[Emerging-updates] Daily Ruleset Update Summary 2017/02/10

Francis Trudeau ftrudeau at emergingthreats.net
Fri Feb 10 17:44:48 EST 2017


 [***] Summary: [***]

 1 new Open signature, 18 new Pro (1 + 17).  Cerber, Secapk, NanoCore, Locker.Q.

 [+++]          Added rules:          [+++]

 Open:

  2023892 - ET INFO MP4 in HTTP Flowbit Set M2 (info.rules)

 Pro:

  2824877 - ETPRO MOBILE_MALWARE PUA Android/Secapk.E Checkin
(mobile_malware.rules)
  2824878 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.dj
Contacts Exfil via SMTP 3 (mobile_malware.rules)
  2824879 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.dj
Contacts Exfil via SMTP 4 (mobile_malware.rules)
  2824880 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.QA CnC Beacon
(mobile_malware.rules)
  2824881 - ETPRO TROJAN NanoCore RAT CnC 24 (trojan.rules)
  2824882 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Agent.ar
Checkin (mobile_malware.rules)
  2824883 - ETPRO MOBILE_MALWARE Android/Locker.Q DNS Lookup
(mobile_malware.rules)
  2824884 - ETPRO MOBILE_MALWARE Android/Locker.Q DNS Lookup
(mobile_malware.rules)
  2824885 - ETPRO MOBILE_MALWARE Android/Locker.Q DNS Lookup
(mobile_malware.rules)
  2824886 - ETPRO TROJAN DNS Query to Cerber Domain (1fqwek . top)
(trojan.rules)
  2824887 - ETPRO TROJAN DNS Query to Cerber Domain (1bj4k9 . top)
(trojan.rules)
  2824888 - ETPRO TROJAN DNS Query to Cerber Domain (1dz7gk . top)
(trojan.rules)
  2824889 - ETPRO TROJAN DNS Query to Cerber Domain (1l4zyd . top)
(trojan.rules)
  2824890 - ETPRO TROJAN DNS Query to Cerber Domain (1d8m97 . top)
(trojan.rules)
  2824891 - ETPRO TROJAN DNS Query to Cerber Domain (1h23cc . top)
(trojan.rules)
  2824892 - ETPRO TROJAN DNS Query to Cerber Domain (1bvadx . top)
(trojan.rules)
  2824893 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-02-10 1) (trojan.rules)


 [///]     Modified active rules:     [///]

  2023713 - ET INFO MP4 in HTTP Flowbit Set (info.rules)
  2809636 - ETPRO MOBILE_MALWARE Android/Locker.Q Checkin (mobile_malware.rules)


 [---]  Disabled and modified rules:  [---]

  2824841 - ETPRO WEB_SERVER Expression Engine CMS Type Juggling
Exploit Attempt (web_server.rules)


More information about the Emerging-updates mailing list