[Emerging-updates] Daily Ruleset Update Summary 2017/02/13

Francis Trudeau ftrudeau at emergingthreats.net
Mon Feb 13 17:31:21 EST 2017


 [***] Summary: [***]

 6 new Open signatures, 44 new Pro (6 + 38).  Qadars, SunDown EK,
Pegasus, Kovter.

 Thanks, James Lay, @cyber_attacks and @FiloSottile.

 [+++]          Added rules:          [+++]

 Open:

  2023893 - ET TROJAN Qadars CnC DNS Lookup (bst2bgxin81a.org) (trojan.rules)
  2023894 - ET TROJAN Qadars CnC DNS Lookup (websecuranalityc.com)
(trojan.rules)
  2023895 - ET TROJAN Qadars CnC DNS Lookup (liveskansys.com) (trojan.rules)
  2023896 - ET EXPLOIT Possible Ticketbleed Client Hello
(CVE-2016-9244) (exploit.rules)
  2023897 - ET EXPLOIT Possible Ticketbleed Server Hello
(CVE-2016-9244) (exploit.rules)
  2023898 - ET TROJAN Possible Pegasus Related DNS Lookup
(iusacell-movil .com.mx) (trojan.rules)
  2023899 - ET TROJAN Possible Pegasus Related DNS Lookup (smsmensaje
.mx) (trojan.rules)

 Pro:

  2824894 - ETPRO TROJAN MSIL/Unk.HTTP Bot CnC Activity (trojan.rules)
  2824895 - ETPRO CURRENT_EVENTS Successful Office 365 Phish Feb 12
2017 (current_events.rules)
  2824896 - ETPRO TROJAN Ransomware CnC DNS Lookup (btbord . org) (trojan.rules)
  2824897 - ETPRO MALWARE Win32/Adware.Ymeta.A CnC Beacon (malware.rules)
  2824898 - ETPRO MOBILE_MALWARE Android/SMSreg.TD Checkin 2
(mobile_malware.rules)
  2824899 - ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2017 M1
(current_events.rules)
  2824900 - ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2017 M2
(current_events.rules)
  2824901 - ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2017 M3
(current_events.rules)
  2824902 - ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2017 M4
(current_events.rules)
  2824903 - ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2017 M5
(current_events.rules)
  2824904 - ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2017 M6
(current_events.rules)
  2824905 - ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2017 M7
(current_events.rules)
  2824906 - ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2017 M8
(current_events.rules)
  2824907 - ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2017 M9
(current_events.rules)
  2824908 - ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2017 10
(current_events.rules)
  2824909 - ETPRO CURRENT_EVENTS Possible SunDown EK Payload Feb 13
2017 (current_events.rules)
  2824910 - ETPRO CURRENT_EVENTS Possible Secondary SunDown EK Landing
URI Struct Jan 05 2017 (current_events.rules)
  2824911 - ETPRO CURRENT_EVENTS SunDown EK Prefilter Feb 13 2017
(current_events.rules)
  2824912 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-02-13 1) (trojan.rules)
  2824913 - ETPRO TROJAN Malicious SSL Certificate Detected (Gootkit
C2) (trojan.rules)
  2824914 - ETPRO TROJAN Possible Remcos/Remvio DNS Lookup (trojan.rules)
  2824915 - ETPRO POLICY Possible GameVance HTTP Request (policy.rules)
  2824916 - ETPRO MOBILE_MALWARE PUA Android/Odpa.A Checkin
(mobile_malware.rules)
  2824917 - ETPRO TROJAN Win32/Kovter.A Connectivy Check (trojan.rules)
  2824918 - ETPRO TROJAN Malicious SSL Certificate Detected (Gootkit
C2) (trojan.rules)
  2824919 - ETPRO TROJAN Win32/Zbot Client Checkin M3 (trojan.rules)
  2824920 - ETPRO MOBILE_MALWARE Android/Monitor.Mytrackp.C Checkin
(mobile_malware.rules)
  2824921 - ETPRO TROJAN Banker.Win32.Alreay DNS Lookup (trojan.rules)
  2824922 - ETPRO CURRENT_EVENTS Successful Microsoft Live Email
Account Phish Feb 13 2017 (current_events.rules)
  2824923 - ETPRO CURRENT_EVENTS Apple Phishing Landing M1 Feb 13 2017
(current_events.rules)
  2824924 - ETPRO CURRENT_EVENTS Apple Phishing Landing M2 Feb 13 2017
(current_events.rules)
  2824925 - ETPRO CURRENT_EVENTS Successful Khaleeji Commercial Bank
Phish Feb 13 2017 (current_events.rules)
  2824926 - ETPRO CURRENT_EVENTS Successful Societe Generale (FR)
Phish M1 Feb 13 2017 (current_events.rules)
  2824927 - ETPRO CURRENT_EVENTS Successful Societe Generale (FR)
Phish M2 Feb 13 2017 (current_events.rules)
  2824928 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M1
Feb 13 2017 (current_events.rules)
  2824929 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M2
Feb 13 2017 (current_events.rules)
  2824930 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M3
Feb 13 2017 (current_events.rules)
  2824931 - ETPRO TROJAN Observed Malicious JS Domain in SSL SNI (trojan.rules)


 [///]     Modified active rules:     [///]

  2811866 - ETPRO MOBILE_MALWARE Android/SMSreg.TD Checkin
(mobile_malware.rules)
  2821840 - ETPRO MOBILE_MALWARE Android/SMForw.MV Checkin
(mobile_malware.rules)
  2823855 - ETPRO CURRENT_EVENTS SunDown EK Flash Exploit Dec 13 2016
(current_events.rules)


More information about the Emerging-updates mailing list