[Emerging-updates] Daily Ruleset Update Summary 2016/11/18

Francis Trudeau ftrudeau at emergingthreats.net
Fri Nov 18 17:50:03 EST 2016


 [***] Summary: [***]

 13 new Open signatures, 37 new Pro (13 + 24).  KeyBoy, Nanocore,
Zloader, Locky.

 Thanks:  Kevin Ross, @malware_traffic and @abuse_ch.

 [+++]          Added rules:          [+++]

 Open:

  2023523 - ET TROJAN KeyBoy DNS Lookup (www .about.jkub.com) (trojan.rules)
  2023524 - ET TROJAN KeyBoy DNS Lookup (www .eleven.mypop3.org) (trojan.rules)
  2023525 - ET TROJAN KeyBoy DNS Lookup (www .backus.myftp.name) (trojan.rules)
  2023526 - ET TROJAN KeyBoy DNS Lookup (tibetvoices .com) (trojan.rules)
  2023527 - ET TROJAN KeyBoy CnC Beacon (trojan.rules)
  2023528 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL Certificate
Detected (Chthonic CnC) (trojan.rules)
  2023529 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL Certificate
Detected (Malware CnC) (trojan.rules)
  2023530 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL Certificate
Detected (Chthonic MITM) (trojan.rules)
  2023531 - ET MOBILE_MALWARE Unknown Redirector Nov 17 2016
(mobile_malware.rules)
  2023532 - ET MOBILE_MALWARE Unknown Landing URI Nov 17 2016
(mobile_malware.rules)
  2023533 - ET TROJAN CryptoLuck / YafunnLocker Ransomware CnC Checkin
(trojan.rules)
  2023534 - ET TROJAN Win32/CHIP Ransomware CnC Checkin (trojan.rules)
  2023535 - ET WEB_SERVER Possible Apache Struts OGNL Expression
Injection (web_server.rules)

 Pro:

  2823334 - ETPRO TROJAN Nanocore Checkin Pattern (set) 1 (trojan.rules)
  2823335 - ETPRO TROJAN Nanocore Checkin Pattern (set) 2 (trojan.rules)
  2823336 - ETPRO TROJAN Nanocore Checkin Pattern (set) 4 (trojan.rules)
  2823337 - ETPRO TROJAN Nanocore Checkin Pattern (trojan.rules)
  2823338 - ETPRO TROJAN Nanocore Checkin Pattern (set) 3 (trojan.rules)
  2823339 - ETPRO CURRENT_EVENTS Sundown/Xer EK Landing Page Nov 17
2016 (current_events.rules)
  2823340 - ETPRO TROJAN Zloader CnC SSL Cert (trojan.rules)
  2823341 - ETPRO TROJAN Ransomware/Princess Onion Domain Lookup (trojan.rules)
  2823342 - ETPRO TROJAN Ransomware/Princess Onion Domain Lookup (trojan.rules)
  2823346 - ETPRO TROJAN JigsawLocker .onion Proxy Domain (trojan.rules)
  2823347 - ETPRO TROJAN MSIL.Neutron .onion Proxy Domain (trojan.rules)
  2823348 - ETPRO TROJAN Ransomware PadCrypt .onion Proxy Domain (trojan.rules)
  2823352 - ETPRO CURRENT_EVENTS Successful Sparkasse Bank Phish Nov
18 2016 (current_events.rules)
  2823353 - ETPRO CURRENT_EVENTS Successful St. George Bank (AU) Phish
Nov 18 2016 (current_events.rules)
  2823354 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M1 Nov
18 2016 (current_events.rules)
  2823355 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M2 Nov
18 2016 (current_events.rules)
  2823356 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Nov 18
2016 (current_events.rules)
  2823357 - ETPRO CURRENT_EVENTS Successful Linkedin Phish Nov 18 2016
(current_events.rules)
  2823358 - ETPRO CURRENT_EVENTS Successful Credential Phish (Multiple
Brands) Nov 18 2016 (current_events.rules)
  2823359 - ETPRO CURRENT_EVENTS Office 365 Phishing Landing Nov 18
2016 (current_events.rules)
  2823360 - ETPRO CURRENT_EVENTS Successful Office 365 Phish Nov 18
2016 (current_events.rules)
  2823361 - ETPRO CURRENT_EVENTS Successful Generic Wembail Phish M2
Nov 18 2016 (current_events.rules)
  2823362 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish M1
Nov 18 2016 (current_events.rules)
  2823363 - ETPRO TROJAN Locky CnC Checkin Nov 18 2016 (trojan.rules)


 [///]     Modified active rules:     [///]

  2022483 - ET TROJAN JS/Nemucod requesting EXE payload 2016-01-28
(trojan.rules)
  2815129 - ETPRO CURRENT_EVENTS Base64 Obfuscated Landing - Possible
Phishing Nov 30 (current_events.rules)
  2820982 - ETPRO TROJAN MSIL/AlphaStealer PWS Exfil via HTTP (trojan.rules)


 [---]         Removed rules:         [---]

  2017278 - ET WEB_SERVER Possible Apache Struts OGNL Expression
Injection (web_server.rules)
  2405053 - ET CNC Shadowserver Reported CnC Server Port 33333 Group 1
(botcc.portgrouped.rules)
  2816535 - ETPRO TROJAN W32/Filecoder.NFN!tr Checkin (trojan.rules)
  2823252 - ETPRO TROJAN CryptoLuck / YafunnLocker Ransomware CnC
Checkin (trojan.rules)


More information about the Emerging-updates mailing list