[prev in list] [next in list] [prev in thread] [next in thread]
List: emerging-sigs
Subject: [Emerging-Sigs] Daily Ruleset Update Summary 2016/08/31
From: Francis Trudeau <ftrudeau () emergingthreats ! net>
Date: 2016-08-31 21:55:12
Message-ID: CAA-Ja_6D6K2XvKUj2CGqm5=paerP5AmGNQV5G3Gw8Ap=yGDo_g () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
[***] Summary: [***]
1 new Open signature, 29 new Pro (1 + 28). TorrentLocker, Ursnif, Cerber.
Thanks: Kevin Branch, Kevin Ross and @malwaretraffic.
[+++] Added rules: [+++]
Open:
2023142 - ET TROJAN TorrentLocker DNS Lookup (bigcrashcar.net)
(trojan.rules)
Pro:
2821922 - ETPRO TROJAN Ursnif Variant Connectivity Check to gnu.org
(trojan.rules) 2821923 - ETPRO POLICY DNS Query to .onion proxy Domain
(onion.my) (policy.rules)
2821924 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.tech)
(policy.rules)
2821925 - ETPRO POLICY DNS Query to .onion proxy Domain (hiddenservice.net)
(policy.rules)
2821926 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.cl)
(policy.rules)
2821927 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.it)
(policy.rules)
2821928 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.ink)
(policy.rules)
2821929 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.live)
(policy.rules)
2821930 - ETPRO POLICY DNS Query to .onion proxy Domain (torlink.co)
(policy.rules)
2821931 - ETPRO POLICY DNS Query to .onion proxy Domain (tor2.club)
(policy.rules)
2821932 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.co)
(policy.rules)
2821933 - ETPRO TROJAN ReverseShell Download .onion Proxy Domain
(trojan.rules)
2821934 - ETPRO TROJAN Meterpreter .onion Proxy Domain (trojan.rules)
2821935 - ETPRO CURRENT_EVENTS Successful Paypal Phish Aug 31 2016
(current_events.rules)
2821936 - ETPRO CURRENT_EVENTS Successful Facebook Phish Aug 31 2016
(current_events.rules)
2821937 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 Aug 31
2016 (current_events.rules)
2821938 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M2 Aug 31
2016 (current_events.rules)
2821939 - ETPRO CURRENT_EVENTS Successful Westpac Bank Phish Aug 31 2016
(current_events.rules)
2821940 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish Aug 31 2016
(current_events.rules)
2821941 - ETPRO CURRENT_EVENTS Successful FR Paypal Phish Aug 31 2016
(current_events.rules)
2821942 - ETPRO CURRENT_EVENTS Successful Outlook Phish Aug 31 2016
(current_events.rules)
2821943 - ETPRO CURRENT_EVENTS DHL Phishing Landing Aug 31 2016
(current_events.rules)
2821944 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Aug 31 2016
(current_events.rules)
2821948 - ETPRO TROJAN Trojan.MSIL.Ranos.A Bot USER Command (trojan.rules)
2821949 - ETPRO MALWARE Win32/CN.PUPDropper Checkin (malware.rules)
2821950 - ETPRO TROJAN PoisonIvy Keepalive to CnC 500 (trojan.rules)
2821951 - ETPRO TROJAN Ransomware/Cerber Onion Domain Lookup
(trojan.rules)
2821952 - ETPRO CURRENT_EVENTS Evil Redirector to EK - Observed Malicious
SSL Cert (current_events.rules)
[///] Modified active rules: [///]
2021977 - ET TROJAN NetWire / Ozone / Darktrack Alien RAT - Server Hello
(trojan.rules)
2021978 - ET TROJAN NetWire / Ozone / Darktrack Alien RAT - Client
KeepAlive (trojan.rules)
2809943 - ETPRO MALWARE Win32/Adware.iBryte.BX CnC Beacon (malware.rules)
2815979 - ETPRO CURRENT_EVENTS Phishing Landing via Webeden.co.uk Jan 26
M1 (current_events.rules)
2816063 - ETPRO TROJAN W32/Galaxy Keylogger IP Check (trojan.rules)
2820237 - ETPRO CURRENT_EVENTS Successful Dropbox Phish May 16
(current_events.rules)
2821562 - ETPRO TROJAN Win32/CryptFile2 Ransomware Fake Image Response
(trojan.rules)
2821881 - ETPRO INFO Suspicious Dropbox Page - Possible Phishing Landing
(info.rules)
2821882 - ETPRO INFO Suspicious Yahoo Page - Possible Phishing Landing
(info.rules)
2821883 - ETPRO INFO Suspicious Google Docs Page - Possible Phishing
Landing (info.rules)
[---] Removed rules: [---]
2816570 - ETPRO TROJAN AgentTesla PWS HTTP CnC Checkin (trojan.rules)
[Attachment #5 (text/html)]
<div dir="ltr"><div> [***] Summary: [***]</div><div><br></div><div> 1 new Open \
signature, 29 new Pro (1 + 28). TorrentLocker, Ursnif, \
Cerber.</div><div><br></div><div> Thanks: Kevin Branch, Kevin Ross and \
@malwaretraffic.</div><div><br></div><div> [+++] Added rules: \
[+++]</div><div><br></div><div>Open:</div><div><br></div><div> 2023142 - ET TROJAN \
TorrentLocker DNS Lookup (<a href="http://bigcrashcar.net">bigcrashcar.net</a>) \
(trojan.rules)</div><div><br></div><div> Pro:</div><div><br></div><div> 2821922 - \
ETPRO TROJAN Ursnif Variant Connectivity Check to <a \
href="http://gnu.org">gnu.org</a> (trojan.rules) 2821923 - ETPRO POLICY DNS Query \
to .onion proxy Domain (onion.my) (policy.rules)</div><div> 2821924 - ETPRO POLICY \
DNS Query to .onion proxy Domain (onion.tech) (policy.rules)</div><div> 2821925 - \
ETPRO POLICY DNS Query to .onion proxy Domain (<a \
href="http://hiddenservice.net">hiddenservice.net</a>) (policy.rules)</div><div> \
2821926 - ETPRO POLICY DNS Query to .onion proxy Domain (<a \
href="http://onion.cl">onion.cl</a>) (policy.rules)</div><div> 2821927 - ETPRO \
POLICY DNS Query to .onion proxy Domain (<a href="http://onion.it">onion.it</a>) \
(policy.rules)</div><div> 2821928 - ETPRO POLICY DNS Query to .onion proxy Domain \
(onion.ink) (policy.rules)</div><div> 2821929 - ETPRO POLICY DNS Query to .onion \
proxy Domain (onion.live) (policy.rules)</div><div> 2821930 - ETPRO POLICY DNS \
Query to .onion proxy Domain (<a href="http://torlink.co">torlink.co</a>) \
(policy.rules)</div><div> 2821931 - ETPRO POLICY DNS Query to .onion proxy Domain \
(tor2.club) (policy.rules)</div><div> 2821932 - ETPRO POLICY DNS Query to .onion \
proxy Domain (<a href="http://onion.co">onion.co</a>) (policy.rules)</div><div> \
2821933 - ETPRO TROJAN ReverseShell Download .onion Proxy Domain \
(trojan.rules)</div><div> 2821934 - ETPRO TROJAN Meterpreter .onion Proxy Domain \
(trojan.rules)</div><div> 2821935 - ETPRO CURRENT_EVENTS Successful Paypal Phish \
Aug 31 2016 (current_events.rules)</div><div> 2821936 - ETPRO CURRENT_EVENTS \
Successful Facebook Phish Aug 31 2016 (current_events.rules)</div><div> 2821937 - \
ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 Aug 31 2016 \
(current_events.rules)</div><div> 2821938 - ETPRO CURRENT_EVENTS Successful Bank of \
America Phish M2 Aug 31 2016 (current_events.rules)</div><div> 2821939 - ETPRO \
CURRENT_EVENTS Successful Westpac Bank Phish Aug 31 2016 \
(current_events.rules)</div><div> 2821940 - ETPRO CURRENT_EVENTS Successful Wells \
Fargo Phish Aug 31 2016 (current_events.rules)</div><div> 2821941 - ETPRO \
CURRENT_EVENTS Successful FR Paypal Phish Aug 31 2016 \
(current_events.rules)</div><div> 2821942 - ETPRO CURRENT_EVENTS Successful Outlook \
Phish Aug 31 2016 (current_events.rules)</div><div> 2821943 - ETPRO CURRENT_EVENTS \
DHL Phishing Landing Aug 31 2016 (current_events.rules)</div><div> 2821944 - ETPRO \
CURRENT_EVENTS Successful Dropbox Phish Aug 31 2016 (current_events.rules)</div><div> \
2821948 - ETPRO TROJAN Trojan.MSIL.Ranos.A Bot USER Command (trojan.rules)</div><div> \
2821949 - ETPRO MALWARE Win32/CN.PUPDropper Checkin (malware.rules)</div><div> \
2821950 - ETPRO TROJAN PoisonIvy Keepalive to CnC 500 (trojan.rules)</div><div> \
2821951 - ETPRO TROJAN Ransomware/Cerber Onion Domain Lookup \
(trojan.rules)</div><div> 2821952 - ETPRO CURRENT_EVENTS Evil Redirector to EK - \
Observed Malicious SSL Cert \
(current_events.rules)</div><div><br></div><div><br></div><div> [///] Modified \
active rules: [///]</div><div><br></div><div> 2021977 - ET TROJAN NetWire / \
Ozone / Darktrack Alien RAT - Server Hello (trojan.rules)</div><div> 2021978 - ET \
TROJAN NetWire / Ozone / Darktrack Alien RAT - Client KeepAlive \
(trojan.rules)</div><div> 2809943 - ETPRO MALWARE Win32/Adware.iBryte.BX CnC Beacon \
(malware.rules)</div><div> 2815979 - ETPRO CURRENT_EVENTS Phishing Landing via <a \
href="http://Webeden.co.uk">Webeden.co.uk</a> Jan 26 M1 \
(current_events.rules)</div><div> 2816063 - ETPRO TROJAN W32/Galaxy Keylogger IP \
Check (trojan.rules)</div><div> 2820237 - ETPRO CURRENT_EVENTS Successful Dropbox \
Phish May 16 (current_events.rules)</div><div> 2821562 - ETPRO TROJAN \
Win32/CryptFile2 Ransomware Fake Image Response (trojan.rules)</div><div> 2821881 - \
ETPRO INFO Suspicious Dropbox Page - Possible Phishing Landing \
(info.rules)</div><div> 2821882 - ETPRO INFO Suspicious Yahoo Page - Possible \
Phishing Landing (info.rules)</div><div> 2821883 - ETPRO INFO Suspicious Google \
Docs Page - Possible Phishing Landing \
(info.rules)</div><div><br></div><div><br></div><div> [---] Removed \
rules: [---]</div><div><br></div><div> 2816570 - ETPRO TROJAN \
AgentTesla PWS HTTP CnC Checkin (trojan.rules)</div><div><br></div></div>
_______________________________________________
Emerging-sigs mailing list
Emerging-sigs@lists.emergingthreats.net
https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreats.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic