[prev in list] [next in list] [prev in thread] [next in thread] 

List:       emerging-updates
Subject:    [Emerging-updates] Daily Ruleset Update Summary 2016/08/31
From:       Francis Trudeau <ftrudeau () emergingthreats ! net>
Date:       2016-08-31 21:55:12
Message-ID: CAA-Ja_6D6K2XvKUj2CGqm5=paerP5AmGNQV5G3Gw8Ap=yGDo_g () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


 [***] Summary: [***]

 1 new Open signature, 29 new Pro (1 + 28).  TorrentLocker, Ursnif, Cerber.

 Thanks:  Kevin Branch, Kevin Ross and @malwaretraffic.

 [+++]          Added rules:          [+++]

Open:

  2023142 - ET TROJAN TorrentLocker DNS Lookup (bigcrashcar.net)
(trojan.rules)

 Pro:

  2821922 - ETPRO TROJAN Ursnif Variant Connectivity Check to gnu.org
(trojan.rules)  2821923 - ETPRO POLICY DNS Query to .onion proxy Domain
(onion.my) (policy.rules)
  2821924 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.tech)
(policy.rules)
  2821925 - ETPRO POLICY DNS Query to .onion proxy Domain (hiddenservice.net)
(policy.rules)
  2821926 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.cl)
(policy.rules)
  2821927 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.it)
(policy.rules)
  2821928 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.ink)
(policy.rules)
  2821929 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.live)
(policy.rules)
  2821930 - ETPRO POLICY DNS Query to .onion proxy Domain (torlink.co)
(policy.rules)
  2821931 - ETPRO POLICY DNS Query to .onion proxy Domain (tor2.club)
(policy.rules)
  2821932 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.co)
(policy.rules)
  2821933 - ETPRO TROJAN ReverseShell Download .onion Proxy Domain
(trojan.rules)
  2821934 - ETPRO TROJAN Meterpreter .onion Proxy Domain (trojan.rules)
  2821935 - ETPRO CURRENT_EVENTS Successful Paypal Phish Aug 31 2016
(current_events.rules)
  2821936 - ETPRO CURRENT_EVENTS Successful Facebook Phish Aug 31 2016
(current_events.rules)
  2821937 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 Aug 31
2016 (current_events.rules)
  2821938 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M2 Aug 31
2016 (current_events.rules)
  2821939 - ETPRO CURRENT_EVENTS Successful Westpac Bank Phish Aug 31 2016
(current_events.rules)
  2821940 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish Aug 31 2016
(current_events.rules)
  2821941 - ETPRO CURRENT_EVENTS Successful FR Paypal Phish Aug 31 2016
(current_events.rules)
  2821942 - ETPRO CURRENT_EVENTS Successful Outlook Phish Aug 31 2016
(current_events.rules)
  2821943 - ETPRO CURRENT_EVENTS DHL Phishing Landing Aug 31 2016
(current_events.rules)
  2821944 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Aug 31 2016
(current_events.rules)
  2821948 - ETPRO TROJAN Trojan.MSIL.Ranos.A Bot USER Command (trojan.rules)
  2821949 - ETPRO MALWARE Win32/CN.PUPDropper Checkin (malware.rules)
  2821950 - ETPRO TROJAN PoisonIvy Keepalive to CnC 500 (trojan.rules)
  2821951 - ETPRO TROJAN Ransomware/Cerber Onion Domain Lookup
(trojan.rules)
  2821952 - ETPRO CURRENT_EVENTS Evil Redirector to EK - Observed Malicious
SSL Cert (current_events.rules)


 [///]     Modified active rules:     [///]

  2021977 - ET TROJAN NetWire / Ozone / Darktrack Alien RAT - Server Hello
(trojan.rules)
  2021978 - ET TROJAN NetWire / Ozone / Darktrack Alien RAT - Client
KeepAlive (trojan.rules)
  2809943 - ETPRO MALWARE Win32/Adware.iBryte.BX CnC Beacon (malware.rules)
  2815979 - ETPRO CURRENT_EVENTS Phishing Landing via Webeden.co.uk Jan 26
M1 (current_events.rules)
  2816063 - ETPRO TROJAN W32/Galaxy Keylogger IP Check (trojan.rules)
  2820237 - ETPRO CURRENT_EVENTS Successful Dropbox Phish May 16
(current_events.rules)
  2821562 - ETPRO TROJAN Win32/CryptFile2 Ransomware Fake Image Response
(trojan.rules)
  2821881 - ETPRO INFO Suspicious Dropbox Page - Possible Phishing Landing
(info.rules)
  2821882 - ETPRO INFO Suspicious Yahoo Page - Possible Phishing Landing
(info.rules)
  2821883 - ETPRO INFO Suspicious Google Docs Page - Possible Phishing
Landing (info.rules)


 [---]         Removed rules:         [---]

  2816570 - ETPRO TROJAN AgentTesla PWS HTTP CnC Checkin (trojan.rules)

[Attachment #5 (text/html)]

<div dir="ltr"><div>  [***] Summary: [***]</div><div><br></div><div>  1 new Open \
signature, 29 new Pro (1 + 28).   TorrentLocker, Ursnif, \
Cerber.</div><div><br></div><div>  Thanks:   Kevin Branch, Kevin Ross and \
@malwaretraffic.</div><div><br></div><div>  [+++]               Added rules:          \
[+++]</div><div><br></div><div>Open:</div><div><br></div><div>   2023142 - ET TROJAN \
TorrentLocker DNS Lookup (<a href="http://bigcrashcar.net">bigcrashcar.net</a>) \
(trojan.rules)</div><div><br></div><div>  Pro:</div><div><br></div><div>   2821922 - \
ETPRO TROJAN Ursnif Variant Connectivity Check to <a \
href="http://gnu.org">gnu.org</a> (trojan.rules)   2821923 - ETPRO POLICY DNS Query \
to .onion proxy Domain (onion.my) (policy.rules)</div><div>   2821924 - ETPRO POLICY \
DNS Query to .onion proxy Domain (onion.tech) (policy.rules)</div><div>   2821925 - \
ETPRO POLICY DNS Query to .onion proxy Domain (<a \
href="http://hiddenservice.net">hiddenservice.net</a>) (policy.rules)</div><div>   \
2821926 - ETPRO POLICY DNS Query to .onion proxy Domain (<a \
href="http://onion.cl">onion.cl</a>) (policy.rules)</div><div>   2821927 - ETPRO \
POLICY DNS Query to .onion proxy Domain (<a href="http://onion.it">onion.it</a>) \
(policy.rules)</div><div>   2821928 - ETPRO POLICY DNS Query to .onion proxy Domain \
(onion.ink) (policy.rules)</div><div>   2821929 - ETPRO POLICY DNS Query to .onion \
proxy Domain (onion.live) (policy.rules)</div><div>   2821930 - ETPRO POLICY DNS \
Query to .onion proxy Domain (<a href="http://torlink.co">torlink.co</a>) \
(policy.rules)</div><div>   2821931 - ETPRO POLICY DNS Query to .onion proxy Domain \
(tor2.club) (policy.rules)</div><div>   2821932 - ETPRO POLICY DNS Query to .onion \
proxy Domain (<a href="http://onion.co">onion.co</a>) (policy.rules)</div><div>   \
2821933 - ETPRO TROJAN ReverseShell Download .onion Proxy Domain \
(trojan.rules)</div><div>   2821934 - ETPRO TROJAN Meterpreter .onion Proxy Domain \
(trojan.rules)</div><div>   2821935 - ETPRO CURRENT_EVENTS Successful Paypal Phish \
Aug 31 2016 (current_events.rules)</div><div>   2821936 - ETPRO CURRENT_EVENTS \
Successful Facebook Phish Aug 31 2016 (current_events.rules)</div><div>   2821937 - \
ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 Aug 31 2016 \
(current_events.rules)</div><div>   2821938 - ETPRO CURRENT_EVENTS Successful Bank of \
America Phish M2 Aug 31 2016 (current_events.rules)</div><div>   2821939 - ETPRO \
CURRENT_EVENTS Successful Westpac Bank Phish Aug 31 2016 \
(current_events.rules)</div><div>   2821940 - ETPRO CURRENT_EVENTS Successful Wells \
Fargo Phish Aug 31 2016 (current_events.rules)</div><div>   2821941 - ETPRO \
CURRENT_EVENTS Successful FR Paypal Phish Aug 31 2016 \
(current_events.rules)</div><div>   2821942 - ETPRO CURRENT_EVENTS Successful Outlook \
Phish Aug 31 2016 (current_events.rules)</div><div>   2821943 - ETPRO CURRENT_EVENTS \
DHL Phishing Landing Aug 31 2016 (current_events.rules)</div><div>   2821944 - ETPRO \
CURRENT_EVENTS Successful Dropbox Phish Aug 31 2016 (current_events.rules)</div><div> \
2821948 - ETPRO TROJAN Trojan.MSIL.Ranos.A Bot USER Command (trojan.rules)</div><div> \
2821949 - ETPRO MALWARE Win32/CN.PUPDropper Checkin (malware.rules)</div><div>   \
2821950 - ETPRO TROJAN PoisonIvy Keepalive to CnC 500 (trojan.rules)</div><div>   \
2821951 - ETPRO TROJAN Ransomware/Cerber Onion Domain Lookup \
(trojan.rules)</div><div>   2821952 - ETPRO CURRENT_EVENTS Evil Redirector to EK - \
Observed Malicious SSL Cert \
(current_events.rules)</div><div><br></div><div><br></div><div>  [///]       Modified \
active rules:       [///]</div><div><br></div><div>   2021977 - ET TROJAN NetWire / \
Ozone / Darktrack Alien RAT - Server Hello (trojan.rules)</div><div>   2021978 - ET \
TROJAN NetWire / Ozone / Darktrack Alien RAT - Client KeepAlive \
(trojan.rules)</div><div>   2809943 - ETPRO MALWARE Win32/Adware.iBryte.BX CnC Beacon \
(malware.rules)</div><div>   2815979 - ETPRO CURRENT_EVENTS Phishing Landing via <a \
href="http://Webeden.co.uk">Webeden.co.uk</a> Jan 26 M1 \
(current_events.rules)</div><div>   2816063 - ETPRO TROJAN W32/Galaxy Keylogger IP \
Check (trojan.rules)</div><div>   2820237 - ETPRO CURRENT_EVENTS Successful Dropbox \
Phish May 16 (current_events.rules)</div><div>   2821562 - ETPRO TROJAN \
Win32/CryptFile2 Ransomware Fake Image Response (trojan.rules)</div><div>   2821881 - \
ETPRO INFO Suspicious Dropbox Page - Possible Phishing Landing \
(info.rules)</div><div>   2821882 - ETPRO INFO Suspicious Yahoo Page - Possible \
Phishing Landing (info.rules)</div><div>   2821883 - ETPRO INFO Suspicious Google \
Docs Page - Possible Phishing Landing \
(info.rules)</div><div><br></div><div><br></div><div>  [---]             Removed \
rules:             [---]</div><div><br></div><div>   2816570 - ETPRO TROJAN \
AgentTesla PWS HTTP CnC Checkin (trojan.rules)</div><div><br></div></div>



_______________________________________________
Emerging-updates mailing list
Emerging-updates@lists.emergingthreats.net
https://lists.emergingthreats.net/mailman/listinfo/emerging-updates


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic