[Emerging-updates] Daily Ruleset Update Summary 2016/11/28

Francis Trudeau ftrudeau at emergingthreats.net
Mon Nov 28 19:16:00 EST 2016


 [***] Summary: [***]

 3 new Open signatures, 36 new Pro (3 + 33).  Eir D1000 vulns, RIG EK,
DetoxCrypto, VARIOUS PHISHING.

 Thanks:  Balasubramaniam Natarajan.

 [+++]          Added rules:          [+++]

  2023547 - ET CURRENT_EVENTS Evil Redirector Leading to EK EITest
Inject Oct 17 2016 M3 (current_events.rules)
  2023548 - ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE  (exploit.rules)
  2023549 - ET EXPLOIT Eir D1000 Modem CWMP Exploit Retrieving Wifi
Key (exploit.rules)

 Pro:

  2823456 - ETPRO TROJAN PoisonIvy Keepalive to CnC 593 (trojan.rules)
  2823457 - ETPRO CURRENT_EVENTS RIG EK Flash Exploit (set)
(current_events.rules)
  2823458 - ETPRO CURRENT_EVENTS RIG EK Flash Exploit Nov 25 2016
(current_events.rules)
  2823459 - ETPRO TROJAN DetoxCrypto Ransomware UA (trojan.rules)
  2823460 - ETPRO CURRENT_EVENTS RIG EK Landing Nov 26 (Rig-v)
(current_events.rules)
  2823461 - ETPRO TROJAN Win32/Dapato.J CnC (trojan.rules)
  2823462 - ETPRO TROJAN DNS Query to Cerber Domain (gxty7j . top)
(trojan.rules)
  2823463 - ETPRO TROJAN DNS Query to Cerber Domain (9c431m . bid)
(trojan.rules)
  2823464 - ETPRO TROJAN DNS Query to Cerber Domain (u9fcji . bid)
(trojan.rules)
  2823465 - ETPRO TROJAN DNS Query to Cerber Domain (5i0ukv . bid)
(trojan.rules)
  2823466 - ETPRO TROJAN DNS Query to Cerber Domain (7a07br . bid)
(trojan.rules)
  2823467 - ETPRO TROJAN DNS Query to Cerber Domain (3buvlc . bid)
(trojan.rules)
  2823468 - ETPRO TROJAN DNS Query to Cerber Domain (zz3w5l . bid)
(trojan.rules)
  2823469 - ETPRO TROJAN DNS Query to Cerber Domain (19wkwf . top)
(trojan.rules)
  2823470 - ETPRO TROJAN DNS Query to Cerber Domain (v4nus1 . top)
(trojan.rules)
  2823471 - ETPRO TROJAN DNS Query to Cerber Domain (x8p2m7 . bid)
(trojan.rules)
  2823472 - ETPRO TROJAN PoisonIvy Keepalive to CnC 594 (trojan.rules)
  2823473 - ETPRO TROJAN PoisonIvy Keepalive to CnC 595 (trojan.rules)
  2823474 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-11-28 1) (trojan.rules)
  2823475 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-11-28 2) (trojan.rules)
  2823476 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.IB .onion
Proxy Domain (mobile_malware.rules)
  2823477 - ETPRO TROJAN Malicious SSL Certificate Detected (Ursnif
CnC) (trojan.rules)
  2823478 - ETPRO MOBILE_MALWARE Android.Trojan.HiddenApp.HO Checkin
(mobile_malware.rules)
  2823479 - ETPRO CURRENT_EVENTS Malicious JS to PS Dropping PE Nov 14
M2 (current_events.rules)
  2823480 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate
Detected (trojan.rules)
  2823481 - ETPRO CURRENT_EVENTS Successful Postbank (DE) Phish Nov 28
2016 (current_events.rules)
  2823482 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Nov 28 2016
(current_events.rules)
  2823483 - ETPRO CURRENT_EVENTS Successful Sparkasse (DE) Phish Nov
28 2016 (current_events.rules)
  2823484 - ETPRO CURRENT_EVENTS Successful Ourtime.com Phish Nov 28
2016 (current_events.rules)
  2823485 - ETPRO CURRENT_EVENTS Terse POST to Wordpress Folder -
Probable Successful Phishing M5 (current_events.rules)
  2823486 - ETPRO CURRENT_EVENTS Successful Package Tracking Phish Nov
28 (current_events.rules)
  2823487 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish Nov 27
2016 (current_events.rules)
  2823488 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phish Nov
28 2016 (current_events.rules)


 [///]     Modified active rules:     [///]

  2013508 - ET TROJAN Downloader User-Agent HTTPGET (trojan.rules)
  2019378 - ET TROJAN Gozi Checkin (trojan.rules)
  2021753 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic
(OUTBOUND) 103 (trojan.rules)
  2823012 - ETPRO CURRENT_EVENTS Successful FreeMobile (FR) Phish M1
Oct 31 2016 (current_events.rules)
  2823171 - ETPRO CURRENT_EVENTS MalDoc Payload Inbound Nov 08
(current_events.rules)
  2823251 - ETPRO CURRENT_EVENTS Malicious JS to PS Dropping PE Nov 14
(current_events.rules)


 [---]         Removed rules:         [---]

  2808223 - ETPRO MOBILE_MALWARE Android Spyoo-J Checkin 2
(mobile_malware.rules)
  2823448 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Casseb.pac Checkin
(mobile_malware.rules)


More information about the Emerging-updates mailing list