[Emerging-updates] Daily Ruleset Update Summary 2016/11/07

Francis Trudeau ftrudeau at emergingthreats.net
Mon Nov 7 17:09:14 EST 2016


 [***] Summary: [***]

 2 new Open signatures, 19 new Pro (2 + 17).  Cerber, Pegasus Safari
Exploit, Gootkit, Hancitor.

 Thanks:  @a_de_pasquale.

 [+++]          Added rules:          [+++]

 Open:

  2023484 - ET EXPLOIT Possible iOS Pegasus Safari Exploit
(CVE-2016-4657) (exploit.rules)
  2023485 - ET TROJAN Unknown Malicious JS Checkin (trojan.rules)

 Pro:

  2823118 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-11-07 1) (trojan.rules)
  2823119 - ETPRO TROJAN DNS Query to Cerber Domain (itdrink . club)
(trojan.rules)
  2823120 - ETPRO TROJAN DNS Query to Cerber Domain (jal9lk . bid)
(trojan.rules)
  2823121 - ETPRO TROJAN DNS Query to Cerber Domain (0ndl3j . bid)
(trojan.rules)
  2823122 - ETPRO TROJAN DNS Query to Cerber Domain (t0su8p . bid)
(trojan.rules)
  2823123 - ETPRO TROJAN DNS Query to Cerber Domain (yg767p . bid)
(trojan.rules)
  2823124 - ETPRO TROJAN DNS Query to Cerber Domain (goshare . red)
(trojan.rules)
  2823125 - ETPRO TROJAN DNS Query to Cerber Domain (fgzgvw . bid)
(trojan.rules)
  2823126 - ETPRO TROJAN DNS Query to Cerber Domain (bipa9k . bid)
(trojan.rules)
  2823127 - ETPRO TROJAN DNS Query to Cerber Domain (9473jk . top)
(trojan.rules)
  2823128 - ETPRO TROJAN DNS Query to Cerber Domain (69ju9u . bid)
(trojan.rules)
  2823129 - ETPRO TROJAN PoisonIvy Keepalive to CnC 582 (trojan.rules)
  2823130 - ETPRO TROJAN PoisonIvy Keepalive to CnC 583 (trojan.rules)
  2823131 - ETPRO TROJAN W32.Unknown Checkin (FB Fraud) (trojan.rules)
  2823132 - ETPRO TROJAN Known Malicious PNG HTTP Download (Hancitor)
(trojan.rules)
  2823133 - ETPRO TROJAN Malicious SSL certificate detected (Gootkit
CnC) (trojan.rules)
  2823134 - ETPRO TROJAN Malicious SSL certificate detected (Gootkit
CnC) (trojan.rules)


 [///]     Modified active rules:     [///]

  2814577 - ETPRO DNS SkullSecurity Encrypted Shell Possible Tunnel 1
(dns.rules)
  2821875 - ETPRO TROJAN Win32/Remcos RAT Checkin (trojan.rules)


More information about the Emerging-updates mailing list