[Emerging-updates] Daily Ruleset Update Summary 2016/11/29

Francis Trudeau ftrudeau at emergingthreats.net
Tue Nov 29 18:10:14 EST 2016


 [***] Summary: [***]

 9 new Open signatures, 40 new Pro (9 + 31).  Locky, Gozi, Netwire
RAT, VindowsLocker.

 Thanks:  @abuse_ch and Kevin Ross.

 [+++]          Added rules:          [+++]

 Open:

  2023550 - ET TROJAN Malicious SSL Certificate Detected (Gootkit CnC)
(trojan.rules)
  2023551 - ET TROJAN Locky CnC checkin Nov 21 (trojan.rules)
  2023552 - ET TROJAN Locky CnC checkin Nov 21 M2 (trojan.rules)
  2023553 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.a
Checkin (mobile_malware.rules)
  2023554 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Flokibot CnC) (trojan.rules)
  2023555 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023556 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023557 - ET CURRENT_EVENTS XBOOMBER Paypal Phishing Landing Nov 28
2016 (current_events.rules)
  2023558 - ET CURRENT_EVENTS Successful XBOOMBER Paypal Phish Nov 28
2016 (current_events.rules)

 Pro:

  2823489 - ETPRO CURRENT_EVENTS Successful Banco Bradesco Phish M1
Nov 29 2016 (current_events.rules)
  2823490 - ETPRO CURRENT_EVENTS Successful Banco Bradesco Phish M2
Nov 29 2016 (current_events.rules)
  2823491 - ETPRO CURRENT_EVENTS Terse POST to Wordpress Folder -
Probable Successful Phishing M6 (current_events.rules)
  2823492 - ETPRO CURRENT_EVENTS Possible Paypal Phishing Landing M1
Nov 29 2016 (current_events.rules)
  2823493 - ETPRO CURRENT_EVENTS Possible Paypal Phishing Landing M2
Nov 29 2016 (current_events.rules)
  2823494 - ETPRO CURRENT_EVENTS Possible Paypal Phishing Landing M3
Nov 29 2016 (current_events.rules)
  2823495 - ETPRO CURRENT_EVENTS Possible Paypal Phishing Landing M4
Nov 29 2016 (current_events.rules)
  2823496 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Nov 29
2016 (current_events.rules)
  2823497 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Nov 29
2016 (current_events.rules)
  2823498 - ETPRO TROJAN Netwire RAT Check-in 2 (trojan.rules)
  2823499 - ETPRO TROJAN Netwire RAT Check-in 2 (trojan.rules)
  2823500 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher SSL
CnC Cert (mobile_malware.rules)
  2823501 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS
Lookup (mobile_malware.rules)
  2823502 - ETPRO TROJAN DNS Query to Cerber Domain (9mu6vk . top)
(trojan.rules)
  2823503 - ETPRO TROJAN DNS Query to Cerber Domain (psrd32 . bid)
(trojan.rules)
  2823504 - ETPRO TROJAN DNS Query to Cerber Domain (jwi2ek . bid)
(trojan.rules)
  2823505 - ETPRO TROJAN DNS Query to Cerber Domain (ffsm1a . bid)
(trojan.rules)
  2823506 - ETPRO TROJAN DNS Query to Cerber Domain (1blwcn . top)
(trojan.rules)
  2823507 - ETPRO TROJAN DNS Query to Cerber Domain (zu3fzc . bid)
(trojan.rules)
  2823508 - ETPRO TROJAN DNS Query to Cerber Domain (r38w54 . top)
(trojan.rules)
  2823509 - ETPRO TROJAN DNS Query to Cerber Domain (0v7hry . bid)
(trojan.rules)
  2823510 - ETPRO TROJAN DNS Query to Cerber Domain (tsrwj3 . top)
(trojan.rules)
  2823511 - ETPRO TROJAN DNS Query to Cerber Domain (zi842m . bid)
(trojan.rules)
  2823512 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Nov 23 2016
(current_events.rules)
  2823513 - ETPRO CURRENT_EVENTS Successful Blackboard Phish Nov 23
2016 (current_events.rules)
  2823514 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M1
Nov 29 2016 (current_events.rules)
  2823515 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M2
Nov 29 2016 (current_events.rules)
  2823516 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M3
Nov 29 2016 (current_events.rules)
  2823517 - ETPRO CURRENT_EVENTS Successful Microsoft Live Email
Account Phish Nov 29 2016 (current_events.rules)
  2823518 - ETPRO CURRENT_EVENTS Successful Personalized Adobe Online
PDF Phish Nov 28 2016 (current_events.rules)
  2823519 - ETPRO TROJAN MSIL.VindowsLocker Ransomware Checkin via
Pastebin (trojan.rules)


 [///]     Modified active rules:     [///]

  2022229 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gootkit MITM) (trojan.rules)
  2023548 - ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE  (exploit.rules)
  2023549 - ET EXPLOIT Eir D1000 Modem CWMP Exploit Retrieving Wifi
Key (exploit.rules)
  2814961 - ETPRO CURRENT_EVENTS Possible Dyre SSL Cert Nov 17 2015
(current_events.rules)
  2822181 - ETPRO TROJAN Bolek HTTP Checkin (trojan.rules)
  2823447 - ETPRO TROJAN Malicious SSL Certificate Detected (Zeus
OPENSSL) (trojan.rules)
  2823461 - ETPRO TROJAN MSIL.Proteus CnC (trojan.rules)
  2823481 - ETPRO CURRENT_EVENTS Successful Postbank (DE) Phish Nov 28
2016 (current_events.rules)


 [---]         Removed rules:         [---]

  2807968 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.a
Checkin (mobile_malware.rules)
  2823366 - ETPRO TROJAN Locky CnC checkin Nov 21 (trojan.rules)
  2823367 - ETPRO TROJAN Locky CnC checkin Nov 21 M2 (trojan.rules)
  2823452 - ETPRO TROJAN Malicious SSL Certificate Detected (Gootkit
CnC) (trojan.rules)


More information about the Emerging-updates mailing list