[Emerging-updates] Daily Ruleset Update Summary 2017/02/06

Francis Trudeau ftrudeau at emergingthreats.net
Mon Feb 6 17:17:46 EST 2017


 [***] Summary: [***]

 6 new Open signatures, 33 new Pro (6 + 27).  Ursnif, (?:Satan|Cancer)
Ransomware, Sundown EK,

 [+++]          Added rules:          [+++]

 Open:

  2023870 - ET TROJAN Ursnif Variant CnC Beacon (trojan.rules)
  2023871 - ET TROJAN Ursnif Variant Retrieving Payload (x32) (trojan.rules)
  2023872 - ET TROJAN Ursnif Variant Retrieving Payload (x64) (trojan.rules)
  2023873 - ET POLICY DNS Query to Hamas Terrorist Propaganda TV
Channel (alqsatv.ps) (policy.rules)
  2023874 - ET POLICY Hamas Terrorist Propaganda TV Channel
(alqsatv.ps) (policy.rules)
  2023875 - ET TROJAN JS/Nemucod requesting EXE payload 2016-02-06
(trojan.rules)

 Pro:

  2824771 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
  2824772 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
  2824773 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
  2824774 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
  2824775 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
  2824776 - ETPRO CURRENT_EVENTS SunDown EK Flash Exploit Dec 13 2016
M2 (current_events.rules)
  2824777 - ETPRO CURRENT_EVENTS EITest SocEng Chrome Fonts DL Feb 06
M1 (current_events.rules)
  2824778 - ETPRO CURRENT_EVENTS Possible EITest SocEng Chrome Fonts
DL Feb 06 M2 (current_events.rules)
  2824779 - ETPRO TROJAN Cancer Ransomware CnC Activity (trojan.rules)
  2824780 - ETPRO TROJAN Possible Win32/KeyLogger.HomeKeyLogger
Retrieving Netcat (trojan.rules)
  2824781 - ETPRO TROJAN Win32/Necurs Checkin 3 (trojan.rules)
  2824782 - ETPRO TROJAN DNS Query to Cerber Domain (1cq7gd . top)
(trojan.rules)
  2824783 - ETPRO TROJAN DNS Query to Cerber Domain (1lt2pn . top)
(trojan.rules)
  2824784 - ETPRO TROJAN DNS Query to Cerber Domain (15jznv . top)
(trojan.rules)
  2824785 - ETPRO TROJAN DNS Query to Cerber Domain (1cauz3 . top)
(trojan.rules)
  2824786 - ETPRO TROJAN DNS Query to Cerber Domain (jb4uh0 . top)
(trojan.rules)
  2824787 - ETPRO TROJAN DNS Query to Cerber Domain (4ucg2l . bid)
(trojan.rules)
  2824788 - ETPRO TROJAN DNS Query to Cerber Domain (rzvhne . top)
(trojan.rules)
  2824789 - ETPRO TROJAN DNS Query to Cerber Domain (1eeb86 . top)
(trojan.rules)
  2824790 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M1
Feb 06 2017 (current_events.rules)
  2824791 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M2
Feb 06 2017 (current_events.rules)
  2824792 - ETPRO CURRENT_EVENTS Banco Itau Phishing Landing
Javascript Feb 06 2017 (current_events.rules)
  2824793 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish Feb 06
2017 (current_events.rules)
  2824794 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Feb 06
2017 (current_events.rules)
  2824795 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Feb 06
2017 (current_events.rules)
  2824796 - ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Feb 06
2017 (current_events.rules)
  2824797 - ETPRO CURRENT_EVENTS Successful Apple Phish Feb 06 2017
(current_events.rules)


 [///]     Modified active rules:     [///]

  2023754 - ET CURRENT_EVENTS Malicious JS.Nemucod to PS Dropping PE
Nov 14 M2 (current_events.rules)
  2808546 - ETPRO TROJAN ZeroAccess3 Checkin (trojan.rules)
  2814350 - ETPRO MALWARE Win32/Adware.Ymeta.A CnC (malware.rules)
  2819987 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Hqwar.q
Checkin (mobile_malware.rules)
  2823251 - ETPRO CURRENT_EVENTS Malicious JS to PS Dropping PE Nov 14
(current_events.rules)


More information about the Emerging-updates mailing list