[Emerging-updates] Daily Ruleset Update Summary 2017/02/22

Francis Trudeau ftrudeau at emergingthreats.net
Wed Feb 22 17:27:54 EST 2017


 [***] Summary: [***]

 1 new Open signature, 29 new Pro.  VenusLocker, Loda Logger, Kovter.

 Thanks:  Jeremy MJ.

 [+++]          Added rules:          [+++]

 Open:

  2024006 - ET INFO Opera Adblocker Update Flowbit Set (info.rules)

 Pro:

  2825063 - ETPRO TROJAN PowerShell Empire Request HTTP Pattern (trojan.rules)
  2825064 - ETPRO TROJAN PowerShell Empire Response HTTP Pattern (trojan.rules)
  2825065 - ETPRO TROJAN Spora .onion Proxy Domain (trojan.rules)
  2825066 - ETPRO TROJAN W32/VenusLocker Ransomware Desktop Background
Image GET Request 2 (trojan.rules)
  2825067 - ETPRO TROJAN W32/VenusLocker Ransomware Key Generation
(trojan.rules)
  2825068 - ETPRO TROJAN W32/VenusLocker Ransomware Key Generation
Success (trojan.rules)
  2825069 - ETPRO CURRENT_EVENTS Successful IRS Phish M1 Feb 22 2017
(current_events.rules)
  2825070 - ETPRO CURRENT_EVENTS Successful IRS Phish M2 Feb 22 2017
(current_events.rules)
  2825071 - ETPRO CURRENT_EVENTS Successful IRS Phish M3 Feb 22 2017
(current_events.rules)
  2825072 - ETPRO CURRENT_EVENTS Unk.MalDoc CnC Checkin (current_events.rules)
  2825073 - ETPRO CURRENT_EVENTS Evil Redirector Leading to Kovter
Soceng Feb 21 2017 (current_events.rules)
  2825074 - ETPRO TROJAN Kovter Soceng SSL Certificate Detected (trojan.rules)
  2825075 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-02-21 1) (trojan.rules)
  2825076 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-02-21 2) (trojan.rules)
  2825077 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-02-21 3) (trojan.rules)
  2825078 - ETPRO TROJAN DNS Query to Cerber Domain (12c8ff . top)
(trojan.rules)
  2825079 - ETPRO TROJAN DNS Query to Cerber Domain (1dyzdh . top)
(trojan.rules)
  2825080 - ETPRO TROJAN DNS Query to Cerber Domain (13upky . top)
(trojan.rules)
  2825081 - ETPRO TROJAN DNS Query to Cerber Domain (1gqqsc . top)
(trojan.rules)
  2825082 - ETPRO TROJAN DNS Query to Cerber Domain (1cggqc . top)
(trojan.rules)
  2825083 - ETPRO TROJAN DNS Query to Cerber Domain (12ulcz . top)
(trojan.rules)
  2825084 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Shedun.Z Config
Download (mobile_malware.rules)
  2825085 - ETPRO TROJAN Loda Logger Screenshot Request (trojan.rules)
  2825086 - ETPRO TROJAN Loda Logger Module Download Request (trojan.rules)
  2825087 - ETPRO TROJAN Loda Logger Module Execute Request (trojan.rules)
  2825088 - ETPRO TROJAN Loda Logger List Disk Drives Request (trojan.rules)
  2825089 - ETPRO TROJAN Loda Logger List Desktop Files Request (trojan.rules)
  2825090 - ETPRO TROJAN Loda Logger List Disk Drive Files Request
(trojan.rules)


 [///]     Modified active rules:     [///]

  2014545 - ET CURRENT_EVENTS TDS Sutra - page redirecting to a
SutraTDS (current_events.rules)
  2022466 - ET CURRENT_EVENTS Possible Keitaro TDS Redirect
(current_events.rules)
  2809563 - ETPRO MOBILE_MALWARE Android.Trojan.Lovespy.D Checkin
(mobile_malware.rules)
  2812559 - ETPRO CURRENT_EVENTS Successful Impots.gouv.fr Phish Aug
20 1 (current_events.rules)
  2822116 - ETPRO TROJAN Loda Logger CnC Beacon (trojan.rules)
  2822117 - ETPRO TROJAN Loda Logger CnC Beacon Response (trojan.rules)
  2822647 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Oct
14 2016 (current_events.rules)
  2824604 - ETPRO MOBILE_MALWARE Anubis Android Loader Checkin
(mobile_malware.rules)


More information about the Emerging-updates mailing list