[Emerging-updates] Daily Ruleset Update Summary 2016/11/30

Francis Trudeau ftrudeau at emergingthreats.net
Wed Nov 30 17:42:42 EST 2016


 [***] Summary: [***]

 5 new Open signatures, 26 new Pro (5 + 21).  Firefox vuln,
CVE-2016-3210, Princess Ransomware.

 Thanks:  Nathan Fowler.

 [+++]          Added rules:          [+++]

 Open:

  2023559 - ET EXPLOIT Firefox 0-day used against TOR browser Nov 29
2016 M1 (exploit.rules)
  2023560 - ET EXPLOIT Firefox 0-day used against TOR browser Nov 29
2016 M2 (exploit.rules)
  2023567 - ET TROJAN Sharik/Smoke Loader Receiving Payload (trojan.rules)
  2023568 - ET EXPLOIT CVE-2016-3210 Exploit Observed ITW M1 Nov 30
(exploit.rules)
  2023569 - ET EXPLOIT CVE-2016-3210 Exploit Observed ITW M1 Nov 30
(exploit.rules)

 Pro:

  2823520 - ETPRO CURRENT_EVENTS MalDoc Request for Payload Nov 28
2016 (current_events.rules)
  2823521 - ETPRO TROJAN W32.Princess Ransomware Checkin (trojan.rules)
  2823522 - ETPRO TROJAN DNS Query to Cerber Domain (19jmfr . top)
(trojan.rules)
  2823523 - ETPRO TROJAN DNS Query to Cerber Domain (7jrv53 . bid)
(trojan.rules)
  2823524 - ETPRO TROJAN DNS Query to Cerber Domain (axu3u8 . bid)
(trojan.rules)
  2823525 - ETPRO TROJAN DNS Query to Cerber Domain (e6cf2t . bid)
(trojan.rules)
  2823526 - ETPRO TROJAN DNS Query to Cerber Domain (6tjvli . bid)
(trojan.rules)
  2823527 - ETPRO TROJAN DNS Query to Cerber Domain (b31wkh . bid)
(trojan.rules)
  2823528 - ETPRO TROJAN DNS Query to Cerber Domain (li5nz3 . bid)
(trojan.rules)
  2823529 - ETPRO TROJAN DNS Query to Cerber Domain (oxmffh . bid)
(trojan.rules)
  2823530 - ETPRO TROJAN DNS Query to Cerber Domain (41c920 . top)
(trojan.rules)
  2823531 - ETPRO TROJAN DNS Query to Cerber Domain (531sol . bid)
(trojan.rules)
  2823532 - ETPRO CURRENT_EVENTS SunDown EK Landing Nov 30 M2
(current_events.rules)
  2823533 - ETPRO CURRENT_EVENTS SunDown EK Landing Nov 30 M2
(current_events.rules)
  2823534 - ETPRO CURRENT_EVENTS Likely Magnitude EK Flash Exploit
Struct Nov 30 2016 (current_events.rules)
  2823535 - ETPRO CURRENT_EVENTS RIG EK Landing Nov 30 2016 (RIG-v)
(current_events.rules)
  2823537 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate
Detected (trojan.rules)
  2823538 - ETPRO EXPLOIT
UCam247/Phylink/Titathink/YCam/Anbash/Trivision/Netvision Webcam RCE
(exploit.rules)
  2823539 - ETPRO CURRENT_EVENTS Evil scriptjs Redirect to EK Nov 29
2016 (current_events.rules)
  2823540 - ETPRO TROJAN W32.Unknown Checkin Sending LAN/IIS/SQL Info
(trojan.rules)


 [///]     Modified active rules:     [///]

  2018676 - ET TROJAN Sharik/Smoke Loader Adobe Connectivity check
(trojan.rules)
  2018677 - ET TROJAN Sharik/Smoke Loader Microsoft Connectivity check
(trojan.rules)
  2022025 - ET TROJAN Sharik/Smoke Loader Adobe Connectivity Check 2
(trojan.rules)
  2022026 - ET TROJAN Sharik/Smoke Loader Java Connectivity Check (trojan.rules)
  2022027 - ET TROJAN Sharik/Smoke Loader Adobe Connectivity Check 3
(trojan.rules)
  2022124 - ET TROJAN Sharik/Smoke Loader Microsoft Connectivity Check
(trojan.rules)
  2809825 - ETPRO TROJAN Sharik/Smoke Loader SourceForge Connectivity
Check (trojan.rules)
  2816329 - ETPRO CURRENT_EVENTS Possible Magnitude EK Flash Exploit
URI Struct Feb 19 2016 (current_events.rules)
  2821202 - ETPRO TROJAN Sharik/Smoke Loader Microsoft Connectivity
Check M2 (trojan.rules)
  2822241 - ETPRO TROJAN Sharik/Smoke Loader Connectivity Check M3
(trojan.rules)
  2822847 - ETPRO CURRENT_EVENTS Evil Redirect to RIG-v EK Oct 24 2016
(current_events.rules)
  2823077 - ETPRO CURRENT_EVENTS GreenFlash SunDown EK Flash Exploit
(current_events.rules)


More information about the Emerging-updates mailing list