[Emerging-Sigs] Daily Ruleset Update Summary 2018/02/28

Travis Green tgreen at emergingthreats.net
Wed Feb 28 15:00:38 HST 2018


[***]            Summary:            [***]

1 new Open, 18 new Pro (1 + 17). KovCoreG, Chafer CnC, Various Mobile.

Try the new feedback tool: https://feedback.emergingthreats.net/feedback


[+++]          Added rules:          [+++]

Pro:

 2829828 - ETPRO TROJAN Nitol DDoS Variant CnC Beacon (trojan.rules)
 2829829 - ETPRO TROJAN KovCoreG DNS Lookup (trojan.rules)
 2829830 - ETPRO TROJAN KovCoreG DNS Lookup (trojan.rules)
 2829831 - ETPRO TROJAN KovCoreG Malicious SSL Certificate Detected
(trojan.rules)
 2829832 - ETPRO TROJAN KovCoreG Malicious SSL Certificate Detected
(trojan.rules)
 2829833 - ETPRO TROJAN KovCoreG Domain Observed in SNI (trojan.rules)
 2829834 - ETPRO TROJAN KovCoreG Domain Observed in SNI (trojan.rules)
 2829835 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-28 1) (trojan.rules)
 2829836 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(NEE2dllBajF5VWZVa...) (trojan.rules)
 2829837 - ETPRO TROJAN Chafer CnC DNS Lookup 1 (trojan.rules)
 2829838 - ETPRO TROJAN Chafer CnC DNS Lookup 2 (trojan.rules)
 2829839 - ETPRO TROJAN Chafer CnC DNS Lookup 3 (trojan.rules)
 2829840 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-28 3) (trojan.rules)
 2829841 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-28 4) (trojan.rules)
 2829842 - ETPRO TROJAN Chafer CnC DNS Lookup 4 (trojan.rules)
 2829843 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-28 5) (trojan.rules)
 2829844 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-28 6) (trojan.rules)
 2829845 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
294 (mobile_malware.rules)
 2829846 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
295 (mobile_malware.rules)
 2829847 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
296 (mobile_malware.rules)
 2829848 - ETPRO TROJAN SmokeLoader encrypted module (3) (trojan.rules)


[///]     Modified active rules:     [///]

 2812967 - ETPRO TROJAN Trojan/Banker.Bancos.deq Retrieving C2
(trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20180228/80095d1d/attachment.html>


More information about the Emerging-sigs mailing list