Cerber Domain (23fvxw . bid)
(trojan.rules)
  2823319 - ETPRO TROJAN DNS Query to Cerber Domain (3nke6l . bid)
(trojan.rules)
  2823320 - ETPRO TROJAN DNS Query to Cerber Domain (xy2rlg . bid)
(trojan.rules)
  2823321 - ETPRO TROJAN DNS Query to Cerber Domain (f1l8li . bid)
(trojan.rules)
  2823322 - ETPRO TROJAN DNS Query to Cerber Domain (e2yzfi . bid)
(trojan.rules)
  2823323 - ETPRO TROJAN DNS Query to Cerber Domain (83j6lj . top)
(trojan.rules)
  2823324 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-11-17 1) (trojan.rules)
  2823325 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(d2lsbG93MTQ1LjE6MQ==) (trojan.rules)
  2823326 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(MUJRWFBuNUE5RVM3V2U2UHpDdXk2S1RoNTJrU2ZyVXh5Zjp4) (trojan.rules)
  2823327 - ETPRO TROJAN Observed Malicious SSL Cert (Gootkit CnC)
(trojan.rules)
  2823328 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.jj
Checkin via SMTP (mobile_malware.rules)
  2823329 - ETPRO TROJAN Crypton Ransomware Checkin (trojan.rules)
  2823330 - ETPRO TROJAN Crypton Ransomware User Agent Observed (trojan.rules)
  2823331 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Dadmo.e Checkin
(mobile_malware.rules)
  2823332 - ETPRO CURRENT_EVENTS Evil iframe Redirect to EK Nov 17
2016 (current_events.rules)
  2823333 - ETPRO CURRENT_EVENTS Possible Evil Redirect to EK or Other
Nov 17 2016 (current_events.rules)


 [///]     Modified active rules:     [///]

  2821655 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 1 (GET)
(trojan.rules)


More information about the Emerging-updates mailing list