Quantcast
Channel: Daily Ruleset Update Summary
Viewing all 147 articles
Browse latest View live

Daily Ruleset Update Summary 2015/09/16

September 16, 2015, 3:18 pm
$
0
0

[***] Summary: [***]

11 new Open signatures, 26 new Pro (11 + 15). Iron Tiger, PlugX, Hawkeye Keylogger, Magnitude.


[+++] Added rules: [+++]

2021786 - ET CURRENT_EVENTS Unknown Malicious Second Stage Download URI Struct Sept 15 2015 (current_events.rules)
2021787 - ET CURRENT_EVENTS Unknown Malicious Second Stage Download URI Struct Sept 15 2015 (current_events.rules)
2021788 - ET TROJAN Iron Tiger DNSTunnel DNS Lookup (xssok.blogspot.com) (trojan.rules)
2021789 - ET TROJAN Iron Tiger DNSTunnel Retrieving CnC (trojan.rules)
2021790 - ET TROJAN Iron Tiger Backdoor.GCloud CnC Beacon (trojan.rules)
2021791 - ET TROJAN PlugX UDP CnC Beacon (trojan.rules)
2021792 - ET TROJAN Iron Tiger Gh0ST/PlugX/Various Backdoors DNS Lookup (gameofthrones.ddns.net) (trojan.rules)
2021793 - ET TROJAN Iron Tiger Likely PlugX DNS Lookup (chrome.servehttp.com) (trojan.rules)
2021794 - ET TROJAN Iron Tiger Backdoor.GTalkTrojan DNS Lookup (update.gtalklite.com) (trojan.rules)
2021795 - ET TROJAN Iron Tiger HTTPBrowser DNS Lookup (trendmicro-update.org) (trojan.rules)
2021796 - ET TROJAN Possible Passthru/Kshell Port Redirection Initiation (trojan.rules)

Pro:

2813036 - ETPRO TROJAN Win32/Banload.VJB CnC Checkin (trojan.rules)
2813037 - ETPRO TROJAN Remtasu.f Checkin (trojan.rules)
2813038 - ETPRO TROJAN Hawkeye Keylogger Sending Software Keys (trojan.rules)
2813039 - ETPRO TROJAN Hawkeye Keylogger Sending Web Account Data (trojan.rules)
2813040 - ETPRO TROJAN Hawkeye Keylogger Sending Email Account Data (trojan.rules)
2813041 - ETPRO CURRENT_EVENTS Successful LinkedIn Phish Sept 16 (current_events.rules)
2813042 - ETPRO CURRENT_EVENTS Successful DHL Phish Sept 16 (current_events.rules)
2813043 - ETPRO CURRENT_EVENTS DHL Phish Landing Page Sept 16 (current_events.rules)
2813044 - ETPRO TROJAN Superman APT SSL certificate detected (trojan.rules)
2813045 - ETPRO TROJAN Adware.Ymeta CnC Checkin (trojan.rules)
2813046 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.du Checkin 3 (mobile_malware.rules)
2813047 - ETPRO MOBILE_MALWARE Android/Andup.Y Checkin (mobile_malware.rules)
2813048 - ETPRO TROJAN Win32/Delfinject.gen!AN Checkin (trojan.rules)
2813049 - ETPRO CURRENT_EVENTS File Enum Image Res (Observed in Magnitude EK Landing) Sept 16 2015 (current_events.rules)
2813050 - ETPRO CURRENT_EVENTS Magnitude EK Landing Sept 16 2015 (current_events.rules)


[///] Modified active rules: [///]

2008860 - ET TELNET External Telnet Attempt To Cisco Device With No Telnet Password Set (Automatically Dissalowed Until Password Set) (telnet.rules)
2010623 - ET WEB_SERVER Cisco IOS HTTP Server Exec Command Execution Attempt (web_server.rules)
2021785 - ET TROJAN SYNful Knock Cisco IOS Router Implant CnC Beacon (INBOUND) (trojan.rules)
2807422 - ETPRO TROJAN Likely APT HTTPBrowser Checkin (trojan.rules)
2811048 - ETPRO TROJAN Superman APT CnC POST (trojan.rules)
2812663 - ETPRO TROJAN Win32/Wedots.A Retrieving Config (trojan.rules)
2812840 - ETPRO MALWARE PUA.Win32.Amonetize/Strictor Checkin (malware.rules)

[///] Modified inactive rules: [///]

2008861 - ET TELNET External Telnet Login Prompt from Cisco Device (telnet.rules)


[---] Removed rules: [---]

2012921 - ET TROJAN Possible TDSS Base64 Encoded Command 1 (trojan.rules)
2012922 - ET TROJAN Possible TDSS Base64 Encoded Command 2 (trojan.rules)
2012923 - ET TROJAN Possible TDSS Base64 Encoded Command 3 (trojan.rules)

Search

Daily Ruleset Update Summary 2015/09/17

September 17, 2015, 4:01 pm
$
0
0

[***] Summary: [***]

3 new Open signatures, 20 new Pro (3 + 17). Magnitude EK, Vawtrak, Bladabindi.

Thanks: @abuse_ch.

[+++] Added rules: [+++]

Open:

2021797 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)
2021798 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)
2021799 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)

Pro:

2813051 - ETPRO TROJAN MSIL/Bladabindi.G Checkin (trojan.rules)
2813052 - ETPRO TROJAN Win32/TrojanDownloader.Banload.UPP Requesting Data (trojan.rules)
2813053 - ETPRO TROJAN Win32/Injector.gen!W CnC Checkin (trojan.rules)
2813054 - ETPRO CURRENT_EVENTS Magnitude EK Landing Sept 16 2015 M2 (current_events.rules)
2813055 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.dw Checkin 3 (mobile_malware.rules)
2813056 - ETPRO MOBILE_MALWARE Android/Ksapp.L Checkin 2 (mobile_malware.rules)
2813057 - ETPRO CURRENT_EVENTS OWA PHISH - Fake Outlook Web Access Sep 17 2015 (current_events.rules)
2813058 - ETPRO CURRENT_EVENTS Successful OWA PHISH - Fake Outlook Web Access Sep 17 2015 (current_events.rules)
2813059 - ETPRO TROJAN Possible Vawtrak CnC traffic Sept 2015 (1) (trojan.rules)
2813060 - ETPRO TROJAN Possible Vawtrak CnC traffic Sept 2015 (2) (trojan.rules)
2813061 - ETPRO MOBILE_MALWARE Android.Trojan.SLocker.CS Checkin (mobile_malware.rules)
2813062 - ETPRO TROJAN W32/Agent.NESQNX!tr SQL CnC (trojan.rules)
2813063 - ETPRO TROJAN Trojan-Ransom.Win32.Blocker.hpri Checkin (trojan.rules)
2813064 - ETPRO TROJAN Bitcoin miner known malicious basic auth (MTJlTGlBRUFxTTZNRTlNWEE4QjhpSDdSZTZDWjY2NnE3czp4) (trojan.rules)
2813065 - ETPRO TROJAN Bitcoin miner known malicious basic auth (MXpQUmg0Vjc2bkpHN2dLU1JGYmdYa3dRTkFFYUxnM0p0Ong=) (trojan.rules)
2813066 - ETPRO TROJAN CoinMiner Known malicious stratum authline (2015-09-17 1) (trojan.rules)
2813067 - ETPRO TROJAN CoinMiner Known malicious stratum authline (2015-09-17 2) (trojan.rules)


[///] Modified active rules: [///]

2020826 - ET CURRENT_EVENTS Potential Dridex.Maldoc Minimal Executable Request (current_events.rules)
2021765 - ET CURRENT_EVENTS Possible Spartan/Nuclear EK Payload (current_events.rules)
2812049 - ETPRO TROJAN CosmicDuke Exfiltrating Data via FTP STOR (trojan.rules)
2812885 - ETPRO TROJAN Win32/TrojanDownloader.Banload.WKA Receiving Data (trojan.rules)
2812957 - ETPRO TROJAN Unknown CnC Checkin (trojan.rules)
2813050 - ETPRO CURRENT_EVENTS Magnitude EK Landing Sept 16 2015 (current_events.rules)


[---] Removed rules: [---]

2813021 - ETPRO TROJAN Win32/Wedots.A Checkin (trojan.rules)

Daily Ruleset Update Summary 2015/09/18

September 18, 2015, 3:49 pm
$
0
0

[***] Summary: [***]

1 new Open signature, 5 new Pro.

[+++] Added rules: [+++]

Open:

2021800 - ET TROJAN Win32/Spy.Odlanor CnC Checkin (trojan.rules)

Pro:

2813068 - ETPRO TROJAN Win32/Skeeyah.A!rfn Variant Checkin (trojan.rules)
2813069 - ETPRO TROJAN H1N1 Loader connectivity check - adobe.com (trojan.rules)
2813071 - ETPRO TROJAN H1N1 Loader executable download (trojan.rules)
2813072 - ETPRO TROJAN W32/CloudDuke.B SSL Cert (trojan.rules)
2813073 - ETPRO TROJAN Linux.Trojan.Concbak Checkin (trojan.rules)


[///] Modified active rules: [///]

2021765 - ET CURRENT_EVENTS Possible Spartan/Nuclear EK Payload (current_events.rules)
2812786 - ETPRO TROJAN Downloader Agent.wsjbj Checkin 1 (trojan.rules)


[---] Removed rules: [---]

2018597 - ET TROJAN Dyreza RAT Checkin Response 2 (trojan.rules)

Daily Ruleset Update Summary 2015/09/21

September 21, 2015, 4:47 pm
$
0
0

[***] Summary: [***]

10 new Open signatures, 49 new Pro (10 + 39). XCodeGhost, Qadars, SandboxTester.

Thanks: Jake Warren, Michael Ippolito and @abuse_ch.

[+++] Added rules: [+++]

Open:

2021801 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)
2021802 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (trojan.rules)
2021803 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (trojan.rules)
2021804 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (trojan.rules)
2021805 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Rovnix CnC) (trojan.rules)
2021806 - ET TROJAN XCodeGhost DNS Lookup (trojan.rules)
2021807 - ET TROJAN XCodeGhost DNS Lookup (trojan.rules)
2021808 - ET TROJAN XCodeGhost DNS Lookup (trojan.rules)
2021809 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)
2021810 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)

Pro:

2813074 - ETPRO TROJAN Trojan-Ransom.NSIS.Onion.hii CnC Beacon (trojan.rules)
2813075 - ETPRO TROJAN Likely Malicious Base64 PE via Terse HTTP Request to Pastebin (trojan.rules)
2813076 - ETPRO TROJAN Bitcoin miner known malicious basic auth (bG9hZHJzMjAwOS40Ong=) (trojan.rules)
2813077 - ETPRO TROJAN Win32/PSW.Papras Variant CnC Beacon (trojan.rules)
2813078 - ETPRO TROJAN PoisonIvy Keepalive to CnC 222 (trojan.rules)
2813079 - ETPRO TROJAN PoisonIvy Keepalive to CnC 223 (trojan.rules)
2813080 - ETPRO TROJAN Bitcoin miner known malicious basic auth (cmVkZW1fZzpjZ3VpbGd1bGQ=) (trojan.rules)
2813081 - ETPRO TROJAN Bitcoin miner known malicious basic auth (amhkcmhidXh5LjI6eA==) (trojan.rules)
2813082 - ETPRO TROJAN Bitcoin miner known malicious basic auth (aW1hZ2luYXRpb246bGl2ZWZyZWU=) (trojan.rules)
2813083 - ETPRO TROJAN Bitcoin miner known malicious basic auth (ZGF7igiC6sk8XWPMuuzIYDTYg3WsVEOvuMgXY9AyXwLhx40NW84tr37zG+N9vdgn5cp07qqMuH1ePsaCTQPWpxMBOg==) (trojan.rules)
2813084 - ETPRO TROJAN Bitcoin miner known malicious basic auth (d2VlZG1hbl9ydW5uZXI6ZHJ1Z21vbmV5) (trojan.rules)
2813085 - ETPRO TROJAN Bitcoin miner known malicious basic auth (am9keWZvc3Rlci4yOjEyMzQ=) (trojan.rules)
2813086 - ETPRO TROJAN Bitcoin miner known malicious basic auth (bWFnaWNwYXRhX3JlbW90ZTphbGx5MQ==) (trojan.rules)
2813087 - ETPRO TROJAN Bitcoin miner known malicious basic auth (ZnJlc2hzaGl0MjJAaG90bWFpbC5jb21fMTptYXRyaXg=) (trojan.rules)
2813088 - ETPRO TROJAN Bitcoin miner known malicious basic auth (ZWx2aXNyZW5lLjM6MQ==) (trojan.rules)
2813089 - ETPRO TROJAN Qadars SSL Cert (trojan.rules)
2813090 - ETPRO TROJAN Qadars SSL Cert (trojan.rules)
2813091 - ETPRO TROJAN Unknown .NET Credstealer (trojan.rules)
2813092 - ETPRO TROJAN TorrentLocker SSL Cert (trojan.rules)
2813093 - ETPRO TROJAN Infostealer.Bancos Variant SMTP Beacon (trojan.rules)
2813094 - ETPRO TROJAN Win32/Skeeyah.A Retrieving PE (trojan.rules)
2813095 - ETPRO TROJAN Unknown Downloader Likely Retrieving Ponmocup (trojan.rules)
2813096 - ETPRO MOBILE_MALWARE Android Unknown Trojan Checkin (mobile_malware.rules)
2813097 - ETPRO TROJAN Unknown SSL Cert (trojan.rules)
2813098 - ETPRO TROJAN Win32/Banload Variant CnC Activity 1 (trojan.rules)
2813099 - ETPRO TROJAN Win32/Banload Variant CnC Activity 2 (trojan.rules)
2814000 - ETPRO TROJAN Win32/TrojanDownloader.Banload Retrieving compressed PE set (ZIP) (trojan.rules)
2814001 - ETPRO TROJAN Python/SandboxTester CnC Beacon M1 (trojan.rules)
2814002 - ETPRO TROJAN Python/SandboxTester CnC Beacon M2 (trojan.rules)
2814003 - ETPRO TROJAN Python/SandboxTester Sending Screenshot (trojan.rules)
2814004 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Sept 21 (current_events.rules)
2814005 - ETPRO CURRENT_EVENTS Successful Battle.net Phish Sept 21 (current_events.rules)
2814006 - ETPRO CURRENT_EVENTS Successful Amazon Phish Sept 21 M1 (current_events.rules)
2814007 - ETPRO CURRENT_EVENTS Successful Amazon Phish Sept 21 M2 (current_events.rules)
2814008 - ETPRO CURRENT_EVENTS Successful Amazon Phish Sept 21 M3 (current_events.rules)
2814009 - ETPRO CURRENT_EVENTS Successful Amazon Phish Sept 21 M4 (current_events.rules)
2814010 - ETPRO CURRENT_EVENTS Successful Amazon Phish Sept 21 M5 (current_events.rules)
2814011 - ETPRO CURRENT_EVENTS Amazon Phish Landing Sept 21 (current_events.rules)
2814012 - ETPRO MALWARE PUP Win32/Adware.Similagro CnC Beacon (malware.rules)


[///] Modified active rules: [///]

2014726 - ET POLICY Outdated Windows Flash Version IE (policy.rules)
2014727 - ET POLICY Outdated Mac Flash Version (policy.rules)
2020328 - ET CURRENT_EVENTS Possible Dridex Campaign Download Jan 28 2015 (current_events.rules)
2806312 - ETPRO TROJAN Win32/Spy.Bancos.OUH Checkin (trojan.rules)
2811838 - ETPRO CURRENT_EVENTS Suspicious Terse HTTP Request to Pastebin (current_events.rules)
2812032 - ETPRO CURRENT_EVENTS Suspicious Terse HTTP Request to Pastebin (current_events.rules)
2812407 - ETPRO TROJAN Win32/Venik HTTP CnC Beacon (trojan.rules)


[---] Removed rules: [---]

2813028 - ETPRO TROJAN Rovnix SSL Cert (trojan.rules)

Daily Ruleset Update Summary 2015/09/22

September 22, 2015, 2:55 pm
$
0
0

[***] Summary: [***]

8 new Open signatures, 54 new Pro. TorrentLocker, CozyCar, Shiz, njRAT.

Thanks: Andrea De Pasquale, Brian Kellogg and @abuse_ch.

[+++] Added rules: [+++]

Open:

2021811 - ET CURRENT_EVENTS Fake AV Phone Scam Landing Sept 21 2015 (current_events.rules)
2021812 - ET TROJAN Win32/PSW.Papras Variant CnC Beacon 2 (trojan.rules)
2021813 - ET TROJAN Win32/PSW.Papras Variant CnC Beacon (trojan.rules)
2021814 - ET TROJAN Win32/PSW.Papras Variant CnC Beacon 3 (trojan.rules)
2021815 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Spy.Shiz CnC) (trojan.rules)
2021816 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Spy.Shiz CnC) (trojan.rules)
2021817 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)
2021818 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)

Pro:

2814013 - ETPRO TROJAN Ruby/Rozena.B SSL Cert (trojan.rules)
2814014 - ETPRO TROJAN Win32/Bancos.EC Activity (trojan.rules)
2814015 - ETPRO TROJAN TorrentLocker SSL Cert (trojan.rules)
2814016 - ETPRO TROJAN Possible APT CozyCar SSL Cert 11 (trojan.rules)
2814017 - ETPRO TROJAN W32/Nurjax Checkin (trojan.rules)
2814018 - ETPRO TROJAN W32/Delf.NLJ!worm Posting Data (trojan.rules)
2814019 - ETPRO MALWARE Coin32 Loader (malware.rules)
2814020 - ETPRO TROJAN Winlock/CryptoLocker2 SSL Cert (trojan.rules)
2814021 - ETPRO TROJAN Win32/BrowserPassview Sending Data via HTTP (trojan.rules)
2814022 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Leech.a Checkin (mobile_malware.rules)
2814023 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Leech.a Checkin 2 (mobile_malware.rules)
2814024 - ETPRO MOBILE_MALWARE Android/TrojanDownloader.Agent.DM Download (mobile_malware.rules)
2814025 - ETPRO TROJAN Win32/Banload.VUZ Activity (trojan.rules)
2814026 - ETPRO TROJAN Unknown Powershell Backdoor SSL Cert Sept 21 2015 (trojan.rules)
2814027 - ETPRO TROJAN TorrentLocker SSL Cert (trojan.rules)
2814028 - ETPRO TROJAN W32/Tepfer Variant CnC Beacon (trojan.rules)
2814029 - ETPRO TROJAN Ursnif SSL Cert (trojan.rules)
2814030 - ETPRO TROJAN W32/Quasar RAT Connectivity Check 2 (trojan.rules)
2814031 - ETPRO TROJAN W32/Quasar RAT Connectivity Check (trojan.rules)
2814032 - ETPRO MALWARE VKontakteDJ PUP Activity (malware.rules)
2814033 - ETPRO MOBILE_MALWARE Android/SMSreg.RK Checkin (mobile_malware.rules)
2814034 - ETPRO TROJAN Win32.Diztakun.zsg Infostealer M5 (trojan.rules)
2814035 - ETPRO TROJAN Win32/Spy.Shiz SSL Cert (trojan.rules)
2814036 - ETPRO TROJAN TorrentLocker SSL Cert (trojan.rules)
2814039 - ETPRO CURRENT_EVENTS Wire Transfer Phish Landing Sept 22 (current_events.rules)
2814040 - ETPRO CURRENT_EVENTS Successful Wire Transfer Phish Sept 22 (current_events.rules)
2814041 - ETPRO CURRENT_EVENTS Successful Linkedin Phish Sept 22 (current_events.rules)
2814042 - ETPRO CURRENT_EVENTS Successful Chase Phish Sept 22 (current_events.rules)
2814043 - ETPRO CURRENT_EVENTS Successful Apple Connect Phish Sept 22 (current_events.rules)
2814044 - ETPRO MALWARE QQBrowser Adware PUP Activity (malware.rules)
2814045 - ETPRO MALWARE Siteken.PrefChanger.A PUP Retrieving Config (malware.rules)
2814046 - ETPRO TROJAN MalDoc Retrieving PowerSploit (trojan.rules)
2814047 - ETPRO TROJAN Unknown Downloader CnC Checkin (trojan.rules)
2814048 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.sn Checkin (mobile_malware.rules)
2814049 - ETPRO TROJAN Win32/TrojanDownloader.Banload.VUF Retrieving Payload (trojan.rules)
2814050 - ETPRO TROJAN Spy.Shiz HTTP CnC Beacon M1 (trojan.rules)
2814051 - ETPRO TROJAN Spy.Shiz HTTP b64 CnC Beacon M2 (1) (trojan.rules)
2814052 - ETPRO TROJAN Spy.Shiz HTTP b64 CnC Beacon M2 (2) (trojan.rules)
2814053 - ETPRO TROJAN Spy.Shiz HTTP b64 CnC Beacon M2 (3) (trojan.rules)
2814054 - ETPRO TROJAN njRAT Outbound Inbound (ipnj-q8) (trojan.rules)
2814055 - ETPRO TROJAN W32/njRAT Variant CnC (info command) (trojan.rules)
2814056 - ETPRO TROJAN W32/njRAT Variant CnC (rar command) (trojan.rules)
2814057 - ETPRO TROJAN W32/njRAT Variant CnC (WinTitles command) (trojan.rules)
2814058 - ETPRO TROJAN W32/njRAT Variant CnC (awt) (trojan.rules)
2814059 - ETPRO TROJAN Pupy RAT SSL Cert (trojan.rules)
2814060 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmThief.es Checkin (mobile_malware.rules)


[///] Modified active rules: [///]

2019694 - ET TROJAN Ponmocup Post Infection DNS Lookup intohave (trojan.rules)
2019695 - ET TROJAN Ponmocup Post Infection DNS Lookup fasternation (trojan.rules)
2021642 - ET TROJAN Ponmocup Post Infection DNS Lookup messagewild (trojan.rules)
2808977 - ETPRO POLICY howtofindmyipaddress.com IP Check (policy.rules)
2810127 - ETPRO TROJAN Bandook HTTP CnC Beacon Response (trojan.rules)
2811429 - ETPRO TROJAN Downeks CnC Beacon (trojan.rules)
2812415 - ETPRO TROJAN Win32.Diztakun.zsg Infostealer M2 (trojan.rules)
2812416 - ETPRO TROJAN Win32.Diztakun.zsg Infostealer M3 (trojan.rules)
2812417 - ETPRO TROJAN Win32.Diztakun.zsg Infostealer M4 (trojan.rules)
2812470 - ETPRO TROJAN Trojan.Win32.Ponmocup Variant Checkin (trojan.rules)
2812818 - ETPRO TROJAN Backdoor.Telnneru CnC Beacon (INBOUND) 3 (trojan.rules)
2812942 - ETPRO POLICY External IP Address Lookup - ipmonkey.com (policy.rules)


[---] Removed rules: [---]

2811376 - ETPRO TROJAN Trojan.FakeSteam Checkin (trojan.rules)
2812776 - ETPRO TROJAN Malicious SSL certificate detected (trojan.rules)
2812859 - ETPRO TROJAN Win32/Spy.Shiz SSL Cert (trojan.rules)
2813077 - ETPRO TROJAN Win32/PSW.Papras Variant CnC Beacon (trojan.rules)

Daily Ruleset Update Summary 2015/09/23

September 23, 2015, 3:25 pm
$
0
0

[***] Summary: [***]

10 new Open signatures, 31 new Pro (10 + 21). XcodeGhost, Ursnif, Corebot.

Thanks: Kevin Ross, Andrea De Pasquale and @abuse_ch.

[+++] Added rules: [+++]

Open:

2021819 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (trojan.rules)
2021822 - ET TROJAN XcodeGhost CnC Checkin (trojan.rules)
2021823 - ET TROJAN Ransomware Win32/WinPlock.A CnC Beacon 3 (trojan.rules)
2021824 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (trojan.rules)
2021825 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)
2021826 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)
2021827 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)
2021828 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi CnC) (trojan.rules)
2021829 - ET TROJAN Ursnif Variant CnC Beacon 4 (trojan.rules)
2021830 - ET TROJAN Ursnif Variant CnC Beacon 5 (trojan.rules)

Pro:

2814061 - ETPRO MALWARE Adware.Cntads Variant Activity (malware.rules)
2814062 - ETPRO TROJAN Win32/Kortor.A External IP Check (trojan.rules)
2814063 - ETPRO TROJAN PoisonIvy Keepalive to CnC 224 (trojan.rules)
2814064 - ETPRO TROJAN PoisonIvy Keepalive to CnC 225 (trojan.rules)
2814065 - ETPRO TROJAN Possible EncryptorRaas Variant .onion Proxy Domain (trojan.rules)
2814066 - ETPRO MOBILE_MALWARE Android.Trojan.Koler.D HTTP Checkin 2 (mobile_malware.rules)
2814067 - ETPRO TROJAN Backdoor.Win32.Fonten CnC Beacon (trojan.rules)
2814068 - ETPRO TROJAN XCodeGhost Beacon (trojan.rules)
2814069 - ETPRO MALWARE PUP.Adware.Shopro Checkin (malware.rules)
2814070 - ETPRO MALWARE Win32/PennyBee.Adware.L Activity (malware.rules)
2814071 - ETPRO TROJAN CoinMiner Known malicious stratum authline (2015-09-23 1) (trojan.rules)
2814072 - ETPRO TROJAN CoinMiner Known malicious stratum authline (2015-09-23 2) (trojan.rules)
2814073 - ETPRO TROJAN CoinMiner Known malicious stratum authline (2015-09-23 3) (trojan.rules)
2814074 - ETPRO TROJAN CoinMiner Known malicious stratum authline (2015-09-23 4) (trojan.rules)
2814075 - ETPRO TROJAN CoinMiner Known malicious stratum authline (2015-09-23 5) (trojan.rules)
2814076 - ETPRO TROJAN Bitcoin miner known malicious basic auth (YXVlcnMuMjo1NTU1NQ==) (trojan.rules)
2814077 - ETPRO TROJAN Bitcoin miner known malicious basic auth (MTNDblphTDNBd1pyRndLZHlpNFRva0hiejFWVGFqcG9EYTp4) (trojan.rules)
2814078 - ETPRO TROJAN Bitcoin miner known malicious basic auth (cmVkZW1fZzpyZWRkeHh4Mg==) (trojan.rules)
2814079 - ETPRO TROJAN Corebot Checkin (trojan.rules)
2814080 - ETPRO TROJAN Win32/Bagsu Checkin (trojan.rules)
2814081 - ETPRO TROJAN Win32/Bagsu Retrieving PE (trojan.rules)


[///] Modified active rules: [///]

2021749 - ET CURRENT_EVENTS Possible Upatre/Dyre/Kegotip SSL Cert Sept 8 2015 (current_events.rules)
2021773 - ET CURRENT_EVENTS Possible Upatre/Dyre/Kegotip SSL Cert Sept 14 2015 (current_events.rules)
2021812 - ET TROJAN Ursnif Variant CnC Beacon 2 (trojan.rules)
2021813 - ET TROJAN Ursnif Variant CnC Beacon (trojan.rules)
2021814 - ET TROJAN Ursnif Variant CnC Beacon 3 (trojan.rules)
2805882 - ETPRO MOBILE_MALWARE Android/JSmsHider.B Checkin (mobile_malware.rules)
2809513 - ETPRO MOBILE_MALWARE Android.Trojan.Koler.D HTTP Checkin (mobile_malware.rules)


[---] Removed rules: [---]

2808912 - ETPRO TROJAN Win32/Hyteod Checkin (trojan.rules)
2810839 - ETPRO TROJAN Ransomware Win32/WinPlock.A CnC Beacon 3 (trojan.rules)
2813061 - ETPRO MOBILE_MALWARE Android.Trojan.SLocker.CS Checkin (mobile_malware.rules)
2814029 - ETPRO TROJAN Ursnif SSL Cert (trojan.rules)
2814036 - ETPRO TROJAN TorrentLocker SSL Cert (trojan.rules)

Daily Ruleset Update Summary 2015/09/24

September 24, 2015, 3:55 pm
$
0
0

[***] Summary: [***]

2 new Open signatures, 17 new Pro (2 + 15). XcodeGhost, Winlock/Torrentlocker, Ramnit.

Thanks: Eoin Miller and Brian Kellogg.

[+++] Added rules: [+++]

Open:

2021831 - ET TROJAN Naikon DNS Lookup (greensky27.vicp.net) (trojan.rules)
2021832 - ET TROJAN XcodeGhost CnC M2 (trojan.rules)

Pro:

2814082 - ETPRO CURRENT_EVENTS Successful Chase Phish Sept 24 M1 (current_events.rules)
2814083 - ETPRO CURRENT_EVENTS Successful Chase Phish Sept 24 M2 (current_events.rules)
2814084 - ETPRO CURRENT_EVENTS Successful Chase Phish Sept 24 M3 (current_events.rules)
2814085 - ETPRO CURRENT_EVENTS Successful Chase Phish Sept 24 M4 (current_events.rules)
2814086 - ETPRO CURRENT_EVENTS Successful Chase Phish Sept 24 M5 (current_events.rules)
2814087 - ETPRO POLICY eStream SQL Remote Desktop Outbound Communication (policy.rules)
2814088 - ETPRO TROJAN Win32/TrojanDownloader.Agent.RRR CnC Beacon (trojan.rules)
2814089 - ETPRO MALWARE Adware.CouponMarvel Variant Activity (malware.rules)
2814090 - ETPRO MOBILE_MALWARE Android/Locker.EW Checkin (mobile_malware.rules)
2814091 - ETPRO TROJAN Winlock/Torrentlocker SSL Cert (trojan.rules)
2814092 - ETPRO TROJAN PoisonIvy Keepalive to CnC 226 (trojan.rules)
2814093 - ETPRO TROJAN Win32/Ramnit.A CnC Checkin 1 (trojan.rules)
2814094 - ETPRO TROJAN Win32/Ramnit.A CnC Checkin 2 (trojan.rules)
2814095 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Levida.a Checkin (mobile_malware.rules)
2814096 - ETPRO TROJAN Win32/Neshta.A Server Response (trojan.rules)


[///] Modified active rules: [///]

2010597 - ET TROJAN Potential FakeAV HTTP GET Check-IN (/check) (trojan.rules)
2021830 - ET TROJAN Ursnif Variant CnC Beacon 5 (trojan.rules)
2806902 - ETPRO TROJAN Win32.Otlard.A C&C Checkin response (trojan.rules)
2811313 - ETPRO TROJAN Win32/Ziploader Downloading Zip Server Response (trojan.rules)
2812384 - ETPRO CURRENT_EVENTS Possible Angler EK CVE-2015-2419 M2 Aug 13 (current_events.rules)
2812650 - ETPRO MALWARE Win32/Kryptik.DUHH Variant Activity (malware.rules)
2813097 - ETPRO TROJAN Shifu SSL Cert (trojan.rules)


[---] Removed rules: [---]

2009212 - ET TROJAN Zbot/Zeus Dropper Infection - /check (trojan.rules)
2403332 - ET CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules)
2813044 - ETPRO TROJAN Superman APT SSL certificate detected (trojan.rules)

Daily Ruleset Update Summary 2015/09/25

September 25, 2015, 3:13 pm
$
0
0

[***] Summary: [***]

9 new Open signatures, 21 new Pro (9 + 12). r0, Winlock/Torrentlocker, AutoClicker.

Thanks: Zach Wikholm.

[+++] Added rules: [+++]

Open:

2021833 - ET TROJAN r0 CnC Check (trojan.rules)
2021834 - ET TROJAN r0 CnC Architecture POST 1 (trojan.rules)
2021835 - ET TROJAN r0 CnC Architecture POST 2 (trojan.rules)
2021836 - ET TROJAN r0 CnC Architecture POST 3 (trojan.rules)
2021837 - ET TROJAN r0 CnC Architecture POST 4 (trojan.rules)
2021838 - ET TROJAN r0 CnC Report POST (trojan.rules)
2021839 - ET TROJAN r0 CnC POST (trojan.rules)
2021841 - ET CURRENT_EVENTS Evil Redirector Leading to EK Sept 25 2015 (current_events.rules)

Pro:

2814097 - ETPRO TROJAN Winlock/Torrentlocker Beacon (trojan.rules)
2814098 - ETPRO TROJAN Winlock/Torrentlocker SSL Cert (trojan.rules)
2814099 - ETPRO MALWARE Win32/FakeVimes Checkin (malware.rules)
2814100 - ETPRO MALWARE W32/Ibryte Variant Checkin (malware.rules)
2814101 - ETPRO TROJAN Unknown Backdoor CnC Beacon Inbound (trojan.rules)
2814102 - ETPRO TROJAN Unknown Backdoor CnC Beacon Outbound (trojan.rules)
2814103 - ETPRO TROJAN Spammer MSIL/Misnt.A GetList (trojan.rules)
2814104 - ETPRO TROJAN Spammer MSIL/Misnt.A Get MX (trojan.rules)
2814105 - ETPRO TROJAN Spammer MSIL/Misnt.A Spam Payload Download (trojan.rules)
2814106 - ETPRO TROJAN Spammer MSIL/Misnt.A Fetching Spam List (trojan.rules)
2814107 - ETPRO TROJAN AutoClicker Test Page (trojan.rules)
2814108 - ETPRO TROJAN AutoClicker Beacon (trojan.rules)

Search

Daily Ruleset Update Summary 2015/09/28

September 28, 2015, 3:59 pm
$
0
0

[***] Summary: [***]

4 new Open signatures, 36 new Pro (4 + 32). Vawtrak, Sofacy, PoisonIvy.

Thanks: Brian Kellogg and @abuse_ch.

[+++] Added rules: [+++]

Open:

2021842 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Shifu CnC) (trojan.rules)
2021843 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (trojan.rules)
2021844 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (trojan.rules)
2021845 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)

Pro:

2814109 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ax Checkin (mobile_malware.rules)
2814110 - ETPRO TROJAN W32/Sofacy Variant Checkin (trojan.rules)
2814111 - ETPRO TROJAN Vawtrak Retrieving Update (trojan.rules)
2814112 - ETPRO TROJAN Vawtrak HTTP CnC Beacon (trojan.rules)
2814113 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ax Checkin 2 (mobile_malware.rules)
2814114 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Chyapo.b Checkin (mobile_malware.rules)
2814115 - ETPRO TROJAN W32/Nugg HTTP Headers (trojan.rules)
2814116 - ETPRO MALWARE Win32/Jeefo.A Activity (malware.rules)
2814117 - ETPRO TROJAN Win32/Soloniti.A Activity (trojan.rules)
2814118 - ETPRO MOBILE_MALWARE PUP Android/SMSreg.SI Checkin (mobile_malware.rules)
2814119 - ETPRO TROJAN Win32/MultiInjector.C Checkin (trojan.rules)
2814120 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Agent.aw Checkin (mobile_malware.rules)
2814121 - ETPRO TROJAN Credential Theft (SecurityXploded) (trojan.rules)
2814122 - ETPRO TROJAN PoisonIvy Keepalive to CnC 227 (trojan.rules)
2814123 - ETPRO TROJAN PoisonIvy Keepalive to CnC 228 (trojan.rules)
2814124 - ETPRO CURRENT_EVENTS Successful Ebay Phish Sept 28 (current_events.rules)
2814125 - ETPRO CURRENT_EVENTS Possible Phishing Landing Sept 28 (current_events.rules)
2814126 - ETPRO CURRENT_EVENTS Successful Zimbra Phish Sept 28 (current_events.rules)
2814127 - ETPRO CURRENT_EVENTS Successful Shipping Document Phish Sept 28 (current_events.rules)
2814128 - ETPRO POLICY External IP Address Check - speed-tester.info (policy.rules)
2814129 - ETPRO POLICY External IP Address Check - pr-cy.ru (policy.rules)
2814130 - ETPRO TROJAN Unknown.SMTP.Stealer (trojan.rules)
2814131 - ETPRO TROJAN W32/Unknown.JP Checkin (trojan.rules)
2814132 - ETPRO TROJAN Win32/Arpove.A Activity (trojan.rules)
2814133 - ETPRO TROJAN CoinMiner Known malicious stratum authline (2015-09-28 1) (trojan.rules)
2814134 - ETPRO TROJAN CoinMiner Known malicious stratum authline (2015-09-28 2) (trojan.rules)
2814135 - ETPRO TROJAN Bitcoin miner known malicious basic auth (dG44N19zdmc6dHdnOTg=) (trojan.rules)
2814136 - ETPRO TROJAN Bitcoin miner known malicious basic auth (bTFuZF8xOjEzNzUzMjE2) (trojan.rules)
2814137 - ETPRO TROJAN Bitcoin miner known malicious basic auth (MU5GM0M3M0RfMjYwOjEyMw==) (trojan.rules)
2814138 - ETPRO TROJAN Bitcoin miner known malicious basic auth (MUVYZzc4YjduN2ZSUTdKa3F0dkQ1QWpyWDVKbWlqczY4cjpwYXNzMDg=) (trojan.rules)
2814139 - ETPRO TROJAN Bitcoin miner known malicious basic auth (VEFpUzQ2X2JpcmQ6cmVpZmVu) (trojan.rules)
2814140 - ETPRO TROJAN MSIL/Stimilina.F Checkin 2 (trojan.rules)


[///] Modified active rules: [///]

2020422 - ET MALWARE MultiPlug.J Checkin (malware.rules)
2021773 - ET CURRENT_EVENTS Possible Upatre/Dyre/Kegotip SSL Cert Sept 14 2015 (current_events.rules)
2813059 - ETPRO TROJAN Vawtrak Receiving Config (trojan.rules)
2813060 - ETPRO TROJAN Vawtrak Retrieving Module (trojan.rules)


[---] Removed rules: [---]

2801932 - ETPRO WEB_CLIENT Microsoft Office Powerpoint OEPlaceholderAtom placementId Parameter Handling Remote Code Execution (web_client.rules)
2812780 - ETPRO MALWARE Win32/InstallCore.ABD Variant Checkin (malware.rules)
2813097 - ETPRO TROJAN Shifu SSL Cert (trojan.rules)
2814091 - ETPRO TROJAN Winlock/Torrentlocker SSL Cert (trojan.rules)
2814098 - ETPRO TROJAN Winlock/Torrentlocker SSL Cert (trojan.rules)

Daily Ruleset Update Summary 2015/09/29

September 29, 2015, 3:31 pm
$
0
0

[***] Summary: [***]

3 new Open signatures, 18 new Pro (3 + 15). Winlock/Torrentlocker, Vawtrak, PoisonIvy.

[+++] Added rules: [+++]

Open:

2021846 - ET CURRENT_EVENTS Evil JavaScript Injection Sep 29 2015 (current_events.rules)
2021847 - ET CURRENT_EVENTS Evil Redirector Sep 29 2015 (current_events.rules)
2021848 - ET CURRENT_EVENTS Evil Redirector from iframe Sep 29 2015 (current_events.rules)

Pro:

2814141 - ETPRO TROJAN Win32/NetFilter.W Checkin (trojan.rules)
2814142 - ETPRO TROJAN Winlock/Torrentlocker SSL Cert (trojan.rules)
2814143 - ETPRO TROJAN Win32/TrojanDownloader.Banload Retrieving compressed PE set (.z) (trojan.rules)
2814144 - ETPRO MALWARE Win32/Amonetize.FG (malware.rules)
2814145 - ETPRO POLICY DNS Query to .onion proxy Domain (wolfwallsreaetpay.com) (policy.rules)
2814146 - ETPRO TROJAN Winlock/Torrentlocker SSL Cert (trojan.rules)
2814147 - ETPRO TROJAN PoisonIvy Keepalive to CnC 229 (trojan.rules)
2814148 - ETPRO TROJAN PoisonIvy Keepalive to CnC 230 (trojan.rules)
2814149 - ETPRO MALWARE PUP.Optional.ConvertAd Checkin (malware.rules)
2814150 - ETPRO TROJAN Vawtrak Fake HTTP 403 Response (trojan.rules)
2814151 - ETPRO CURRENT_EVENTS Successful DHL Phish Sept 29 (current_events.rules)
2814152 - ETPRO CURRENT_EVENTS Successful Adobe Online Phish Sept 29 (current_events.rules)
2814153 - ETPRO MOBILE_MALWARE Android/Fobus.Q Checkin (mobile_malware.rules)
2814154 - ETPRO MOBILE_MALWARE DroidKungFu Checkin 7 (mobile_malware.rules)
2814155 - ETPRO MALWARE KuaiZip.Downloader PUP Activity (malware.rules)


[///] Modified active rules: [///]

2017308 - ET TROJAN W32/DirCrypt.Ransomware CnC Checkin (trojan.rules)
2019510 - ET MOBILE_MALWARE Android/Koler.C Checkin (mobile_malware.rules)
2812086 - ETPRO CURRENT_EVENTS Nuclear EK Landing URI Struct Jul 21 M1 (current_events.rules)
2812087 - ETPRO CURRENT_EVENTS Nuclear EK Landing URI Struct Jul 21 M2 (current_events.rules)
2812088 - ETPRO CURRENT_EVENTS Nuclear EK Landing URI Struct Jul 21 M3 (current_events.rules)
2814090 - ETPRO MOBILE_MALWARE Android/Locker.EW Checkin (mobile_malware.rules)

Daily Ruleset Update Summary 2015/09/30

September 30, 2015, 2:34 pm
$
0
0

[***] Summary: [***]

23 new Open signatures, 50 new Pro (23 + 27). WinPlock, Torrentlocker, Hawkeye Keylogger, Nuclear EK.

Thanks: Harry Tuttle, @abuse_ch.

[+++] Added rules: [+++]

Open:

2021849 - ET TROJAN TeslaCrypt/AlphaCrypt Variant .onion Proxy Domain (trojan.rules)
2021850 - ET TROJAN TeslaCrypt/AlphaCrypt Variant .onion Proxy Domain (trojan.rules)
2021851 - ET TROJAN Ransomware Win32/WinPlock.A CnC Beacon 1 (trojan.rules)
2021852 - ET TROJAN Ransomware Win32/WinPlock.A CnC Beacon 2 (trojan.rules)
2021853 - ET TROJAN Ransomware Win32/WinPlock.A Successfully Installed CnC Beacon (trojan.rules)
2021854 - ET TROJAN Ransomware Win32/WinPlock.A CnC Beacon 3 (trojan.rules)
2021855 - ET TROJAN Ransomware Win32/WinPlock.A CnC Beacon 4 (trojan.rules)
2021856 - ET TROJAN Ransomware Win32/WinPlock.A CnC Beacon 5 (trojan.rules)
2021857 - ET TROJAN Ransomware Win32/WinPlock.A CnC Beacon 6 (trojan.rules)
2021858 - ET TROJAN Ransomware Win32/WinPlock.A CnC Beacon 7 (trojan.rules)
2021859 - ET TROJAN Ransomware Win32/WinPlock.A CnC Beacon 8 (trojan.rules)
2021860 - ET TROJAN Ransomware Win32/WinPlock.A CnC Beacon 9 (trojan.rules)
2021861 - ET TROJAN Ransomware Win32/WinPlock.A CnC Beacon 10 (trojan.rules)
2021862 - ET TROJAN Ransomware Win32/WinPlock.A CnC Beacon 11 (trojan.rules)
2021863 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (trojan.rules)
2021864 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (trojan.rules)
2021865 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)
2021866 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)
2021867 - ET TROJAN Winlock/Torrentlocker SSL Cert (trojan.rules)
2021868 - ET TROJAN Winlock/Torrentlocker SSL Cert (trojan.rules)
2021869 - ET TROJAN Winlock/Torrentlocker SSL Cert (trojan.rules)
2021870 - ET CURRENT_EVENTS Evil Redirector Leading To EK Sep 30 2015 (current_events.rules)
2021871 - ET TROJAN Hawkeye Keylogger SMTP Beacon (trojan.rules)

Pro:

2812809 - ETPRO MALWARE Trojan.Llac.Win32 PUP Activity (malware.rules)
2814156 - ETPRO TROJAN Unknown Checkin (trojan.rules)
2814157 - ETPRO TROJAN Win32.Torus Checkin (trojan.rules)
2814158 - ETPRO TROJAN Win32.ChateauLafite Connectivity Check (trojan.rules)
2814159 - ETPRO TROJAN TeslaCrypt/AlphaCrypt Variant .onion Proxy Domain (trojan.rules)
2814160 - ETPRO TROJAN Win32/Pink.Flower External IP Address Check (trojan.rules)
2814161 - ETPRO TROJAN Win32/Pink.Flower CnC Response (trojan.rules)
2814162 - ETPRO CURRENT_EVENTS Possible Nuclear EK Landing Sep 30 2015 M1 (current_events.rules)
2814163 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Abacus.a Checkin (mobile_malware.rules)
2814164 - ETPRO MALWARE Win32/AdLoader PUP Checkin (malware.rules)
2814165 - ETPRO TROJAN Win32/Bulta!rfn Checkin (trojan.rules)
2814166 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash Exploit M1 (current_events.rules)
2814167 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash Exploit M2 (current_events.rules)
2814168 - ETPRO CURRENT_EVENTS Nuclear EK Landing URI Struct Sep 30 2015 (current_events.rules)
2814169 - ETPRO TROJAN CoinMiner Known malicious stratum authline (2015-09-30 1) (trojan.rules)
2814170 - ETPRO TROJAN CoinMiner Known malicious stratum authline (2015-09-30 2) (trojan.rules)
2814171 - ETPRO TROJAN CoinMiner Known malicious stratum authline (2015-09-30 3) (trojan.rules)
2814172 - ETPRO TROJAN Bitcoin miner known malicious basic auth (aDRyM196ZXViaTp6ZXViaQ==) (trojan.rules)
2814173 - ETPRO TROJAN Bitcoin miner known malicious basic auth (aGFwcHl3b3JsZF8zOjk4NzY1NDMyMQ==) (trojan.rules)
2814174 - ETPRO TROJAN Bitcoin miner known malicious basic auth (dW1icm9sZWdlbmQuMToxMjM0NQ==) (trojan.rules)
2814175 - ETPRO TROJAN Bitcoin miner known malicious basic auth (aDRyM19jaGVhcDoxMjM0NTY=) (trojan.rules)
2814176 - ETPRO TROJAN Bitcoin miner known malicious basic auth (MjUwMV9BOkFaRVJUWQ==) (trojan.rules)
2814177 - ETPRO TROJAN Bitcoin miner known malicious basic auth (c2FiYW5AZmFjYS5iYV9zdWI6MTU2MzAz) (trojan.rules)
2814178 - ETPRO TROJAN Bitcoin miner known malicious basic auth (ZG1pdHJfbGFsYWxkczpodWh1YWE=) (trojan.rules)
2814179 - ETPRO TROJAN Bitcoin miner known malicious basic auth (ei5lbmljYUBnbWFpbC5jb21fcmFkbmlrOnNhcmFqZXZv) (trojan.rules)
2814180 - ETPRO TROJAN Bitcoin miner known malicious basic auth (cmVhc2VuLndvcmtlcjE6NWdnNTg3dVc=) (trojan.rules)
2814181 - ETPRO TROJAN Bitcoin miner known malicious basic auth (bW9udGUyLjRjYXJsbzFAaG90bWFpbC5jb21fMTIzNDU2NzpDb3Vydml4) (trojan.rules)


[///] Modified active rules: [///]

2021773 - ET CURRENT_EVENTS Possible Upatre/Dyre/Kegotip SSL Cert Sept 14 2015 (current_events.rules)
2806651 - ETPRO MOBILE_MALWARE Android/Spy.Agent.I Checkin (mobile_malware.rules)
2809932 - ETPRO TROJAN Wqlspy-A CnC Beacon 2 (trojan.rules)


[---] Removed rules: [---]

2021823 - ET TROJAN Ransomware Win32/WinPlock.A CnC Beacon 3 (trojan.rules)
2810836 - ETPRO TROJAN Ransomware Win32/WinPlock.A Startup CnC Beacon (trojan.rules)
2810837 - ETPRO TROJAN Ransomware Win32/WinPlock.A CnC Beacon 1 (trojan.rules)
2810838 - ETPRO TROJAN Ransomware Win32/WinPlock.A CnC Beacon 2 (trojan.rules)
2810840 - ETPRO TROJAN Ransomware Win32/WinPlock.A Successfully Installed CnC Beacon (trojan.rules)
2812809 - ETPRO TROJAN Trojan.Llac.Win32 Clickfraud Activity (trojan.rules)
2814142 - ETPRO TROJAN Winlock/Torrentlocker SSL Cert (trojan.rules)
2814146 - ETPRO TROJAN Winlock/Torrentlocker SSL Cert (trojan.rules)

Daily Ruleset Update Summary 2015/10/01

October 1, 2015, 4:37 pm
$
0
0

[***] Summary: [***]

20 new Open signatures, 39 new Pro (20 + 19). Hola VPN, FaceLiker, QRat.

Thanks: Eoin Miller and @abuse_ch.

[+++] Added rules: [+++]

Open:

2021872 - ET TROJAN Linux/dtool IRC Command (HTTPFLOOD) (trojan.rules)
2021873 - ET TROJAN Linux/dtool IRC Command (TCPFLOOD) (trojan.rules)
2021874 - ET TROJAN Linux/dtool IRC Command (UDPFLOOD) (trojan.rules)
2021875 - ET TROJAN Linux/dtool IRC Command (AUTH) (trojan.rules)
2021876 - ET TROJAN Linux/dtool IRC Command (RAW) (trojan.rules)
2021877 - ET TROJAN Linux/dtool IRC Command (EXEC) (trojan.rules)
2021878 - ET TROJAN Linux/dtool IRC Command (CHSERVER) (trojan.rules)
2021879 - ET TROJAN Linux/dtool IRC Command (STOP) (trojan.rules)
2021880 - ET TROJAN Linux/dtool IRC Command (RESTART) (trojan.rules)
2021881 - ET TROJAN Linux/dtool IRC Command Complete 1 (trojan.rules)
2021882 - ET TROJAN Linux/dtool IRC Command Complete 2 (trojan.rules)
2021883 - ET TROJAN Linux/dtool IRC Command Complete 3 (trojan.rules)
2021884 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)
2021885 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)
2021886 - ET POLICY Hola VPN Activity - X-Hola-* Headers (policy.rules)
2021887 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (trojan.rules)
2021888 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (trojan.rules)
2021889 - ET TROJAN Java/QRat Retrieving PE (trojan.rules)
2021890 - ET CURRENT_EVENTS Successful Phish Outlook Credentials Oct 1 (current_events.rules)
2021892 - ET CURRENT_EVENTS Successful Phish Yahoo Credentials Oct 1 (current_events.rules)

Pro:

2814182 - ETPRO POLICY Slimware Driver Updater Checkin (policy.rules)
2814183 - ETPRO MALWARE Win32.Instally.AD Checkin (malware.rules)
2814187 - ETPRO CURRENT_EVENTS Phishing Fake Document Loading Error Oct 1 (current_events.rules)
2814188 - ETPRO CURRENT_EVENTS Successful Phish Yale Credentials Oct 1 (current_events.rules)
2814189 - ETPRO CURRENT_EVENTS Successful Phish Bpost Bank Oct 1 (current_events.rules)
2814190 - ETPRO TROJAN MSIL/FaceLiker Checkin (trojan.rules)
2814191 - ETPRO TROJAN MSIL/FaceLiker Checkin 2 (trojan.rules)
2814192 - ETPRO TROJAN Win32/Warood Sending Infection Report (trojan.rules)
2814193 - ETPRO MALWARE Win32/Adware.Ymeta Variant Activity (malware.rules)
2814194 - ETPRO TROJAN Win32/Bublik Variant Exfil via FTP (trojan.rules)
2814195 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.ra Checkin (mobile_malware.rules)
2814196 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.ra Checkin 2 (mobile_malware.rules)
2814197 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.AUP Checkin (mobile_malware.rules)
2814198 - ETPRO TROJAN Win32/BillGates CnC (trojan.rules)
2814199 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Oct 1 M2 (current_events.rules)
2814200 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Oct 1 M3 (current_events.rules)
2814201 - ETPRO CURRENT_EVENTS Possibly Successful Credential Phish Oct 1 (current_events.rules)
2814202 - ETPRO CURRENT_EVENTS Successful Mailbox Update Credential Phish Oct 1 (current_events.rules)
2814203 - ETPRO TROJAN Adware.Win32/Bayads Activity (trojan.rules)


[///] Modified active rules: [///]

2015909 - ET CURRENT_EVENTS Successful Bank of America Phish Oct 1 M1 (current_events.rules)
2019176 - ET CURRENT_EVENTS Possible Astrum EK URI Struct (current_events.rules)
2805141 - ETPRO CURRENT_EVENTS Possible WORM W32.Printlove spreading via cve 2010-2729 (SPOOLSS OpenPrinterEx request SET) (current_events.rules)
2814161 - ETPRO TROJAN Win32/Pink.Flower CnC Response (trojan.rules)


[---] Disabled and modified rules: [---]

2002117 - ET GAMES Battle.net connection reset (possible IP-Ban) (games.rules)
2002656 - ET EXPLOIT malformed Sack - Snort DoS-by-$um$id (exploit.rules)
2019542 - ET CURRENT_EVENTS Likely SweetOrange EK Java Exploit Struct (JAR) (current_events.rules)


[---] Removed rules: [---]

2001185 - ET P2P Soulseek traffic (1) (p2p.rules)
2001186 - ET P2P Soulseek traffic (2) (p2p.rules)
2804670 - ETPRO EXPLOIT VMware vCenter Chargeback Manager Information Disclosure (exploit.rules)

Daily Ruleset Update Summary 2015/10/02

October 2, 2015, 4:45 pm
$
0
0

[***] Summary: [***]

7 new Open signatures, 16 new Pro (7 + 9). Torrentlocker, Gozi.

Thanks: @abuse_ch.

[+++] Added rules: [+++]

Open:

2021893 - ET CURRENT_EVENTS Potential Data URI Phishing (current_events.rules)
2021894 - ET TROJAN Winlock/Torrentlocker SSL Cert (trojan.rules)
2021895 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi CnC) (trojan.rules)
2021896 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (trojan.rules)
2021897 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (trojan.rules)
2021898 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)
2021899 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)

Pro:

2814204 - ETPRO TROJAN Win32/Zanich.D (ChinaZ) CnC (trojan.rules)
2814205 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.ej Checkin 2 (mobile_malware.rules)
2814206 - ETPRO CURRENT_EVENTS Successful Generic Credential Phish Oct 2 (current_events.rules)
2814207 - ETPRO CURRENT_EVENTS Successful Yahoo Credential Phish Oct 2 (current_events.rules)
2814208 - ETPRO CURRENT_EVENTS Phishing Redirect Message Oct 2 (current_events.rules)
2814209 - ETPRO CURRENT_EVENTS Successful iCloud Credential Phish Oct 2 (current_events.rules)
2814210 - ETPRO CURRENT_EVENTS Phishing Fake Document Loading Error Oct 2 (current_events.rules)
2814211 - ETPRO CURRENT_EVENTS Successful Adobe PDF Credential Phish Oct 2 (current_events.rules)
2814212 - ETPRO CURRENT_EVENTS Adobe PDF Credential Phish Landing Oct 2 (current_events.rules)


[///] Modified active rules: [///]

2010795 - ET ATTACK_RESPONSE Matahari client (attack_response.rules)
2011456 - ET WEB_CLIENT PROPFIND Flowbit Set (web_client.rules)
2012977 - ET WEB_SPECIFIC_APPS Possible Oracle GlassFish Server Administration Console Authentication Bypass Attempt (web_specific_apps.rules)
2013929 - ET POLICY HTTP traffic on port 443 (OPTIONS) (policy.rules)
2013930 - ET POLICY HTTP traffic on port 443 (PUT) (policy.rules)
2013932 - ET POLICY HTTP traffic on port 443 (TRACE) (policy.rules)
2013933 - ET POLICY HTTP traffic on port 443 (CONNECT) (policy.rules)
2803739 - ETPRO TROJAN Backdoor.Win32.Shiz.ufj Checkin (trojan.rules)
2804589 - ETPRO POLICY HTTP POST on port 53 DNS (policy.rules)
2805142 - ETPRO CURRENT_EVENTS Possible WORM W32.Printlove spreading via cve 2010-2729 (SPOOLSS StartDocPrinter request SET) (current_events.rules)
2814160 - ETPRO TROJAN Win32/Pink.Flower External IP Address Check (trojan.rules)
2814162 - ETPRO CURRENT_EVENTS Possible Nuclear EK Landing Sep 30 2015 M1 (current_events.rules)


[///] Modified inactive rules: [///]

2011034 - ET SCAN HTTP OPTIONS invalid method case (scan.rules)
2801057 - ETPRO SCADA DIRECTLOGIC (Event 15) Station Number Error (scada.rules)
2801058 - ETPRO SCADA DIRECTLOGIC (Event 20) Function Not Available (scada.rules)
2801059 - ETPRO SCADA DIRECTLOGIC (Event 21) Point Not Available (scada.rules)
2801105 - ETPRO SCADA PROSOFT (Event 15) Station Number Error (scada.rules)
2801106 - ETPRO SCADA PROSOFT (Event 21) Point Not Available (scada.rules)


[---] Disabled and modified rules: [---]

2800683 - ETPRO EXPLOIT Symantec VERITAS NetBackup Volume Manager Buffer Overflow (exploit.rules)
2800684 - ETPRO EXPLOIT Symantec VERITAS NetBackup Volume Manager Buffer Overflow (exploit.rules)
2801015 - ETPRO SCADA CONTROL MICROSYSTEMS (Event 20) Function Not Available Error (scada.rules)
2801931 - ETPRO WEB_CLIENT Microsoft Office Excel Pivot Item Index Boundary Error Memory Corruption 3 (web_client.rules)
2802994 - ETPRO WEB_CLIENT Microsoft Excel Improper Record Parsing Vulnerability Attack (web_client.rules)
2804910 - ETPRO WEB_CLIENT Microsoft Excel corrupted/hostile file invalid SXLI BIFF record (web_client.rules)


[---] Removed rules: [---]

2814143 - ETPRO TROJAN Win32/TrojanDownloader.Banload Retrieving compressed PE set (.z) (trojan.rules)
2814161 - ETPRO TROJAN Win32/Pink.Flower CnC Response (trojan.rules)

Daily Ruleset Update Summary 2015/10/05

October 5, 2015, 4:07 pm
$
0
0
 [***] Summary: [***]

 5 new Open signatures, 35 new Pro (5 + 30).  YiSpecter, GrayBird, Warood.

 Thanks:  Russell Fulton and @abuse_ch.

 [+++]          Added rules:          [+++]

 Open:

  2021900 - ET MOBILE_MALWARE YiSpecter Activity M1 (mobile_malware.rules)
  2021901 - ET MOBILE_MALWARE YiSpecter Activity M2 (mobile_malware.rules)
  2021902 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (trojan.rules)
  2021903 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi CnC) (trojan.rules)
  2021904 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)

 Pro:

  2814213 - ETPRO TROJAN GrayBird CnC Checkin (trojan.rules)
  2814214 - ETPRO TROJAN GrayBird Module Download (trojan.rules)
  2814215 - ETPRO TROJAN GrayBird False Zip Response (trojan.rules)
  2814216 - ETPRO TROJAN Win32/Orxlocker.A Ransomware DNS Lookup (rkcgwcsfwhvuvgli) (trojan.rules)
  2814217 - ETPRO MALWARE VSProtect PUA Beacon (malware.rules)
  2814218 - ETPRO MALWARE VSProtect PUA Checkin (malware.rules)
  2814219 - ETPRO MALWARE VSProtect PUA Checkin Response (malware.rules)
  2814220 - ETPRO MALWARE VSProtect PUA Installation Log (malware.rules)
  2814221 - ETPRO TROJAN Warood Backdoor TCP Init (trojan.rules)
  2814222 - ETPRO TROJAN Warood Backdoor UDP Init (trojan.rules)
  2814223 - ETPRO TROJAN Warood Backdoor ICMP Init (trojan.rules)
  2814224 - ETPRO TROJAN Win32/TrojanDownloader.Banload.WEO Receiving compressed PE set (.z) (trojan.rules)
  2814225 - ETPRO TROJAN Win32/TrojanDownloader.Banload.WEO Receiving compressed PE set (.Z) (trojan.rules)
  2814226 - ETPRO TROJAN Win32/TrojanDownloader.Banload.WEO Receiving compressed PE (trojan.rules)
  2814227 - ETPRO TROJAN PoisonIvy Keepalive to CnC 231 (trojan.rules)
  2814228 - ETPRO TROJAN PoisonIvy Keepalive to CnC 232 (trojan.rules)
  2814229 - ETPRO TROJAN W32/Interv.A Checkin (trojan.rules)
  2814230 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.UD Checkin (mobile_malware.rules)
  2814231 - ETPRO MOBILE_MALWARE Android/Uten.A Checkin 2 (mobile_malware.rules)
  2814232 - ETPRO TROJAN QuimbyKit Checkin via LJ (possibly training aid) (trojan.rules)
  2814233 - ETPRO TROJAN MSIL/PSW.Steam.OC Installation Beacon (trojan.rules)
  2814234 - ETPRO TROJAN MSIL/PSW.Steam.OC Retrieve Commands 1 (trojan.rules)
  2814235 - ETPRO TROJAN MSIL/PSW.Steam.OC Install Confirm (trojan.rules)
  2814236 - ETPRO TROJAN MSIL/PSW.Steam.OC Retrieve Commands 2 (trojan.rules)
  2814237 - ETPRO TROJAN MSIL/PSW.Steam.OC Binary Download (trojan.rules)
  2814238 - ETPRO TROJAN Qadars SSL Cert (trojan.rules)
  2814239 - ETPRO TROJAN Win32/InfoStealer.Banload Variant Retrieving Payload (trojan.rules)
  2814240 - ETPRO TROJAN Win32/TrojanDownloader.Banload.WEO Receiving compressed PE set (.7z) (trojan.rules)
  2814241 - ETPRO CURRENT_EVENTS Successful Alibaba Credential Phish Oct 5 (current_events.rules)
  2814242 - ETPRO CURRENT_EVENTS Successful Secured PDF Credential Phish Oct 5 (current_events.rules)


 [///]     Modified active rules:     [///]

  2018752 - ET TROJAN Generic .bin download from Dotted Quad (trojan.rules)
  2021830 - ET TROJAN Ursnif Variant CnC Data Exfil (trojan.rules)
  2803418 - ETPRO TROJAN Suspicious user agent(MERONG) (trojan.rules)
  2810076 - ETPRO TROJAN Infostealer.Bancos Checking (trojan.rules)
  2810991 - ETPRO TROJAN SEDNIT CnC Beacon 1 (trojan.rules)
  2814035 - ETPRO TROJAN Shifu SSL Cert (trojan.rules)


 [---]  Disabled and modified rules:  [---]

  2802022 - ETPRO WEB_CLIENT Excel File Malformed Label recType BIFF5 record (web_client.rules)


 [---]         Disabled rules:        [---]

  2000378 - ET EXPLOIT MS-SQL DOS attempt (08) (exploit.rules)
  2000379 - ET EXPLOIT MS-SQL DOS attempt (08) 1 byte (exploit.rules)
  2003195 - ET POLICY Unusual number of DNS No Such Name Responses (policy.rules)
  2003198 - ET EXPLOIT TFTP Invalid Mode in file Get (exploit.rules)
  2003199 - ET EXPLOIT TFTP Invalid Mode in file Put (exploit.rules)
  2010100 - ET TROJAN Palevo/BFBot/Mariposa client join attempt (trojan.rules)
  2010101 - ET TROJAN Palevo/BFBot/Mariposa server join acknowledgement (trojan.rules)
  2011296 - ET TROJAN Butterfly/Mariposa Bot Join Acknowledgment (trojan.rules)
  2018941 - ET TROJAN ClickFraud Trojan Socks5 Init Response (trojan.rules)
  2101939 - GPL MISC bootp hardware address length overflow (misc.rules)
  2101940 - GPL MISC bootp invalid hardware type (misc.rules)
  2102039 - GPL EXPLOIT bootp hostname format string attempt (exploit.rules)
  2103196 - GPL NETBIOS name query overflow attempt UDP (netbios.rules)
  2103200 - GPL NETBIOS WINS name query overflow attempt UDP (netbios.rules)
  2800036 - ETPRO DOS Multiple Vendor ICMP Source Quench Denial of Service (dos.rules)
  2800548 - ETPRO EXPLOIT MIT Kerberos KDC Authentication Denial of Service (exploit.rules)
  2800835 - ETPRO EXPLOIT CA Products UDP Discovery Service Remote Buffer Overflow 1 (exploit.rules)
  2800836 - ETPRO EXPLOIT CA Products UDP Discovery Service Remote Buffer Overflow 2 (exploit.rules)
  2801016 - ETPRO SCADA CONTROL MICROSYSTEMS (Event 21) Point Not Available Error (scada.rules)
  2803496 - ETPRO DOS ISC DHCP Server Packet Processing Denial of Service (dos.rules)
  2803930 - ETPRO TROJAN Spy.Banker.K.Gen Checkin (trojan.rules)
  2809488 - ETPRO DOS MS RADIUS DoS Vulnerability CVE-2015-0015 (dos.rules)
  2809489 - ETPRO DOS MS RADIUS DoS Vulnerability CVE-2015-0015 (dos.rules)
  2809490 - ETPRO DOS MS RADIUS DoS Vulnerability CVE-2015-0015 (dos.rules)
  2809491 - ETPRO DOS MS RADIUS DoS Vulnerability CVE-2015-0015 (dos.rules)
  2809492 - ETPRO DOS MS RADIUS DoS Vulnerability CVE-2015-0015 (dos.rules)
  2809493 - ETPRO DOS MS RADIUS DoS Vulnerability CVE-2015-0015 (dos.rules)
  2809494 - ETPRO DOS MS RADIUS DoS Vulnerability CVE-2015-0015 (dos.rules)
  2809495 - ETPRO DOS MS RADIUS DoS Vulnerability CVE-2015-0015 (dos.rules)
  2809496 - ETPRO DOS MS RADIUS DoS Vulnerability CVE-2015-0015 (dos.rules)
  2809497 - ETPRO DOS MS RADIUS DoS Vulnerability CVE-2015-0015 (dos.rules)
  2809498 - ETPRO DOS MS RADIUS DoS Vulnerability CVE-2015-0015 (dos.rules)
  2809499 - ETPRO DOS MS RADIUS DoS Vulnerability CVE-2015-0015 (dos.rules)
  2809500 - ETPRO DOS MS RADIUS DoS Vulnerability CVE-2015-0015 (dos.rules)
  2809501 - ETPRO DOS MS RADIUS DoS Vulnerability CVE-2015-0015 (dos.rules)
  2812456 - ETPRO TROJAN Imminent Monitor Init Response (init missing) (trojan.rules)


 [---]         Removed rules:         [---]

  2008055 - ET TROJAN Win32.Inject.ajq Initial Checkin to CnC (trojan.rules)
  2008056 - ET TROJAN Win32.Inject.ajq Initial Checkin to CnC packet 2 (trojan.rules)
  2008057 - ET TROJAN Win32.Inject.ajq Initial Checkin to CnC Response (trojan.rules)
  2008058 - ET TROJAN Win32.Inject.ajq Initial Checkin to CnC port 443 (trojan.rules)
  2008060 - ET TROJAN Win32.Inject.ajq Initial Checkin to CnC Response port 443 (trojan.rules)

Daily Ruleset Update Summary 2015/10/06

October 6, 2015, 2:25 pm
$
0
0

[***] Summary: [***]

17 new Open signatures, 35 new Pro (17 + 18). KaiXin, muBoT, DustySky.

Thanks: ClearSky, @MalwareMustDie, @ryancmoon and @rmkml


[+++] Added rules: [+++]

2021905 - ET CURRENT_EVENTS KaiXin Landing M5 1 Oct 05 2015 (current_events.rules)
2021906 - ET CURRENT_EVENTS KaiXin Landing M5 2 Oct 05 2015 (current_events.rules)
2021907 - ET CURRENT_EVENTS KaiXin Landing M5 3 Oct 05 2015 (current_events.rules)
2021908 - ET CURRENT_EVENTS KaiXin Landing Page Oct 05 2015 (current_events.rules)
2021909 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (trojan.rules)
2021910 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)
2021911 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)
2021912 - ET TROJAN ELF/muBoT IRC Activity 1 (trojan.rules)
2021913 - ET TROJAN ELF/muBoT IRC Activity 2 (trojan.rules)
2021914 - ET TROJAN ELF/muBoT IRC Activity 3 (trojan.rules)
2021915 - ET TROJAN ELF/muBoT IRC Activity 4 (trojan.rules)
2021916 - ET TROJAN ELF/muBoT IRC Activity 5 (trojan.rules)
2021917 - ET TROJAN ELF/muBoT User-Agent (I'm a mu mu mu ?) (trojan.rules)
2021918 - ET TROJAN DustySky Checkin (trojan.rules)
2021919 - ET TROJAN DustySky CnC Beacon (trojan.rules)
2021920 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (trojan.rules)
2021921 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (trojan.rules)

Pro:

2814243 - ETPRO POLICY 7+ Taskbar Tweaker Checkin (policy.rules)
2814244 - ETPRO TROJAN MSIL/BloquearCasa Checkin (trojan.rules)
2814245 - ETPRO TROJAN CoinMiner Known malicious stratum authline (2015-10-06 1) (trojan.rules)
2814246 - ETPRO TROJAN CoinMiner Known malicious stratum authline (2015-10-06 2) (trojan.rules)
2814247 - ETPRO TROJAN Bitcoin miner known malicious basic auth (YXNrYWFfd29ya2VyOnBlbmlz) (trojan.rules)
2814248 - ETPRO TROJAN Bitcoin miner known malicious basic auth (Z29sZF83OnBhdmxha2E=) (trojan.rules)
2814249 - ETPRO TROJAN Bitcoin miner known malicious basic auth (eXV5dXl1YW4uMzpydHkxMjN3ZTE=) (trojan.rules)
2814250 - ETPRO TROJAN Bitcoin miner known malicious basic auth (c2hyb29tc19yZWFjdG9yOnNtMGs0czIz) (trojan.rules)
2814251 - ETPRO TROJAN Bitcoin miner known malicious basic auth (c2hyb29tc19wbTpzbTBrNHMyMw==) (trojan.rules)
2814252 - ETPRO TROJAN Bitcoin miner known malicious basic auth (MThHN1Q3eTQ5c3dUVVNYTFJVdGlyVUY5VUQyRnlpS05oUDp4eHg=) (trojan.rules)
2814253 - ETPRO TROJAN Bitcoin miner known malicious basic auth (ZWVheF9taW5lOng=) (trojan.rules)
2814254 - ETPRO TROJAN Bitcoin miner known malicious basic auth (dXNlcjc2NDUuMTp4) (trojan.rules)
2814255 - ETPRO TROJAN Bitcoin miner known malicious basic auth (c2NhcHVsYS41OjU=) (trojan.rules)
2814256 - ETPRO TROJAN Bitcoin miner known malicious basic auth (amhkcmhidXh5LjE6eA==) (trojan.rules)
2814257 - ETPRO TROJAN Bitcoin miner known malicious basic auth (YmlnYm9iMDAwMDAwMUBnbWFpbC5jb206eA==) (trojan.rules)
2814258 - ETPRO TROJAN PoisonIvy Keepalive to CnC 233 (trojan.rules)
2814259 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Oct 06 2015 (current_events.rules)
2814260 - ETPRO TROJAN Win32/Unknown Checkin (trojan.rules)


[///] Modified active rules: [///]

2811810 - ETPRO TROJAN Win32/Dowector.A Checkin (trojan.rules)


[---] Removed rules: [---]

2021899 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)
2812957 - ETPRO TROJAN Unknown CnC Checkin (trojan.rules)

Search

Daily Ruleset Update Summary 2015/10/07

October 7, 2015, 3:07 pm
$
0
0

[***] Summary: [***]

13 new Open signatures, 29 new Pro (13 + 16). Banker.M, Ursniff, Nemucod.

Thanks: tdzmont and @abuse_ch.

[+++] Added rules: [+++]

Open:

2021922 - ET TROJAN StartPage Userclass HTTP Request (trojan.rules)
2021923 - ET TROJAN Win32/Neshta.A Posting Data (trojan.rules)
2021924 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)
2021925 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)
2021926 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)
2021927 - ET MOBILE_MALWARE Android/Keymoge DNS Lookup (mobile_malware.rules)
2021928 - ET MOBILE_MALWARE Android/Keymoge Checkin (mobile_malware.rules)
2021929 - ET MOBILE_MALWARE Android/Keymoge Checkin 2 (mobile_malware.rules)
2021930 - ET TROJAN MSIL/Banker.M Requesting Binary from SQL (trojan.rules)
2021931 - ET TROJAN MSIL/Banker.M Downloading Binary from SQL (trojan.rules)
2021932 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)
2021933 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)
2021934 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)

Pro:

2814261 - ETPRO TROJAN Ursniff Fetching DGA Seed (trojan.rules)
2814262 - ETPRO TROJAN Win32/Suloc.A CnC Client Command (update) (trojan.rules)
2814263 - ETPRO TROJAN Win32/Suloc.A CnC Server Command (info) (trojan.rules)
2814264 - ETPRO TROJAN Win32/Suloc.A CnC Client Response (info) (trojan.rules)
2814265 - ETPRO TROJAN PoisonIvy Keepalive to CnC 234 (trojan.rules)
2814266 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.di Checkin (mobile_malware.rules)
2814267 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.G Checkin (mobile_malware.rules)
2814268 - ETPRO TROJAN Nemucod Downloading Payload (trojan.rules)
2814269 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.de Checkin 5 (mobile_malware.rules)
2814270 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.de Response - SET (mobile_malware.rules)
2814271 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.de Response (mobile_malware.rules)
2814272 - ETPRO MALWARE NetFilter PUA Installation Beacon (malware.rules)
2814273 - ETPRO MALWARE NetFilter PUA Installation Beacon Response (malware.rules)
2814274 - ETPRO MALWARE NetFilter PUA Beacon (malware.rules)
2814275 - ETPRO MALWARE NetFilter PUA Application List (malware.rules)
2814276 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Dowgin.r Checkin (mobile_malware.rules)


[///] Modified active rules: [///]

2808698 - ETPRO TROJAN Win32/Paskod.B Downloading Files (trojan.rules)
2811695 - ETPRO TROJAN Win32/Delf.SPE Downloader CnC Beacon (trojan.rules)


[---] Disabled and modified rules: [---]

2003310 - ET P2P Edonkey Publicize File (p2p.rules)
2003315 - ET P2P Edonkey Search Reply (p2p.rules)
2009970 - ET P2P eMule Kademlia Hello Request (p2p.rules)


[---] Removed rules: [---]

2810239 - ETPRO TROJAN Win32/Spy.Bizzana.A Checkin (trojan.rules)
2812978 - ETPRO TROJAN Win32/Neshta.A Posting Data (trojan.rules)

Daily Ruleset Update Summary 2015/10/08

October 8, 2015, 2:38 pm
$
0
0

[***] Summary: [***]

4 new Open signatures, 26 new Pro (4 + 22). PlugX, Busadom.

Thanks: Jake Warren, @rmkml and @abuse_ch.

[+++] Added rules: [+++]

Open:

2021935 - ET TROJAN Possible PlugX DNS Lookup (googlemanage.com) (trojan.rules)
2021936 - ET TROJAN Possible PlugX DNS Lookup (operaa.net) (trojan.rules)
2021937 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)
2021938 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (trojan.rules)

Pro:

2814277 - ETPRO TROJAN Redlonam .onion Proxy Domain (trojan.rules)
2814278 - ETPRO TROJAN W32/VB-Backdoor-PClient Checkin (trojan.rules)
2814279 - ETPRO TROJAN Shifu SSL Cert (trojan.rules)
2814280 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.cl Checkin (mobile_malware.rules)
2814281 - ETPRO CURRENT_EVENTS Successful Amex Account Phish Oct 8 (current_events.rules)
2814282 - ETPRO CURRENT_EVENTS Successful Blackboard Account Phish Oct 8 (current_events.rules)
2814283 - ETPRO CURRENT_EVENTS Successful Webmail Update Phish Confirmation Oct 8 (current_events.rules)
2814284 - ETPRO CURRENT_EVENTS Successful Webmail Update Phish Oct 8 (current_events.rules)
2814285 - ETPRO TROJAN CoinMiner Known malicious stratum authline (2015-10-08 1) (trojan.rules)
2814286 - ETPRO TROJAN CoinMiner Known malicious stratum authline (2015-10-08 2) (trojan.rules)
2814287 - ETPRO TROJAN Bitcoin miner known malicious basic auth (TFBjbmpzUTRtWXljeHk1WmNQdVJYQkZ4YVFDaUF4QWg5Uzp4) (trojan.rules)
2814288 - ETPRO TROJAN Bitcoin miner known malicious basic auth (dW1hZGJyby5ncmlkOmdyaWQ=) (trojan.rules)
2814289 - ETPRO TROJAN Bitcoin miner known malicious basic auth (bml0ZXguV29ya2VySUQ6MTIzNA==) (trojan.rules)
2814290 - ETPRO POLICY DNS Query to .onion proxy Domain (askhoreasption.com) (policy.rules)
2814291 - ETPRO POLICY DNS Query to .onion proxy Domain (armnsoptionpay.com) (policy.rules)
2814292 - ETPRO POLICY DNS Query to .onion proxy Domain (malerstoniska.com) (policy.rules)
2814293 - ETPRO POLICY DNS Query to .onion proxy Domain (transoptionpay.com) (policy.rules)
2814294 - ETPRO TROJAN Backdoor.Busadom CnC Beacon 1 (trojan.rules)
2814295 - ETPRO TROJAN Backdoor.Busadom CnC Beacon 2 (trojan.rules)
2814296 - ETPRO TROJAN Backdoor.Busadom Exfiltrated Data b64 M1 (trojan.rules)
2814297 - ETPRO TROJAN Backdoor.Busadom Exfiltrated Data b64 M2 (trojan.rules)
2814298 - ETPRO TROJAN Backdoor.Busadom Exfiltrated Data b64 M3 (trojan.rules)


[///] Modified active rules: [///]

2001219 - ET SCAN Potential SSH Scan (scan.rules)
2001569 - ET SCAN Behavioral Unusual Port 445 traffic, Potential Scan or Infection (scan.rules)
2001579 - ET SCAN Behavioral Unusual Port 139 traffic, Potential Scan or Infection (scan.rules)
2001580 - ET SCAN Behavioral Unusual Port 137 traffic, Potential Scan or Infection (scan.rules)
2001581 - ET SCAN Behavioral Unusual Port 135 traffic, Potential Scan or Infection (scan.rules)
2001582 - ET SCAN Behavioral Unusual Port 1434 traffic, Potential Scan or Infection (scan.rules)
2001583 - ET SCAN Behavioral Unusual Port 1433 traffic, Potential Scan or Infection (scan.rules)
2001972 - ET SCAN Behavioral Unusually fast Terminal Server Traffic, Potential Scan or Infection (Inbound) (scan.rules)
2002910 - ET SCAN Potential VNC Scan 5800-5820 (scan.rules)
2002911 - ET SCAN Potential VNC Scan 5900-5920 (scan.rules)
2002992 - ET SCAN Rapid POP3 Connections - Possible Brute Force Attack (scan.rules)
2002993 - ET SCAN Rapid POP3S Connections - Possible Brute Force Attack (scan.rules)
2002994 - ET SCAN Rapid IMAP Connections - Possible Brute Force Attack (scan.rules)
2002995 - ET SCAN Rapid IMAPS Connections - Possible Brute Force Attack (scan.rules)
2003068 - ET SCAN Potential SSH Scan OUTBOUND (scan.rules)
2013479 - ET SCAN Behavioral Unusually fast Terminal Server Traffic, Potential Scan or Infection (Outbound) (scan.rules)
2021872 - ET TROJAN Linux/dtool IRC Command (HTTPFLOOD) (trojan.rules)
2021873 - ET TROJAN Linux/dtool IRC Command (TCPFLOOD) (trojan.rules)
2021874 - ET TROJAN Linux/dtool IRC Command (UDPFLOOD) (trojan.rules)
2021875 - ET TROJAN Linux/dtool IRC Command (AUTH) (trojan.rules)
2021876 - ET TROJAN Linux/dtool IRC Command (RAW) (trojan.rules)
2021877 - ET TROJAN Linux/dtool IRC Command (EXEC) (trojan.rules)
2021878 - ET TROJAN Linux/dtool IRC Command (CHSERVER) (trojan.rules)
2021879 - ET TROJAN Linux/dtool IRC Command (STOP) (trojan.rules)
2021880 - ET TROJAN Linux/dtool IRC Command (RESTART) (trojan.rules)
2021881 - ET TROJAN Linux/dtool IRC Command Complete 1 (trojan.rules)
2021882 - ET TROJAN Linux/dtool IRC Command Complete 2 (trojan.rules)
2021883 - ET TROJAN Linux/dtool IRC Command Complete 3 (trojan.rules)
2806561 - ETPRO POLICY Ultrasurf Proxy Anonymizer TLS ClientHello Attempt (policy.rules)
2812160 - ETPRO TROJAN Trojan.Win32.Agent.dtrzmo Checkin (trojan.rules)


[---] Removed rules: [---]

2021932 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)
2021933 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)
2021934 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)

Daily Ruleset Update Summary 2015/10/09

October 9, 2015, 3:33 pm
$
0
0
 [***] Summary: [***]

 5 new Open signatures, 22 new Pro (5 + 17).  Magnitude, Bancos.

 Thanks:  Duane Howard, Anthony Rodgers, Eoin Miller and @abuse_ch.

 [+++]          Added rules:          [+++]

 Open:

  2021939 - ET CURRENT_EVENTS Magnitude EK Landing Oct 08 2015 (current_events.rules)
  2021940 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)
  2021941 - ET WEB_CLIENT Proxy - OWASP Zed Attack Proxy Certificate Seen (web_client.rules)
  2021942 - ET WEB_CLIENT Proxy - BurpSuite PortSwigger Proxy Certificate Seen (web_client.rules)
  2021943 - ET WEB_CLIENT Proxy - Fiddler Proxy Certificate Seen (web_client.rules)

 Pro:

  2814299 - ETPRO MOBILE_MALWARE Android/Spy.Agent.MT Checkin (mobile_malware.rules)
  2814300 - ETPRO MOBILE_MALWARE Android.Adware.Wapsx.A Checkin 6 (mobile_malware.rules)
  2814301 - ETPRO MOBILE_MALWARE Android.Trojan.Fjcon.K Checkin (mobile_malware.rules)
  2814302 - ETPRO CURRENT_EVENTS Magnitude EK IE Exploit CVE 2015-2419 Oct 8 2015 (current_events.rules)
  2814303 - ETPRO CURRENT_EVENTS Possible Magnitude EK SilverLight Exploit Oct 08 2015 (current_events.rules)
  2814304 - ETPRO TROJAN Win32/Banker.APD Checkin (trojan.rules)
  2814305 - ETPRO MOBILE_MALWARE Android.Trojan.DDLight.N Checkin (mobile_malware.rules)
  2814306 - ETPRO MOBILE_MALWARE Android.Trojan.DDLight.N Checkin 2 (mobile_malware.rules)
  2814307 - ETPRO MALWARE Infoshare PUA Configuration Request (malware.rules)
  2814308 - ETPRO CURRENT_EVENTS Successful Cielo Credit Card Phish Oct 9 1 (current_events.rules)
  2814309 - ETPRO CURRENT_EVENTS Successful Cielo Credit Card Phish Oct 9 2 (current_events.rules)
  2814310 - ETPRO CURRENT_EVENTS Successful Zillow Phish Oct 9 (current_events.rules)
  2814311 - ETPRO CURRENT_EVENTS Successful AOL Phish Oct 9 (current_events.rules)
  2814312 - ETPRO TROJAN Win32/Bancos.AMM CnC Beacon 2 (trojan.rules)
  2814313 - ETPRO MOBILE_MALWARE Android/Clicker.D Checkin (mobile_malware.rules)
  2814314 - ETPRO TROJAN Win32/Agent.RJL Checkin (trojan.rules)
  2814315 - ETPRO MALWARE Win32/Imali Adware Activity (malware.rules)


 [///]     Modified active rules:     [///]

  2009475 - ET POLICY TeamViewer Dyngate User-Agent (policy.rules)
  2013214 - ET TROJAN Gh0st Remote Access Trojan Encrypted Session To CnC Server (trojan.rules)
  2801000 - ETPRO WEB_CLIENT Microsoft Windows Movie Maker Insecure Library Loading WebDAV PROPFIND hhctrl.ocx (web_client.rules)
  2811157 - ETPRO MOBILE_MALWARE Trojan.Android.Clicker.J Checkin 2 (mobile_malware.rules)
  2812860 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Viser.a Checkin (mobile_malware.rules)


 [///]    Modified inactive rules:    [///]

  2800968 - ETPRO WEB_CLIENT Microsoft Office Powerpoint Insecure Library Loading WebDAV PROPFIND pp7x32.dll (web_client.rules)

Daily Ruleset Update Summary 2015/10/12

October 12, 2015, 3:51 pm
$
0
0

[***] Summary: [***]

4 new Open signatures, 25 new Pro (4 + 21). Dridex, Kelihos, Zemot, GhostPush.

Thanks: @MalwareMustDie and @abuse_ch

[+++] Added rules: [+++]

Open:

2021944 - ET CURRENT_EVENTS Netgear Multiple Router Auth Bypass (current_events.rules)
2021945 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules)
2021946 - ET TROJAN Possible Dridex SSL Cert Oct 12 2015 (trojan.rules)
2021947 - ET TROJAN Win32/Kelihos.F Checkin (trojan.rules)

Pro:

2814316 - ETPRO TROJAN W32/Ramnnit.A Checkin 2 (trojan.rules)
2814317 - ETPRO TROJAN W32/Zemot.A Checkin (trojan.rules)
2814319 - ETPRO TROJAN CoinMiner Known malicious stratum authline (2015-10-12 1) (trojan.rules)
2814320 - ETPRO TROJAN Bitcoin miner known malicious basic auth (d2FzYXBfMjoxMjM=) (trojan.rules)
2814321 - ETPRO TROJAN Bitcoin miner known malicious basic auth (dHJ6bml0dV9nb29kOmF1c2Nod2l0eg==) (trojan.rules)
2814322 - ETPRO TROJAN Bitcoin miner known malicious basic auth (YmFkYXBwbGUuMTp4) (trojan.rules)
2814323 - ETPRO MALWARE Win32/Adware.Kuaiba.A Checkin (malware.rules)
2814324 - ETPRO CURRENT_EVENTS Nuclear EK Landing URI Struct Oct 12 (current_events.rules)
2814326 - ETPRO MOBILE_MALWARE Android GhostPush Checkin (mobile_malware.rules)
2814327 - ETPRO MOBILE_MALWARE Android GhostPush Checkin 2 (mobile_malware.rules)
2814328 - ETPRO MOBILE_MALWARE Android GhostPush Checkin 3 (mobile_malware.rules)
2814329 - ETPRO MOBILE_MALWARE Android GhostPush Checkin 4 (mobile_malware.rules)
2814330 - ETPRO MOBILE_MALWARE Android GhostPush Checkin 5 (mobile_malware.rules)
2814331 - ETPRO MOBILE_MALWARE Android OIMobi Checkin (mobile_malware.rules)
2814332 - ETPRO MOBILE_MALWARE Android OIMobi Checkin 2 (mobile_malware.rules)
2814333 - ETPRO CURRENT_EVENTS Successful Samsung Portal Phish Oct 12 1 (current_events.rules)
2814334 - ETPRO CURRENT_EVENTS Successful Samsung Portal Phish Oct 12 2 (current_events.rules)
2814335 - ETPRO CURRENT_EVENTS Successful Quickbooks Phish Oct 12 1 (current_events.rules)
2814336 - ETPRO CURRENT_EVENTS Successful Quickbooks Phish Oct 12 2 (current_events.rules)
2814337 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Rootnik.g Checkin (mobile_malware.rules)
2814338 - ETPRO MOBILE_MALWARE Android.Trojan.HiddenApp.BT Checkin (mobile_malware.rules)


[///] Modified active rules: [///]

2021749 - ET CURRENT_EVENTS Possible Upatre/Dyre/Kegotip SSL Cert Sept 8 2015 (current_events.rules)
2021939 - ET CURRENT_EVENTS Magnitude EK Landing Oct 08 2015 (current_events.rules)
2812316 - ETPRO TROJAN SeaDuke CnC Beacon (trojan.rules)
2812500 - ETPRO TROJAN W32/Zemot.A Downloading Binary (trojan.rules)


[---] Removed rules: [---]

2807093 - ETPRO TROJAN Win32/Kelihos.F Checkin (trojan.rules)

October 2015 Patch Tuesday Coverage

October 13, 2015, 2:19 pm
$
0
0
BulletinCVETitleNotesET Pro Coverage
MS15-1062015-2482Scripting Engine Memory Corruption VulnerabilityExploit Code Likely2814342
MS15-1092015-2515Toolbar Use After Free VulnerabilityExploit Code Likely2814343
MS15-1092015-2548Microsoft Tablet Input Band Use After Free VulnerabilityExploit Code Likely2814344
MS15-1062015-6042Internet Explorer Memory Corruption VulnerabilityExploit Code Likely2814345
MS15-1062015-6048Internet Explorer Memory Corruption VulnerabilityExploit Code Likely2814346
MS15-1062015-6050Internet Explorer Memory Corruption VulnerabilityExploit Code Likely2814347
MS15-1072015-6058Microsoft Edge XSS Filter BypassExploit Code Likely2814347
Viewing all 147 articles
Browse latest View live
Search