[Emerging-updates] Daily Ruleset Update Summary 2017/02/28

Francis Trudeau ftrudeau at emergingthreats.net
Tue Feb 28 16:58:08 EST 2017


 [***] Summary: [***]

 7 new Open signatures, 18 new Pro (7 + 11).  Pteranodon Backdoor,
Gamaredon, Infostealer.Bancos ProxyChanger.

 [+++]          Added rules:          [+++]

 Open:

  2024022 - ET TROJAN Pteranodon Backdoor Checkin (trojan.rules)
  2024023 - ET TROJAN Pteranodon Backdoor CnC POST (trojan.rules)
  2024024 - ET TROJAN Pteranodon Variant 1 Backdoor Checkin (trojan.rules)
  2024025 - ET TROJAN Pteranodon Variant 2 Backdoor Checkin (trojan.rules)
  2024026 - ET TROJAN Pteranodon Variant 3 Backdoor Checkin (trojan.rules)
  2024027 - ET TROJAN Gamaredon File Stealer POST (trojan.rules)
  2024028 - ET TROJAN Infostealer.Bancos ProxyChanger Checkin (trojan.rules)

 Pro:

  2825152 - ETPRO MALWARE MSIL/Adware.Dotdo.AP Checkin 2 (malware.rules)
  2825153 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.NM Checkin
(mobile_malware.rules)
  2825154 - ETPRO MOBILE_MALWARE Android/Mseg.B CnC Beacon
(mobile_malware.rules)
  2825155 - ETPRO CURRENT_EVENTS MalDoc Retrieving Payload Feb 28 2017
(current_events.rules)
  2825156 - ETPRO TROJAN DNS Query to Cerber Domain (14kfoz . top)
(trojan.rules)
  2825157 - ETPRO TROJAN DNS Query to Cerber Domain (13g2v9 . top)
(trojan.rules)
  2825158 - ETPRO TROJAN DNS Query to Cerber Domain (1daq6h . top)
(trojan.rules)
  2825159 - ETPRO TROJAN DNS Query to Cerber Domain (1jh5kv . top)
(trojan.rules)
  2825160 - ETPRO TROJAN DNS Query to Cerber Domain (1kq4l8 . top)
(trojan.rules)
  2825161 - ETPRO TROJAN DNS Query to Cerber Domain (1ebvqb . top)
(trojan.rules)
  2825162 - ETPRO TROJAN DNS Query to Cerber Domain (1bywu2 . top)
(trojan.rules)


 [---]  Disabled and modified rules:  [---]

  2809512 - ETPRO EXPLOIT Possible IPMI 1.5 Session-ID Exploit Attempt
CVE-2014-8272 (exploit.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170228/52b09948/attachment.html>


More information about the Emerging-updates mailing list