[Oisf-users] Daily Ruleset Update Summary 2016/04/21

Francis Trudeau ftrudeau at emergingthreats.net
Thu Apr 21 21:18:19 UTC 2016 

Sorry for the noise, Gmail decided oisf-users would be a nice addition to
my sender list.



On Thu, Apr 21, 2016 at 2:58 PM, Francis Trudeau <
ftrudeau at emergingthreats.net> wrote:

>  [***] Summary: [***]
>
>  1 new Open signature, 19 new Pro (1 + 18).  Browlock, Nuclear EK, Ursnif.
>
>  [+++]          Added rules:          [+++]
>
>  Open:
>
>   2022752 - ET CURRENT_EVENTS Evil Redirector Leading to EK Apr 21 2016 M2
> (current_events.rules)
>
>  Pro:
>
>   2819883 - ETPRO CURRENT_EVENTS Browlock Landing Page Apr 21
> (current_events.rules)
>   2819884 - ETPRO POLICY IP Check smart-ip.net HTTP (policy.rules)
>   2819885 - ETPRO TROJAN Backdoor.Win32.Mokes.vpf CnC Beacon (trojan.rules)
>   2819886 - ETPRO TROJAN Backdoor.Win32.Mokes.vpf CnC Beacon Response
> (trojan.rules)
>   2819887 - ETPRO CURRENT_EVENTS Possible Nuclear EK Payload VarLen XOR
> (Nulls) M2 Apr 20 2016 (current_events.rules)
>   2819888 - ETPRO TROJAN Andr/InfoStl-AU .onion Proxy Domain (trojan.rules)
>   2819889 - ETPRO TROJAN Ursnif Variant C2 (trojan.rules)
>   2819890 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.CM Checkin 2
> (mobile_malware.rules)
>   2819891 - ETPRO MALWARE W32/Unknown Reporting System Info (malware.rules)
>   2819892 - ETPRO MOBILE_MALWARE PUP Android/Igexin.B Checkin
> (mobile_malware.rules)
>   2819893 - ETPRO TROJAN Backdoor.Win32.Mokes.vpf .onion Proxy Domain
> (trojan.rules)
>   2819894 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Tiny.bw Checkin
> (mobile_malware.rules)
>   2819895 - ETPRO TROJAN PoisonIvy Keepalive to CnC 313 (trojan.rules)
>   2819896 - ETPRO CURRENT_EVENTS Successful Zoom Phish Apr 21
> (current_events.rules)
>   2819897 - ETPRO CURRENT_EVENTS Successful Scotia Bank Phish Apr 21
> (current_events.rules)
>   2819898 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.dt Checkin
> (mobile_malware.rules)
>   2819899 - ETPRO TROJAN CoinMiner Known malicious stratum authline
> (2016-04-21 1) (trojan.rules)
>   2819900 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Apr 21 2016
> (current_events.rules)
>
>
>  [///]     Modified active rules:     [///]
>
>   2816204 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.CM Checkin
> (mobile_malware.rules)
>   2816395 - ETPRO TROJAN Nymaim Checkin 5 (trojan.rules)
>   2816404 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Feb 26 2016
> (current_events.rules)
>   2816669 - ETPRO TROJAN W32/Nymaim Checkin 7 (trojan.rules)
>   2819805 - ETPRO TROJAN CryptXXX Checkin (trojan.rules)
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160421/d5d08a94/attachment-0002.html>

More information about the Oisf-users mailing list