[Oisf-users] Daily Ruleset Update Summary 2016/06/08

[Francis Trudeau]

 [***] Summary: [***]

 10 new Open signatures, 25 new Pro (10 + 15).  Qarallax RAT,
BandarChor/CryptON, VARIOUS PHISHING.

 Thanks:  @rmkml.

 [+++]          Added rules:          [+++]

 Open:

  2022874 - ET INFO Windows Executable Sent When Remote Host Claims to Send
a RAR Archive (info.rules)
  2022875 - ET TROJAN BandarChor/CryptON Ransomware Checkin (trojan.rules)
  2022876 - ET INFO DYNAMIC_DNS Query to a Suspicious dynapoint.pw Domain
(info.rules)
  2022877 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2022878 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Shifu CnC) (trojan.rules)
  2022879 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gootkit CnC) (trojan.rules)
  2022880 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gootkit CnC) (trojan.rules)
  2022881 - ET TROJAN Qarallax RAT Downloading Modules (trojan.rules)
  2022882 - ET TROJAN Qarallax RAT Keepalive C2 (set) (trojan.rules)
  2022883 - ET TROJAN Qarallax RAT Keepalive C2 (trojan.rules)

 Pro:

  2820521 - ETPRO TROJAN PoisonIvy Keepalive to CnC 413 (trojan.rules)
  2820522 - ETPRO TROJAN PoisonIvy Keepalive to CnC 414 (trojan.rules)
  2820523 - ETPRO TROJAN PoisonIvy Keepalive to CnC 415 (trojan.rules)
  2820524 - ETPRO TROJAN PoisonIvy Keepalive to CnC 416 (trojan.rules)
  2820525 - ETPRO TROJAN PoisonIvy Keepalive to CnC 417 (trojan.rules)
  2820526 - ETPRO TROJAN Trojan-Ransom.Win32.Crypmod.xvg .onion Proxy
Domain (trojan.rules)
  2820527 - ETPRO TROJAN Win32/Remote Keylogger Asset Download Request
(trojan.rules)
  2820528 - ETPRO TROJAN Targeted Redirect to Flash Exploit Likely
CVE-2015-0313 (trojan.rules)
  2820529 - ETPRO CURRENT_EVENTS Paypal Phishing Landing Redirect Jun 8
(current_events.rules)
  2820530 - ETPRO CURRENT_EVENTS DrSpam Phishing Landing Jun 8
(current_events.rules)
  2820531 - ETPRO CURRENT_EVENTS DrSpam Phishing Landing CSS Jun 8
(current_events.rules)
  2820532 - ETPRO CURRENT_EVENTS Successful DrSpam Phish Jun 8 M1
(current_events.rules)
  2820533 - ETPRO CURRENT_EVENTS Successful DrSpam Phish Jun 8 M2
(current_events.rules)
  2820534 - ETPRO CURRENT_EVENTS Possible HMRC Phishing Domain Jun 8
(current_events.rules)
  2820535 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set)
Jun 8 (current_events.rules)


 [///]     Modified active rules:     [///]

  2005320 - ET TROJAN Suspicious User-Agent (MyAgent) (trojan.rules)
  2022859 - ET CURRENT_EVENTS Evil Redirector Leading to EK Jun 03, 2016
(current_events.rules)
  2022868 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Quakbot CnC) (trojan.rules)
  2820488 - ETPRO CURRENT_EVENTS Successful Docshares Phish Jun 6
(current_events.rules)


 [---]         Removed rules:         [---]

  2820448 - ETPRO TROJAN BandarChor/CryptON Ransomware Checkin
(trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160608/68d21a1b/attachment.html>