[Oisf-users] Daily Ruleset Update Summary 2016/04/21

[Francis Trudeau]

 [***] Summary: [***]

 1 new Open signature, 19 new Pro (1 + 18).  Browlock, Nuclear EK, Ursnif.

 [+++]          Added rules:          [+++]

 Open:

  2022752 - ET CURRENT_EVENTS Evil Redirector Leading to EK Apr 21 2016 M2
(current_events.rules)

 Pro:

  2819883 - ETPRO CURRENT_EVENTS Browlock Landing Page Apr 21
(current_events.rules)
  2819884 - ETPRO POLICY IP Check smart-ip.net HTTP (policy.rules)
  2819885 - ETPRO TROJAN Backdoor.Win32.Mokes.vpf CnC Beacon (trojan.rules)
  2819886 - ETPRO TROJAN Backdoor.Win32.Mokes.vpf CnC Beacon Response
(trojan.rules)
  2819887 - ETPRO CURRENT_EVENTS Possible Nuclear EK Payload VarLen XOR
(Nulls) M2 Apr 20 2016 (current_events.rules)
  2819888 - ETPRO TROJAN Andr/InfoStl-AU .onion Proxy Domain (trojan.rules)
  2819889 - ETPRO TROJAN Ursnif Variant C2 (trojan.rules)
  2819890 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.CM Checkin 2
(mobile_malware.rules)
  2819891 - ETPRO MALWARE W32/Unknown Reporting System Info (malware.rules)
  2819892 - ETPRO MOBILE_MALWARE PUP Android/Igexin.B Checkin
(mobile_malware.rules)
  2819893 - ETPRO TROJAN Backdoor.Win32.Mokes.vpf .onion Proxy Domain
(trojan.rules)
  2819894 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Tiny.bw Checkin
(mobile_malware.rules)
  2819895 - ETPRO TROJAN PoisonIvy Keepalive to CnC 313 (trojan.rules)
  2819896 - ETPRO CURRENT_EVENTS Successful Zoom Phish Apr 21
(current_events.rules)
  2819897 - ETPRO CURRENT_EVENTS Successful Scotia Bank Phish Apr 21
(current_events.rules)
  2819898 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.dt Checkin
(mobile_malware.rules)
  2819899 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-04-21 1) (trojan.rules)
  2819900 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Apr 21 2016
(current_events.rules)


 [///]     Modified active rules:     [///]

  2816204 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.CM Checkin
(mobile_malware.rules)
  2816395 - ETPRO TROJAN Nymaim Checkin 5 (trojan.rules)
  2816404 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Feb 26 2016
(current_events.rules)
  2816669 - ETPRO TROJAN W32/Nymaim Checkin 7 (trojan.rules)
  2819805 - ETPRO TROJAN CryptXXX Checkin (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160421/bd34f5da/attachment.html>