[Emerging-updates] Daily Ruleset Update Summary 2016/11/04

Francis Trudeau ftrudeau at emergingthreats.net
Fri Nov 4 17:56:42 EDT 2016


 [***] Summary: [***]

 17 new Pro signatures.  Cerber, Dreambot, Friday, PoisonIvy.

 [+++]          Added rules:          [+++]

  2823099 - ETPRO TROJAN MSIL/DDI.Bot CnC Checkin (trojan.rules)
  2823100 - ETPRO TROJAN W32.Dreambot File Upload (Data Sent) (trojan.rules)
  2823101 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-11-04 1) (trojan.rules)
  2823102 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(bWFtY2hvbEB5YW5kZXgucnVfMDpoaXNka3Bja3ZtbHNzYWQ=) (trojan.rules)
  2823103 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(T21lR2FfdGVzdDp0ZXN0) (trojan.rules)
  2823104 - ETPRO TROJAN DNS Query to Cerber Domain (sotn58 . top)
(trojan.rules)
  2823105 - ETPRO TROJAN DNS Query to Cerber Domain (d4u711 . bid)
(trojan.rules)
  2823106 - ETPRO TROJAN DNS Query to Cerber Domain (js43vy . bid)
(trojan.rules)
  2823107 - ETPRO TROJAN DNS Query to Cerber Domain (bipa9k . top)
(trojan.rules)
  2823108 - ETPRO TROJAN DNS Query to Cerber Domain (rbrkng . bid)
(trojan.rules)
  2823109 - ETPRO TROJAN DNS Query to Cerber Domain (gmnjzj . bid)
(trojan.rules)
  2823110 - ETPRO TROJAN DNS Query to Cerber Domain (liesshall . bid)
(trojan.rules)
  2823111 - ETPRO TROJAN DNS Query to Cerber Domain (cv3fdi . bid)
(trojan.rules)
  2823112 - ETPRO TROJAN DNS Query to Cerber Domain (unzcm1 . bid)
(trojan.rules)
  2823113 - ETPRO TROJAN DNS Query to Cerber Domain (vx5whc . bid)
(trojan.rules)
  2823116 - ETPRO TROJAN PoisonIvy Keepalive to CnC 581 (trojan.rules)
  2823117 - ETPRO INFO Possibly Malicious DNS TXT Response Contains
URL (info.rules)


 [///]     Modified active rules:     [///]

  2022970 - ET TROJAN W32.Dreambot File Upload (No Data Sent) (trojan.rules)
  2811773 - ETPRO TROJAN MSIL/Kryptik Variant Keepalive (trojan.rules)
  2811774 - ETPRO TROJAN Worm Win32/Rebhip.Z Variant Checkin (trojan.rules)
  2823044 - ETPRO TROJAN W32.Dreambot Checkin (trojan.rules)
  2823092 - ETPRO MALWARE Win32/CainCleaner.D CnC 1 (malware.rules)
  2823093 - ETPRO MALWARE Win32/CainCleaner.D CnC 2 (malware.rules)


 [---]  Disabled and modified rules:  [---]

  2822584 - ETPRO TROJAN Ursnif Variant CnC Beacon 6 (trojan.rules)
  2823079 - ETPRO TROJAN APT28 DealersChoice CnC Beacon M2 (trojan.rules)


 [---]         Removed rules:         [---]

  2809030 - ETPRO TROJAN Possibly Malicious DNS TXT Response Contains
URL (trojan.rules)


More information about the Emerging-updates mailing list