[Emerging-updates] Daily Ruleset Update Summary 2017/03/24

Francis Trudeau ftrudeau at emergingthreats.net
Fri Mar 24 17:57:24 EDT 2017


 [***] Summary: [***]

 23 new Pro signatures.  Misdat/Poldat, Samsam Ransomware, CVE-2017-0154.

 [+++]          Added rules:          [+++]

  2825584 - ETPRO TROJAN Targeted Unknown Bot CnC Beacon (trojan.rules)
  2825585 - ETPRO TROJAN Misdat/Poldat Variant CnC Beacon (trojan.rules)
  2825586 - ETPRO TROJAN SpyLuk RAT Checkin (trojan.rules)
  2825587 - ETPRO MOBILE_MALWARE Android/Spy.Banker.IE Checkin
(mobile_malware.rules)
  2825588 - ETPRO MOBILE_MALWARE Android/Spy.Banker.IE Checkin 2
(mobile_malware.rules)
  2825589 - ETPRO TROJAN Samsam Ransomware Domain in SSL Client Hello
(trojan.rules)
  2825590 - ETPRO TROJAN Samsam Ransomware Domain in SSL Client Hello
(trojan.rules)
  2825591 - ETPRO EXPLOIT Possible Internet Explorer 11 UXSS
(CVE-2017-0154) M2 (exploit.rules)
  2825592 - ETPRO TROJAN DNS Query to Sage Domain (we0sgd . com)
(trojan.rules)
  2825593 - ETPRO TROJAN DNS Query to Sage Domain (lfsjkad . net)
(trojan.rules)
  2825594 - ETPRO TROJAN DNS Query to Sage Domain (yio3lvx . com)
(trojan.rules)
  2825595 - ETPRO TROJAN DNS Query to Cerber Domain (1pglcs . top)
(trojan.rules)
  2825596 - ETPRO TROJAN DNS Query to Cerber Domain (1js3tl . top)
(trojan.rules)
  2825597 - ETPRO TROJAN DNS Query to Cerber Domain (12t3rn . top)
(trojan.rules)
  2825598 - ETPRO TROJAN DNS Query to Cerber Domain (1cewld . top)
(trojan.rules)
  2825599 - ETPRO TROJAN DNS Query to TorrentLocker Domain (hoptrop . pl)
(trojan.rules)
  2825600 - ETPRO TROJAN DNS Query to TorrentLocker Domain (mailteam . pl)
(trojan.rules)
  2825601 - ETPRO TROJAN DNS Query to TorrentLocker Domain (frontymen . pl)
(trojan.rules)
  2825602 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-03-24 1) (trojan.rules)
  2825603 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-03-24 2) (trojan.rules)
  2825604 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-03-24 3) (trojan.rules)
  2825605 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-03-24 4) (trojan.rules)
  2825606 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-03-24 5) (trojan.rules)


 [---]  Disabled and modified rules:  [---]

  2824316 - ETPRO WEB_CLIENT Possible Adobe Reader (CVE-2017-2946)
(web_client.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170324/33835a02/attachment.html>


More information about the Emerging-updates mailing list