[Emerging-updates] Daily Ruleset Update Summary 2016/11/22

Francis Trudeau ftrudeau at emergingthreats.net
Tue Nov 22 17:37:58 EST 2016


 [***] Summary: [***]

 5 new Open signatures, 31 new Pro (5 + 26).  ScanPOS, Ranscrape,
TrickBot, Vawtrak.

 Thanks:  @abuse_ch.

 [+++]          Added rules:          [+++]

 Open:

  2023538 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Tuhkit C2) (trojan.rules)
  2023539 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2023540 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Vawtrak CnC) (trojan.rules)
  2023541 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TrickBot CnC) (trojan.rules)
  2023542 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Zeus CnC) (trojan.rules)

 Pro:

  2823395 - ETPRO TROJAN ScanPOS CnC Beacon (trojan.rules)
  2823396 - ETPRO MOBILE_MALWARE Android.Trojan.Maistealer.B Checkin
(mobile_malware.rules)
  2823397 - ETPRO TROJAN Observed Malicious SSL Cert (FlokiBot CnC)
(trojan.rules)
  2823398 - ETPRO CURRENT_EVENTS Successful Hawaiian Telcom Phish Nov
21 2016 (current_events.rules)
  2823399 - ETPRO CURRENT_EVENTS Terse POST to Wordpress Folder -
Probable Successful Phishing M4 (current_events.rules)
  2823400 - ETPRO CURRENT_EVENTS Successful USAA Phish Nov 21 2016
(current_events.rules)
  2823401 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phish Nov
21 M1 2016 (current_events.rules)
  2823402 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phish Nov
21 M2 2016 (current_events.rules)
  2823403 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phish Nov
21 M3 2016 (current_events.rules)
  2823404 - ETPRO TROJAN Win32/Ranscrape Ransomware Onion Domain
Lookup (trojan.rules)
  2823405 - ETPRO TROJAN DNS Query to Cerber Domain (tmfl6g . bid)
(trojan.rules)
  2823406 - ETPRO TROJAN DNS Query to Cerber Domain (y7603i . bid)
(trojan.rules)
  2823407 - ETPRO TROJAN DNS Query to Cerber Domain (1m47ka . bid)
(trojan.rules)
  2823408 - ETPRO TROJAN DNS Query to Cerber Domain (c4cwr4 . bid)
(trojan.rules)
  2823409 - ETPRO TROJAN DNS Query to Cerber Domain (jo73jn . bid)
(trojan.rules)
  2823410 - ETPRO TROJAN DNS Query to Cerber Domain (chnbyl . bid)
(trojan.rules)
  2823411 - ETPRO TROJAN DNS Query to Cerber Domain (735giv . top)
(trojan.rules)
  2823412 - ETPRO TROJAN DNS Query to Cerber Domain (6cfu46 . bid)
(trojan.rules)
  2823413 - ETPRO TROJAN DNS Query to Cerber Domain (odllm3 . bid)
(trojan.rules)
  2823414 - ETPRO TROJAN DNS Query to Cerber Domain (vth4o4 . bid)
(trojan.rules)
  2823415 - ETPRO CURRENT_EVENTS MalDoc Callout Nov 22 2016
(current_events.rules)
  2823416 - ETPRO CURRENT_EVENTS MalDoc Activity Nov 22 2016
(current_events.rules)
  2823417 - ETPRO CURRENT_EVENTS MalDoc Reporting Plugins Nov 22 2016
(current_events.rules)
  2823418 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Qexq.a Checkin
(mobile_malware.rules)
  2823419 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
(set) Nov 22 2016 (current_events.rules)
  2823420 - ETPRO POLICY External IP Address Lookup - myip.ch (policy.rules)


 [///]     Modified active rules:     [///]

  2019204 - ET TROJAN Backdoor.Win32.PcClient.bal CnC (OUTBOUND) (trojan.rules)
  2023536 - ET TROJAN Observed Malicious SSL Cert (FlokiBot CnC) (trojan.rules)
  2023537 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gootkit C2) (trojan.rules)
  2822076 - ETPRO MALWARE Win32/Hao123.H Checkin 2 (malware.rules)
  2822102 - ETPRO WEB_CLIENT Possible Microsoft Internet Explorer and
Edge Information Disclosure Vulnerability (CVE-2016-3351)
(web_client.rules)
  2822332 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M1 Sep
30 2016 (current_events.rules)
  2822376 - ETPRO CURRENT_EVENTS Successful Apple ID Phish M1 Oct 04
2016 (current_events.rules)


More information about the Emerging-updates mailing list