[Emerging-Sigs] Daily Ruleset Update Summary 2018/02/23

Travis Green tgreen at emergingthreats.net
Fri Feb 23 12:07:48 HST 2018


[***]            Summary:            [***]

5 new Open, 11 new Pro (5 + 6). Loki, Mirai/OMG, Various Phishing.

Try the new feedback tool: https://feedback.emergingthreats.net/feedback

Thanks: Andy Jackman


[+++]          Added rules:          [+++]

Open:

 2025381 - ET TROJAN Loki Bot Checkin (trojan.rules)
 2025382 - ET TROJAN Known Malicious Redirector in DNS Lookup (vip.rm028
.cn) (trojan.rules)
 2025383 - ET TROJAN Known Malicious Redirector in DNS Lookup (by007 .cn)
(trojan.rules)
 2025384 - ET TROJAN Mirai/OMG Proxy Variant CnC in DNS Lookup (ccnew.mm
.my) (trojan.rules)
 2025385 - ET TROJAN Mirai/OMG Proxy Variant CnC in DNS Lookup (rpnew.mm
.my) (trojan.rules)

Pro:

 2829784 - ETPRO TROJAN Observed Malicious SSL Cert (Bancos Variant CnC)
(trojan.rules)
 2829785 - ETPRO TROJAN Observed Malicious SSL Cert (Bancos Variant CnC 2)
(trojan.rules)
 2829786 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-23 1) (trojan.rules)
 2829787 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-23 2) (trojan.rules)
 2829788 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif/Gozi ISFB)
(trojan.rules)
 2829789 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-23 3) (trojan.rules)


[///]     Modified active rules:     [///]

 2803218 - ETPRO TROJAN W32/UFR_Stealer User-Agent (Trololo) (trojan.rules)
 2804324 - ETPRO TROJAN W32/UFR_Stealer sending stolen data via FTP
(trojan.rules)


[---]         Removed rules:         [---]

 2815070 - ETPRO TROJAN Loki Bot Checkin (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20180223/8361e9eb/attachment.html>


More information about the Emerging-sigs mailing list