[prev in list] [next in list] [prev in thread] [next in thread]
List: emerging-updates
Subject: [Emerging-updates] Daily Ruleset Update Summary 2016/03/31
From: Francis Trudeau <ftrudeau () emergingthreats ! net>
Date: 2016-03-31 21:47:55
Message-ID: CAA-Ja_5JjAoD5kupBvruxAZRP0gHPrf-mrW=FdYp+MRMWzmKgA () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
[***] Summary: [***]
2 new Open Signatures, 22 new Pro (2 + 20). VARIOUS PHISHING, Salam,
Kovter.
Thanks: @rmkml.
[+++] Added rules: [+++]
Open:
2022692 - ET TROJAN JS/Nemucod requesting EXE payload 2016-03-31
(trojan.rules)
2022693 - ET EXPLOIT TrendMicro node.js (Remote Debugger) (exploit.rules)
Pro:
2816838 - ETPRO CURRENT_EVENTS Successful Excel Online Phish Mar 31
(current_events.rules)
2816839 - ETPRO CURRENT_EVENTS Phishing Landing via MyFreeSites.com (set)
Mar 31 (current_events.rules)
2816840 - ETPRO CURRENT_EVENTS Phishing Landing via MyFreeSites.com Mar
31 M1 (current_events.rules)
2816841 - ETPRO CURRENT_EVENTS Phishing Landing via MyFreeSites.com Mar
31 M2 (current_events.rules)
2816842 - ETPRO CURRENT_EVENTS Phishing Landing via MyFreeSites.com Mar
31 M3 (current_events.rules)
2816843 - ETPRO CURRENT_EVENTS Successful MyFreeSites.com Phish Mar 31
(current_events.rules)
2816844 - ETPRO TROJAN W32/Kovter Checkin 3 (trojan.rules)
2816845 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Rootnik.q Checkin
(mobile_malware.rules)
2816849 - ETPRO CURRENT_EVENTS Phishing Landing via Tripod.com (set) Mar
31 (current_events.rules)
2816850 - ETPRO CURRENT_EVENTS Phishing Landing via Tripod.com Mar 31 M1
(current_events.rules)
2816851 - ETPRO CURRENT_EVENTS Phishing Landing via Tripod.com Mar 31 M2
(current_events.rules)
2816852 - ETPRO CURRENT_EVENTS Phishing Landing via Tripod.com Mar 31 M3
(current_events.rules)
2816853 - ETPRO CURRENT_EVENTS Possible Successful Tripod.com Phish Mar
31 (current_events.rules)
2816854 - ETPRO TROJAN W32/Zeus Sphinx Checkin (trojan.rules)
2816855 - ETPRO TROJAN Downloader Possibly Retrieving Locky (trojan.rules)
2816856 - ETPRO TROJAN MSIL/Cyborg Password Stealer Exfil via FTP
(trojan.rules)
2816857 - ETPRO TROJAN W32/TrojanPSW.Ruftar Checkin (trojan.rules)
2816858 - ETPRO TROJAN MSIL/Backdoor.AlanD-RAT Activity (trojan.rules)
2816859 - ETPRO MALWARE Win32/OptimizerEliteMax.E PUP Activity
(malware.rules)
2816860 - ETPRO TROJAN Salam Ransomware CnC Checkin (trojan.rules)
[///] Modified active rules: [///]
2019779 - ET MALWARE PUP Win32/ELEX Checkin (malware.rules)
2022483 - ET TROJAN JS/Nemucod requesting EXE payload 2016-01-28
(trojan.rules)
2022686 - ET CURRENT_EVENTS Likely Evil Macro EXE DL mar 28 2016
(current_events.rules)
2815804 - ETPRO CURRENT_EVENTS Possible Nuclear EK Landing URI Struct Jan
14 M1 (current_events.rules)
2815805 - ETPRO CURRENT_EVENTS Possible Nuclear EK Landing URI Struct Jan
14 M2 (current_events.rules)
2815806 - ETPRO CURRENT_EVENTS Possible Nuclear EK Landing URI Struct Jan
14 M3 (current_events.rules)
2816216 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.ib Checkin
(mobile_malware.rules)
[---] Removed rules: [---]
2022659 - ET TROJAN Ransomware Locky .onion Payment Domain (trojan.rules)
2801985 - ETPRO TROJAN Blackhole Exploit Kit Redirect (trojan.rules)
2814977 - ETPRO MALWARE YesSearch PUP Activity (malware.rules)
2816836 - ETPRO TROJAN W32/Ohagi Checkin (trojan.rules)
[Attachment #5 (text/html)]
<div dir="ltr"><div> [***] Summary: [***]</div><div><br></div><div> 2 new Open \
Signatures, 22 new Pro (2 + 20). VARIOUS PHISHING, Salam, \
Kovter.</div><div><br></div><div> Thanks: @rmkml.</div><div><br></div><div> [+++] \
Added rules: [+++]</div><div><br></div><div> \
Open:</div><div><br></div><div> 2022692 - ET TROJAN JS/Nemucod requesting EXE \
payload 2016-03-31 (trojan.rules)</div><div> 2022693 - ET EXPLOIT TrendMicro \
node.js (Remote Debugger) (exploit.rules)</div><div><br></div><div> \
Pro:</div><div><br></div><div> 2816838 - ETPRO CURRENT_EVENTS Successful Excel \
Online Phish Mar 31 (current_events.rules)</div><div> 2816839 - ETPRO \
CURRENT_EVENTS Phishing Landing via MyFreeSites.com (set) Mar 31 \
(current_events.rules)</div><div> 2816840 - ETPRO CURRENT_EVENTS Phishing Landing \
via MyFreeSites.com Mar 31 M1 (current_events.rules)</div><div> 2816841 - ETPRO \
CURRENT_EVENTS Phishing Landing via MyFreeSites.com Mar 31 M2 \
(current_events.rules)</div><div> 2816842 - ETPRO CURRENT_EVENTS Phishing Landing \
via MyFreeSites.com Mar 31 M3 (current_events.rules)</div><div> 2816843 - ETPRO \
CURRENT_EVENTS Successful MyFreeSites.com Phish Mar 31 \
(current_events.rules)</div><div> 2816844 - ETPRO TROJAN W32/Kovter Checkin 3 \
(trojan.rules)</div><div> 2816845 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Rootnik.q \
Checkin (mobile_malware.rules)</div><div> 2816849 - ETPRO CURRENT_EVENTS Phishing \
Landing via Tripod.com (set) Mar 31 (current_events.rules)</div><div> 2816850 - \
ETPRO CURRENT_EVENTS Phishing Landing via Tripod.com Mar 31 M1 \
(current_events.rules)</div><div> 2816851 - ETPRO CURRENT_EVENTS Phishing Landing \
via Tripod.com Mar 31 M2 (current_events.rules)</div><div> 2816852 - ETPRO \
CURRENT_EVENTS Phishing Landing via Tripod.com Mar 31 M3 \
(current_events.rules)</div><div> 2816853 - ETPRO CURRENT_EVENTS Possible \
Successful Tripod.com Phish Mar 31 (current_events.rules)</div><div> 2816854 - \
ETPRO TROJAN W32/Zeus Sphinx Checkin (trojan.rules)</div><div> 2816855 - ETPRO \
TROJAN Downloader Possibly Retrieving Locky (trojan.rules)</div><div> 2816856 - \
ETPRO TROJAN MSIL/Cyborg Password Stealer Exfil via FTP (trojan.rules)</div><div> \
2816857 - ETPRO TROJAN W32/TrojanPSW.Ruftar Checkin (trojan.rules)</div><div> \
2816858 - ETPRO TROJAN MSIL/Backdoor.AlanD-RAT Activity (trojan.rules)</div><div> \
2816859 - ETPRO MALWARE Win32/OptimizerEliteMax.E PUP Activity \
(malware.rules)</div><div> 2816860 - ETPRO TROJAN Salam Ransomware CnC Checkin \
(trojan.rules)</div><div><br></div><div><br></div><div> [///] Modified active \
rules: [///]</div><div><br></div><div> 2019779 - ET MALWARE PUP Win32/ELEX \
Checkin (malware.rules)</div><div> 2022483 - ET TROJAN JS/Nemucod requesting EXE \
payload 2016-01-28 (trojan.rules)</div><div> 2022686 - ET CURRENT_EVENTS Likely \
Evil Macro EXE DL mar 28 2016 (current_events.rules)</div><div> 2815804 - ETPRO \
CURRENT_EVENTS Possible Nuclear EK Landing URI Struct Jan 14 M1 \
(current_events.rules)</div><div> 2815805 - ETPRO CURRENT_EVENTS Possible Nuclear \
EK Landing URI Struct Jan 14 M2 (current_events.rules)</div><div> 2815806 - ETPRO \
CURRENT_EVENTS Possible Nuclear EK Landing URI Struct Jan 14 M3 \
(current_events.rules)</div><div> 2816216 - ETPRO MOBILE_MALWARE \
Trojan-Spy.AndroidOS.Agent.ib Checkin \
(mobile_malware.rules)</div><div><br></div><div><br></div><div> [---] \
Removed rules: [---]</div><div><br></div><div> 2022659 - ET TROJAN \
Ransomware Locky .onion Payment Domain (trojan.rules)</div><div> 2801985 - ETPRO \
TROJAN Blackhole Exploit Kit Redirect (trojan.rules)</div><div> 2814977 - ETPRO \
MALWARE YesSearch PUP Activity (malware.rules)</div><div> 2816836 - ETPRO TROJAN \
W32/Ohagi Checkin (trojan.rules)</div><div><br></div></div>
_______________________________________________
Emerging-updates mailing list
Emerging-updates@lists.emergingthreats.net
https://lists.emergingthreats.net/mailman/listinfo/emerging-updates
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic