[prev in list] [next in list] [prev in thread] [next in thread] 

List:       emerging-updates
Subject:    [Emerging-updates] Daily Ruleset Update Summary 2016/01/29
From:       Francis Trudeau <ftrudeau () emergingthreats ! net>
Date:       2016-01-29 22:02:29
Message-ID: CAA-Ja_4SwXAjm3KF9MCs9Ed23LgThbh4GhgKMWVQ8E2qyW5B+w () mail ! gmail ! com
[Download RAW message or body]

 [***] Summary: [***]

 3 new Open signatures, 10 new Pro (3 + 7).  Sperolz, Banatrix, Gootkit.

 Thanks:  @abuse_ch.

 [+++]          Added rules:          [+++]

 Open:

  2022474 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Qadars CnC) (trojan.rules)
  2022475 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Ursnif Injects) (trojan.rules)
  2022476 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gootkit CnC) (trojan.rules)

 Pro:

  2816005 - ETPRO TROJAN Unknown Stealer Checkin 1 (trojan.rules)
  2816006 - ETPRO TROJAN Unknown Stealer Checkin 2 (trojan.rules)
  2816007 - ETPRO TROJAN Win32/Sperolz.A Checkin (trojan.rules)
  2816008 - ETPRO TROJAN WIN32/BULTA!RFN Checkin (trojan.rules)
  2816009 - ETPRO TROJAN Password Stealer MSIL/Spy.Agent.AIF Checkin
(trojan.rules)
  2816010 - ETPRO TROJAN Win32/Banatrix Variant XPI Download (trojan.rules)
  2816011 - ETPRO TROJAN Win32/Banatrix Variant Checkin (trojan.rules)


 [///]     Modified active rules:     [///]

  2015560 - ET TROJAN ET TROJAN ABUSE.CH SSL Fingerprint Blacklist
Malicious SSL certificate detected (Likely Shylock, URLzone, or
Gootkit C2) (trojan.rules)
  2018755 - ET SCAN Possible WordPress xmlrpc.php BruteForce in
Progress - Response (scan.rules)
  2815142 - ETPRO TROJAN Bergard Checkin 1 (trojan.rules)
  2815804 - ETPRO CURRENT_EVENTS Possible Nuclear EK Landing URI
Struct Jan 14 M1 (current_events.rules)
  2815805 - ETPRO CURRENT_EVENTS Possible Nuclear EK Landing URI
Struct Jan 14 M2 (current_events.rules)
  2815806 - ETPRO CURRENT_EVENTS Possible Nuclear EK Landing URI
Struct Jan 14 M3 (current_events.rules)


 [---]  Disabled and modified rules:  [---]

  2021973 - ET CURRENT_EVENTS Angler EK encrypted payload Oct 19 (4)
(current_events.rules)


 [---]         Removed rules:         [---]

  2815971 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif
Injects) (trojan.rules)
  2815984 - ETPRO TROJAN Malicious SSL certificate detected (Qadars
CnC) (trojan.rules)
_______________________________________________
Emerging-updates mailing list
Emerging-updates@lists.emergingthreats.net
https://lists.emergingthreats.net/mailman/listinfo/emerging-updates
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic