[Emerging-updates] Daily Ruleset Update Summary 2017/03/16

Francis Trudeau ftrudeau at emergingthreats.net
Thu Mar 16 22:12:27 EDT 2017


 [***] Summary: [***]

 28 new Open signatures, 39 new Pro (28 + 11).  MagikPOS, Gozi, vxCrypt
Ransomware.

 Thanks:  @abuse_ch

 [+++]          Added rules:          [+++]

 Open:

  2024064 - ET TROJAN MagikPOS Downloader Retrieving Payload (trojan.rules)
  2024065 - ET SHELLCODE Linux/x86-64 - Reverse Shell Shellcode
(shellcode.rules)
  2024066 - ET TROJAN MagikPOS Downloader Checkin (trojan.rules)
  2024067 - ET TROJAN MagikPOS CnC Beacon (trojan.rules)
  2024068 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024069 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024070 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024071 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Android Marcher C2) (trojan.rules)
  2024072 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024073 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024074 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024075 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024076 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024077 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Chthonic MITM) (trojan.rules)
  2024078 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024079 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024080 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024081 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024082 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024083 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024084 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024085 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024086 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024087 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024088 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024089 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024090 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024091 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)

 Pro:

  2825474 - ETPRO TROJAN MSIL/vxCrypt Ransomware CnC Checkin (trojan.rules)
  2825475 - ETPRO TROJAN MSIL/Unk.CoinMiner CnC Checkin (trojan.rules)
  2825476 - ETPRO MOBILE_MALWARE Android.Monitor.MobileSpy.I Checkin 2
(mobile_malware.rules)
  2825477 - ETPRO TROJAN Crypt.Blue FUD Crypter Request M1 (trojan.rules)
  2825478 - ETPRO TROJAN Crypt.Blue FUD Crypter Request M2 (trojan.rules)
  2825479 - ETPRO MOBILE_MALWARE Android/AdDisplay.Clevernet.A Checkin
(mobile_malware.rules)
  2825480 - ETPRO MOBILE_MALWARE Android.Trojan.SMSBot.C CnC Beacon
(mobile_malware.rules)
  2825481 - ETPRO CURRENT_EVENTS Successful Microsoft Live Email Account
Phish Mar 15 2017 (current_events.rules)
  2825482 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Stiniter.a Checkin
(mobile_malware.rules)
  2825483 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Stiniter.a CnC Beacon
(mobile_malware.rules)
  2825484 - ETPRO INFO DYNAMIC_DNS Query to a Suspicious *.punkdns.pw
Domain (info.rules)


 [///]     Modified active rules:     [///]

  2002400 - ET USER_AGENTS Suspicious User Agent (Microsoft Internet
Explorer) (user_agents.rules)
  2012810 - ET POLICY HTTP Request to a *.tk domain (policy.rules)
  2018403 - ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe
(trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170316/0d653a8c/attachment.html>


More information about the Emerging-updates mailing list