[Emerging-updates] Daily Ruleset Update Summary 2017/02/08

Francis Trudeau ftrudeau at emergingthreats.net
Wed Feb 8 18:13:40 EST 2017


 [***] Summary: [***]

 3 new Open signatures, 36 new Pro (3 + 33).  Alreay Banker, KilerRAT,
TorrentLocker, Serpent Ransomware, RocketKitten.

 Thanks:  Jeremy MJ.

 [+++]          Added rules:          [+++]

 Open:

  2023884 - ET TROJAN Banker.Win32.Alreay DNS Lookup (tradeboard
.mefound .com) (trojan.rules)
  2023885 - ET TROJAN Banker.Win32.Alreay DNS Lookup (movis-es
.ignorelist .com) (trojan.rules)
  2023886 - ET TROJAN Banker.Win32.Alreay DNS Lookup (exbonus .mrbasic
.com) (trojan.rules)

 Pro:

  2824829 - ETPRO TROJAN KilerRAT Variant CnC Command (ll) (trojan.rules)
  2824830 - ETPRO TROJAN KilerRAT Variant CnC Command (Screen Capture)
(trojan.rules)
  2824831 - ETPRO TROJAN KilerRAT Variant CnC Command Response (inv)
(trojan.rules)
  2824832 - ETPRO TROJAN KilerRAT Variant CnC Command (Get Passwords)
(trojan.rules)
  2824833 - ETPRO TROJAN KilerRAT Variant CnC Command (Remote Desktop)
(trojan.rules)
  2824834 - ETPRO TROJAN KilerRAT Variant CnC Command (Remote Desktop)
(trojan.rules)
  2824835 - ETPRO TROJAN KilerRAT Variant CnC Command (act) (trojan.rules)
  2824836 - ETPRO TROJAN KilerRAT Variant CnC Command (inf) (trojan.rules)
  2824837 - ETPRO TROJAN Win32/Agent.RSY AIM Signon (trojan.rules)
  2824838 - ETPRO TROJAN Win32/Agent.RSY AIM Sending Machine Info (trojan.rules)
  2824839 - ETPRO TROJAN Win32/Agent.RSY AIM Sending Machine Info (trojan.rules)
  2824840 - ETPRO TROJAN Win32/Agent.RSY AIM Sending Machine Info (trojan.rules)
  2824841 - ETPRO WEB_SERVER Expression Engine CMS Type Juggling
Exploit Attempt (web_server.rules)
  2824842 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2824843 - ETPRO MALWARE Win32/DownloadAdmin.AA PUP CnC Beacon (malware.rules)
  2824844 - ETPRO MALWARE Win32/Rising.B PUP CnC Beacon (malware.rules)
  2824845 - ETPRO MALWARE PUP/MailRu.B CnC Beacon (malware.rules)
  2824846 - ETPRO TROJAN Win32/Spy.Banker.ACVB CnC Beacon (trojan.rules)
  2824848 - ETPRO TROJAN Odinaff Malicious SSL Certificate Detected
(trojan.rules)
  2824849 - ETPRO TROJAN Serpent Ransomware Onion Domain (trojan.rules)
  2824850 - ETPRO TROJAN Serpent Ransomware Domain (trojan.rules)
  2824851 - ETPRO TROJAN Serpent Ransomware Domain (trojan.rules)
  2824852 - ETPRO TROJAN Digisom Ransomware CnC Checkin (trojan.rules)
  2824853 - ETPRO TROJAN RocketKitten Win32.Diple.gtyj CnC Beacon (trojan.rules)
  2824854 - ETPRO CURRENT_EVENTS Successful Adobe PDF Phish M1 Feb 08
2017 (current_events.rules)
  2824855 - ETPRO CURRENT_EVENTS Successful Adobe PDF Phish M2 Feb 08
2017 (current_events.rules)
  2824856 - ETPRO CURRENT_EVENTS Successful Santander Bank (BR) Phish
Feb 08 2017 (current_events.rules)
  2824857 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Mobile
Phish M1 Feb 08 2017 (current_events.rules)
  2824858 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Mobile
Phish M2 Feb 08 2017 (current_events.rules)
  2824859 - ETPRO CURRENT_EVENTS Successful Sparkasse Bank (DE) Phish
Feb 08 2017 (current_events.rules)
  2824860 - ETPRO CURRENT_EVENTS Successful Outlook (FR) Phish Feb 08
2017 (current_events.rules)
  2824861 - ETPRO CURRENT_EVENTS Successful DHL Phish (Meta HTTP-Equiv
Refresh) Feb 08 2017 (current_events.rules)
  2824862 - ETPRO CURRENT_EVENTS Successful Mailbox Validation Phish
Feb 08 2017 (current_events.rules)


 [///]     Modified active rules:     [///]

  2803851 - ETPRO WEB_CLIENT Microsoft Internet Explorer remote code
execution via option element (web_client.rules)
  2816102 - ETPRO CURRENT_EVENTS Successful Generic Phish (Redirect to
Download PDF) Feb 8 (current_events.rules)
  2824134 - ETPRO CURRENT_EVENTS Successful Generic Phish (Meta
HTTP-Equiv Refresh) Dec 29 2016 (current_events.rules)


More information about the Emerging-updates mailing list