[Emerging-updates] Daily Ruleset Update Summary 2017/11/10

Travis Green tgreen at emergingthreats.net
Fri Nov 10 11:21:03 EST 2017


[***]            Summary:            [***]

20 new Pro. MSIL/Adware.iBryte.H Variant, Various Phishing, Various Mobile.


[+++]          Added rules:          [+++]

Pro:

 2828601 - ETPRO MALWARE MSIL/Adware.iBryte.H Variant Checkin
(malware.rules)
 2828602 - ETPRO CURRENT_EVENTS Apple Phishing Landing Nov 10 2017
(current_events.rules)
 2828603 - ETPRO CURRENT_EVENTS Successful Telstra Phish Nov 10 2017
(current_events.rules)
 2828604 - ETPRO CURRENT_EVENTS Successful Impots.gouv.fr Phish Nov 10 2017
(current_events.rules)
 2828605 - ETPRO CURRENT_EVENTS Successful Apple Phish M1 Nov 10 2017
(current_events.rules)
 2828606 - ETPRO CURRENT_EVENTS Successful Apple Phish M2 Nov 10 2017
(current_events.rules)
 2828607 - ETPRO CURRENT_EVENTS Successful Amazon Phish Nov 10 2017
(current_events.rules)
 2828608 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish Nov 10 2017
(current_events.rules)
 2828609 - ETPRO TROJAN Cerber Domain Observed (12kb9j .top in DNS Lookup)
(trojan.rules)
 2828610 - ETPRO TROJAN Cerber Domain Observed (12kb9j .top in TLS SNI)
(trojan.rules)
 2828611 - ETPRO TROJAN Cerber Domain Observed (12u5fl .top in DNS Lookup)
(trojan.rules)
 2828612 - ETPRO TROJAN Cerber Domain Observed (12u5fl .top in TLS SNI)
(trojan.rules)
 2828613 - ETPRO TROJAN Cerber Domain Observed (1aweql .top in DNS Lookup)
(trojan.rules)
 2828614 - ETPRO TROJAN Cerber Domain Observed (1aweql .top in TLS SNI)
(trojan.rules)
 2828615 - ETPRO TROJAN Cerber Domain Observed (bestergo .pw in DNS Lookup)
(trojan.rules)
 2828616 - ETPRO TROJAN Cerber Domain Observed (bestergo .pw in TLS SNI)
(trojan.rules)
 2828617 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
245 (mobile_malware.rules)
 2828618 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-10 1) (trojan.rules)
 2828619 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-10 2) (trojan.rules)
 2828620 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-10 3) (trojan.rules)


[///]     Modified active rules:     [///]

 2024420 - ET TROJAN MalDoc Retrieving Malicious Payload (Possibly Ursnif)
(trojan.rules)
 2812900 - ETPRO CURRENT_EVENTS Successful Telstra Phish M1 Sept 04 2015
(current_events.rules)


[---]  Disabled and modified rules:  [---]

 2103195 - GPL NETBIOS name query overflow attempt TCP (netbios.rules)


[---]         Disabled rules:        [---]

 2007570 - ET MALWARE User-Agent (Dummy) (malware.rules)
 2007575 - ET MALWARE User-Agent (AntiSpyware) - Likely 2squared.com
related (malware.rules)
 2007690 - ET MALWARE IEDefender (iedefender.com) Fake Antispyware User
Agent (IEDefender 2.1) (malware.rules)
 2007692 - ET TROJAN Basine Trojan Checkin (trojan.rules)
 2007759 - ET MALWARE Alfaantivirus.com Fake Anti-Virus User-Agent (IM
Download) (malware.rules)
 2007772 - ET MALWARE User-Agent (Internet Explorer (compatible))
(malware.rules)
 2007808 - ET USER_AGENTS Cashpoint.com Related checkin User-Agent
(inetinst) (user_agents.rules)
 2007809 - ET MALWARE Doctorvaccine.co.kr Related Spyware-User Agent (ers)
(malware.rules)
 2007810 - ET USER_AGENTS Cashpoint.com Related checkin User-Agent
(okcpmgr) (user_agents.rules)
 2007864 - ET TROJAN Banload HTTP Checkin Detected (trojan.rules)
 2007899 - ET MALWARE User-Agent (HTTP_CONNECT) (malware.rules)
 2007901 - ET TROJAN Banker.OPX HTTP Checkin (trojan.rules)
 2007935 - ET MALWARE Geopia.com Fake Anti-Spyware/AV User-Agent
(fs3update) (malware.rules)
 2007938 - ET MALWARE Geopia.com Fake Anti-Spyware/AV User-Agent
(fian3manager) (malware.rules)
 2007940 - ET TROJAN Banker.ili HTTP Checkin (trojan.rules)
 2007946 - ET MALWARE User-Agent (popup) (malware.rules)
 2007947 - ET MALWARE Nguide.co.kr Fake Security Tool User-Agent (nguideup)
(malware.rules)
 2007957 - ET TROJAN Banker.ike UDP C&C (trojan.rules)
 2007958 - ET MALWARE Msconfig.co.kr Related User Agent (BACKMAN)
(malware.rules)
 2007959 - ET MALWARE Msconfig.co.kr Related User-Agent (GLOBALx)
(malware.rules)
 2007977 - ET MALWARE Dokterfix.com Fake AV User-Agent (Magic NetInstaller)
(malware.rules)
 2007979 - ET TROJAN Backdoor.Win32.VB.brg C&C Reporting Version
(trojan.rules)
 2007980 - ET TROJAN Backdoor.Win32.VB.brg C&C Kill Command Send
(trojan.rules)
 2007981 - ET TROJAN Backdoor.Win32.VB.brg C&C Kill Command Acknowledge
(trojan.rules)
 2007982 - ET TROJAN Backdoor.Win32.VB.brg C&C DDoS Outbound (trojan.rules)
 2007984 - ET TROJAN Banker Trojan (General) HTTP Checkin (trojan.rules)
 2007993 - ET MALWARE User-Agent (2 spaces) (malware.rules)
 2008000 - ET MALWARE Easydownloadsoft.com Fake Anti-Virus User-Agent (IM
Downloader) (malware.rules)
 2008046 - ET USER_AGENTS Rf-cheats.ru Trojan Related User-Agent (RFRudokop
v.1.1 account verification) (user_agents.rules)
 2008066 - ET MALWARE Blank User-Agent (descriptor but no string)
(malware.rules)
 2008145 - ET MALWARE Speed-runner.com Fake Speed Test User-Agent
(SRInstaller) (malware.rules)
 2008146 - ET MALWARE Speed-runner.com Fake Speed Test User-Agent
(SpeedRunner) (malware.rules)
 2008150 - ET MALWARE Avsystemcare.com Fake AV User-Agent (LocusSoftware
NetInstaller) (malware.rules)
 2008151 - ET MALWARE Speed-runner.com Fake Speed Test User-Agent
(SRRecover) (malware.rules)
 2008190 - ET MALWARE WinButler User-Agent (WinButler) (malware.rules)
 2008198 - ET MALWARE Pcclear.co.kr/Pcclear.com Fake AV User-Agent
(PCClearPlus) (malware.rules)
 2008202 - ET MALWARE UbrenQuatroRusDldr Downloader User-Agent
(UbrenQuatroRusDldr 096044) (malware.rules)
 2008203 - ET MALWARE BndVeano4GetDownldr Downloader User-Agent
(BndVeano4GetDownldr) (malware.rules)
 2008204 - ET MALWARE yeps.co.kr Related User-Agent (ISecu) (malware.rules)
 2008205 - ET MALWARE yeps.co.kr Related User-Agent (ISUpd) (malware.rules)
 2008267 - ET TROJAN Banker.JU Related HTTP Post-infection Checkin
(trojan.rules)
 2008273 - ET TROJAN Bifrose Connect to Controller (trojan.rules)
 2008320 - ET TROJAN Banload Gadu-Gadu CnC Message Detected (trojan.rules)
 2008368 - ET TROJAN Unknown Keylogger checkin (trojan.rules)
 2008465 - ET TROJAN Backdoor Possible Backdoor.Cow Varient
(Backdoor.Win32.Agent.lam) C&C traffic (trojan.rules)
 2008484 - ET MALWARE Cleancop.co.kr Fake AV User-Agent (CleancopUpdate)
(malware.rules)
 2008485 - ET MALWARE Searchtool.co.kr Fake Product User-Agent
(searchtoolup) (malware.rules)
 2008502 - ET TROJAN Antispywareexpert.com Fake AS Install Checkin
(trojan.rules)
 2008507 - ET TROJAN Backdoor.Win32.VB.fdi Bot Reporting to Controller
(trojan.rules)
 2008511 - ET TROJAN Win32/Antivirus2008 Fake AV Install Report
(trojan.rules)
 2008519 - ET TROJAN Win32.Agent.zrm/Infostealer.Bancos Checkin
(trojan.rules)
 2008531 - ET TROJAN Infected System Looking up chr.santa-inbox.com CnC
Server (trojan.rules)
 2008549 - ET MALWARE Systemdoctor.com/Antivir2008 related Fake Anti-Virus
User-Agent (AntivirXP) (malware.rules)
 2008608 - ET USER_AGENTS WinFixer Trojan Related User-Agent (ElectroSun)
(user_agents.rules)
 2008647 - ET MALWARE Internet-antivirus.com Related Fake AV User-Agent
(Update Internet Antivirus) (malware.rules)
 2008656 - ET MALWARE AV2010 Rogue Security Application User-Agent (AV2010)
(malware.rules)
 2008681 - ET MALWARE iframebiz - /qwertyuiyw12ertyuytre/adv***.php
(malware.rules)
 2008742 - ET MALWARE Admoke/Adload.AFB!tr.dldr Checkin (malware.rules)
 2008743 - ET MALWARE User-Agent (bdsclk) - Possible Admoke Admware
(malware.rules)
 2008753 - ET MALWARE AdWare.Win32.Yokbar Checkin URL (malware.rules)
 2008757 - ET MALWARE Zenosearch Malware Checkin HTTP POST (malware.rules)
 2008839 - ET MALWARE AdWare.Win32.MWGuide checkin (malware.rules)
 2008840 - ET MALWARE AdWare.Win32.MWGuide keepalive (malware.rules)
 2008894 - ET MALWARE Popupblockade.com Spyware Related User-Agent
(PopupBlockade/1.63.0.2/Reg) (malware.rules)
 2009021 - ET MALWARE User-Agent (IE_6.0) (malware.rules)
 2009111 - ET MALWARE User-Agent (get_site1) (malware.rules)
 2009124 - ET MALWARE User-Agent (GETJOB) (malware.rules)
 2009129 - ET TROJAN Bifrose Response from Controller (PING PONG)
(trojan.rules)
 2009150 - ET MALWARE Viruskill.co.kr Fake AV User-Agent Detected
(virus_kill) (malware.rules)
 2009172 - ET TROJAN Psyb0t joining an IRC Channel (trojan.rules)
 2009289 - ET MALWARE No-ad.co.kr Fake AV Related User-Agent (U2Clean)
(malware.rules)
 2009297 - ET TROJAN Boaxxe HTTP POST Checkin (trojan.rules)
 2009349 - ET TROJAN Metafisher/Bzub/Cimuz/Tanspy Reporting User Activity
(trojan.rules)
 2009408 - ET TROJAN Patcher/Bankpatch V2 Communication with Controller
(trojan.rules)
 2009409 - ET TROJAN Patcher/Bankpatch Module Download Request
(trojan.rules)
 2009438 - ET MALWARE User-Agent (Mozilla/4.8 ru) (malware.rules)
 2009439 - ET MALWARE User-Agent (HelpSrvc) (malware.rules)
 2009453 - ET TROJAN BANLOAD Downloader GET Checkin (trojan.rules)
 2009487 - ET TROJAN Downloader Possible AV KILLER (trojan.rules)
 2009540 - ET TROJAN PCFlashbang.com Spyware Checkin (PCFlashBangA)
(trojan.rules)
 2009750 - ET TROJAN Banker/Bancos/Infostealer Possible Rootkit - HTTP HEAD
Request (trojan.rules)
 2009765 - ET MALWARE Pivim Multibar User-Agent (Pivim Multibar)
(malware.rules)
 2009796 - ET MALWARE FakeAV Windows Protection Suite/ReleaseXP.exe
User-Agent (Releasexp) (malware.rules)
 2009812 - ET TROJAN AVKiller with Backdoor checkin (trojan.rules)
 2009863 - ET TROJAN Banker Trojan CnC Hello Command (trojan.rules)
 2009995 - ET MALWARE User-Agent (ONANDON) (malware.rules)
 2010050 - ET TROJAN Likely Fake Antivirus Download Antivirus_21.exe
(trojan.rules)
 2010051 - ET TROJAN Likely Fake Antivirus Download ws.exe (trojan.rules)
 2010054 - ET TROJAN Likely TDSS Download (codec.exe) (trojan.rules)
 2010059 - ET TROJAN Likely Infostealer exe Download (trojan.rules)
 2010062 - ET TROJAN Likely Fake Antivirus Download AntivirusPlus.exe
(trojan.rules)
 2010148 - ET TROJAN DHL Spam Inbound (trojan.rules)
 2010218 - ET MALWARE Win32/InternetAntivirus User-Agent (Internet
Antivirus Pro) (malware.rules)
 2010266 - ET TROJAN Banload Checkin (trojan.rules)
 2010333 - ET MALWARE User-Agent (CrazyBro) (malware.rules)
 2010346 - ET TROJAN Ultimate HAckerz Team User-Agent (Made by
UltimateHackerzTeam) - Likely Trojan Report (trojan.rules)
 2010452 - ET TROJAN Potential Fake AV GET installer.1.exe (trojan.rules)
 2010453 - ET TROJAN Potential Fake AV GET installer_1.exe (trojan.rules)
 2010684 - ET TROJAN Likely Fake Antivirus Download Setup_2012.exe
(trojan.rules)
 2010696 - ET TROJAN Aurora Backdoor (C&C) connection CnC response
(trojan.rules)
 2010718 - ET TROJAN Gootkit Checkin User-Agent (Gootkit HTTP Client)
(trojan.rules)
 2010790 - ET TROJAN Bredavi Configuration Update Response (trojan.rules)
 2010904 - ET MALWARE Fake Mozilla User-Agent (Mozilla/0.xx) Inbound
(malware.rules)
 2010905 - ET MALWARE Fake Mozilla UA Outbound (Mozilla/0.xx)
(malware.rules)
 2010909 - ET TROJAN Arucer Command Execution (trojan.rules)
 2010910 - ET TROJAN Arucer DIR Listing (trojan.rules)
 2010911 - ET TROJAN Arucer WRITE FILE command (trojan.rules)
 2010912 - ET TROJAN Arucer READ FILE Command (trojan.rules)
 2010914 - ET TROJAN Arucer FIND FILE Command (trojan.rules)
 2010915 - ET TROJAN Arucer YES Command (trojan.rules)
 2010916 - ET TROJAN Arucer ADD RUN ONCE Command (trojan.rules)
 2010917 - ET TROJAN Arucer DEL FILE Command (trojan.rules)
 2011087 - ET MALWARE User-Agent (gomtour) (malware.rules)
 2011101 - ET MALWARE Recuva User-Agent (OpenPage) - likely trojan dropper
(malware.rules)
 2011105 - ET MALWARE User-Agent (i-scan) (malware.rules)
 2011148 - ET TROJAN Unknown Malware Download Request (trojan.rules)
 2011199 - ET TROJAN Outbound AVISOSVB MSSQL Request (trojan.rules)
 2011229 - ET MALWARE User-Agent (Suggestion) (malware.rules)
 2011679 - ET MALWARE User-Agent (dbcount) (malware.rules)
 2011691 - ET MALWARE Hotbar Agent User-Agent (PinballCorp) (malware.rules)
 2011718 - ET MALWARE User-Agent (RangeCheck/0.1) (malware.rules)
 2012583 - ET WEB_SPECIFIC_APPS ardeaCore PHP Framework appMVCPath
Parameter Remote File Inclusion Attempt (web_specific_apps.rules)
 2012584 - ET WEB_SPECIFIC_APPS ardeaCore PHP Framework CURRENT_BLOG_PATH
Parameter Remote File Inclusion Attempt (web_specific_apps.rules)
 2012604 - ET WEB_SPECIFIC_APPS ardeaCore PHP Framework appMVCPath
Parameter Remote File Inclusion Attempt (web_specific_apps.rules)
 2012605 - ET WEB_SPECIFIC_APPS ardeaCore PHP Framework CURRENT_BLOG_PATH
Parameter Remote File Inclusion Attempt (web_specific_apps.rules)
 2805559 - ETPRO TROJAN Spy.298841 Checkin (trojan.rules)
 2805561 - ETPRO TROJAN W32/Banbra.AVBB!tr Checkin (trojan.rules)
 2805562 - ETPRO TROJAN W32/VB.PGK!tr.dldr Checkin (trojan.rules)
 2805569 - ETPRO USER_AGENTS Win32/Adware.Kraddare.FS User-Agent(inter)
(user_agents.rules)
 2805575 - ETPRO TROJAN Win32/Chiviper.C Checkin (trojan.rules)
 2805576 - ETPRO TROJAN Win32/Chiviper.C Checkin response (trojan.rules)
 2805577 - ETPRO TROJAN W32/VBKrypt.MFXS!tr Checkin (trojan.rules)
 2805580 - ETPRO TROJAN Win32/Tufik.A Checkin (trojan.rules)
 2805584 - ETPRO SCADA Sinapsi eSolar Light Photovoltaic System Monitor
Login with hard coded account (scada.rules)
 2805585 - ETPRO SCADA Sinapsi eSolar Light Photovoltaic System Monitor
arbitrary command execution (scada.rules)
 2805587 - ETPRO TROJAN Trojan.Win32.Genome.aaxmm Checkin 2 (trojan.rules)
 2805589 - ETPRO TROJAN TR/Spy.Keylogg.AE.1 Checkin (trojan.rules)
 2805590 - ETPRO TROJAN W32/AutoIt.OU!tr Checkin (trojan.rules)
 2805594 - ETPRO TROJAN Exploit.PDF Checkin (trojan.rules)
 2805595 - ETPRO TROJAN Banload.XP Checkin (trojan.rules)
 2805600 - ETPRO TROJAN Win32.Agent.cuep Checkin (trojan.rules)
 2805603 - ETPRO MALWARE Win32/Adware.WiseLook.C Checkin (malware.rules)
 2805604 - ETPRO TROJAN Win32/Dunik!rts Checkin (trojan.rules)
 2805605 - ETPRO TROJAN Hoax.Win32.FakeHack.bj Checkin (trojan.rules)
 2805606 - ETPRO TROJAN Hotbar/Clickpotato.tv Checkin 2 (trojan.rules)
 2805609 - ETPRO TROJAN Xtrat/xRAT Checkin (trojan.rules)
 2805611 - ETPRO TROJAN Backdoor.Win32.Xdoor.21 Checkin (trojan.rules)
 2805612 - ETPRO TROJAN Win32/Banload.ALA MySQL Login (trojan.rules)
 2805613 - ETPRO TROJAN Trojan-DDoS.MSIL.Arcdoor.n Proxy Registration
(trojan.rules)
 2805614 - ETPRO TROJAN Troj/FakeAV-GBS Checkin (trojan.rules)
 2805618 - ETPRO TROJAN Worm.Win32/Hamweq.A Checkin (trojan.rules)
 2805622 - ETPRO TROJAN Trojan.Downloader.JuW at aqhxAYdi Checkin
(trojan.rules)
 2805623 - ETPRO TROJAN Win32/Banload.ALA CnC Response (trojan.rules)
 2805625 - ETPRO USER_AGENTS User-Agent (Kaka) (user_agents.rules)
 2805626 - ETPRO TROJAN Unknown Checkin (trojan.rules)
 2805627 - ETPRO TROJAN Backdoor.Win32.EggDrop.v IRC request (trojan.rules)
 2805630 - ETPRO TROJAN Email-Worm.Win32.Zhelatin.cj Checkin (trojan.rules)
 2805633 - ETPRO MALWARE AdWare.Win32.Kwsearchguide!IK Install
(malware.rules)
 2805634 - ETPRO TROJAN TROJ_GEN.RCBH1JN Checkin (trojan.rules)
 2805635 - ETPRO MALWARE Adware.DirectDownloader Checkin (malware.rules)
 2805639 - ETPRO TROJAN Virus.Trojan.Win32.Agent.gam Checkin (trojan.rules)
 2805640 - ETPRO TROJAN Backdoor.Win32.PcClient.cqm Checkin (trojan.rules)
 2805645 - ETPRO TROJAN TROJ_GEN.F47V1005 CnC traffic (trojan.rules)
 2805647 - ETPRO MALWARE Downloader.Genome.dbey Command receive
(malware.rules)
 2805648 - ETPRO MALWARE Adware.MWS Checkin (malware.rules)
 2805650 - ETPRO TROJAN Downloader.Win32.Agent.afrw Checkin  (trojan.rules)
 2805652 - ETPRO TROJAN Variant.Kazy.95254 Checkin (trojan.rules)
 2805655 - ETPRO TROJAN Win32/Spy.Banker.XKV SQL Traffic (trojan.rules)
 2805659 - ETPRO TROJAN Win32/Dofoil.R Checkin (trojan.rules)
 2805662 - ETPRO MALWARE Unknown Malware Checkin (malware.rules)
 2805666 - ETPRO TROJAN Trojan-Downloader.Win32.FraudLoad.zdmn Redirection
(trojan.rules)
 2805673 - ETPRO TROJAN Worm.Win32/Vobfus.GD Checkin (trojan.rules)
 2805674 - ETPRO TROJAN Virus.Win32.Virut.a Proxy Registration
(trojan.rules)
 2805676 - ETPRO TROJAN Win32/FakeMSA.gen!A Checkin (trojan.rules)
 2805677 - ETPRO TROJAN W32/VBNA.B!worm Checkin (trojan.rules)
 2805678 - ETPRO TROJAN Worm.Win32/Vobfus.GD Checkin 2 (trojan.rules)
 2805682 - ETPRO NETBIOS Microsoft Windows Explorer Briefcase Database File
Integer Underflow (netbios.rules)
 2805684 - ETPRO NETBIOS Microsoft Windows Explorer Briefcase Database
Integer Overflow (netbios.rules)
 2805695 - ETPRO TROJAN W32/Delfloader.B.gen!Eldorado Checkin 2
(trojan.rules)
 2805696 - ETPRO TROJAN TR/Agent.1657856.1 Checkin (trojan.rules)
 2805697 - ETPRO TROJAN Backdoor.Win32.Shiz.dkg Checkin (trojan.rules)
 2805698 - ETPRO TROJAN WORM_MEDBOT.AI Checkin (trojan.rules)
 2805699 - ETPRO TROJAN W32/Dropper.P!tr Checkin (trojan.rules)
 2805700 - ETPRO TROJAN Trojan.Win32.Agent2.fjpq Checkin (trojan.rules)
 2805701 - ETPRO TROJAN Win32/Phintok.A Checkin 1 (trojan.rules)
 2805707 - ETPRO TROJAN Backdoor.Win32.DarkMoon.BE Checkin 1 (trojan.rules)
 2805708 - ETPRO TROJAN Backdoor.Win32.DarkMoon.BE Checkin 2 (trojan.rules)
 2805710 - ETPRO TROJAN PSW.LdPinch.NCB Reporting via SMTP (trojan.rules)
 2805711 - ETPRO TROJAN Trojan.Win32.Llac.cxaz Checkin (trojan.rules)
 2805712 - ETPRO TROJAN W32/Banker.ULW!tr Checkin (trojan.rules)
 2805714 - ETPRO TROJAN Win32/Tinxy.A / Worm.Win32.Koobface Checkin
(trojan.rules)
 2805715 - ETPRO TROJAN Trojan.Win32.Agent.angq / Worm.Win32.Koobface
Checkin (trojan.rules)
 2805716 - ETPRO TROJAN Win32.Doldow Trojan Checkin (trojan.rules)
 2805719 - ETPRO TROJAN Trojan-Proxy.Win32.Small.ai Checkin (trojan.rules)
 2805724 - ETPRO TROJAN Win32/Small.gen!M js check-in (trojan.rules)
 2805725 - ETPRO TROJAN Win32/Small.gen!M gif check (trojan.rules)
 2805726 - ETPRO TROJAN Win32/Small.gen!M Possible js C2 (trojan.rules)
 2805727 - ETPRO TROJAN Win32/Zlob.W Checkin (trojan.rules)
 2805728 - ETPRO TROJAN Win32.VB.bec/Genlot.AZI Checkin (trojan.rules)
 2805729 - ETPRO TROJAN liquid backdoor Checkin (trojan.rules)
 2805731 - ETPRO TROJAN Trojan-PSW.Win32.QQDragon.y Checkin (trojan.rules)
 2805732 - ETPRO TROJAN Backdoor Boomie.A Checkin Response/Egg Download
Command (trojan.rules)
 2805733 - ETPRO TROJAN Win32/Virut.BN Checkin 3 (trojan.rules)
 2805734 - ETPRO TROJAN Win32.Virtob Trojan Checkin (trojan.rules)
 2805735 - ETPRO TROJAN Backdoor Boomie.A Checkin Command 2 (trojan.rules)
 2805737 - ETPRO TROJAN Win32.Worm.Winko.I Checkin (trojan.rules)
 2805742 - ETPRO TROJAN Win32.HLLW.MyBot sending info (trojan.rules)
 2805744 - ETPRO MALWARE Adware.Kraddare!11iB0o+IEDU CnC 1 (malware.rules)
 2805745 - ETPRO MALWARE Adware.Kraddare!11iB0o+IEDU CnC 2 (malware.rules)
 2805746 - ETPRO TROJAN W32/Onlinegames.QNT!tr Checkin (trojan.rules)
 2805747 - ETPRO TROJAN Win32/Zegost.B CnC (trojan.rules)
 2805750 - ETPRO MALWARE Adware.Agent.FJ Checkin (malware.rules)
 2805751 - ETPRO TROJAN Trojan-Proxy.Win32.Ranky Checkin (trojan.rules)
 2805753 - ETPRO TROJAN Trojan/Genome.jpl Checkin (trojan.rules)
 2805754 - ETPRO TROJAN Trojan.Fakealert Checkin (trojan.rules)
 2805757 - ETPRO WEB_SPECIFIC_APPS Symantec Messaging Gateway 9.5.3-3 -
Arbitrary file download 1 (web_specific_apps.rules)
 2805760 - ETPRO TROJAN Trojan.Win32.Besysad.a / TROJ_SMALL.AHF Checkin
(trojan.rules)
 2805763 - ETPRO TROJAN W32/Dloader.IRQ!tr Checkin (trojan.rules)
 2805764 - ETPRO TROJAN Win32/Frethem.S at mm Checkin (trojan.rules)
 2805766 - ETPRO TROJAN Win32/AgentBypass.gen!G Checkin 2 (trojan.rules)
 2805767 - ETPRO TROJAN Win32/Spy.Agent.OBQ / Backdoor.Win32.Nosrawec
Checkin (trojan.rules)
 2805769 - ETPRO TROJAN Trojan.Win32.Klovbot Checkin (trojan.rules)
 2805770 - ETPRO TROJAN Backdoor.Hallifez.A Trojan Checkin (trojan.rules)
 2805772 - ETPRO TROJAN Trojan-Ransomware Checkin (trojan.rules)
 2805774 - ETPRO TROJAN Backdoor.Ceckno.A Checkin (1) (trojan.rules)
 2805777 - ETPRO TROJAN Trojan-Proxy.Win32.Agent.di / TROJ_MSGINA.B Checkin
(trojan.rules)
 2805780 - ETPRO MALWARE AdWare.Win32.KSG.vl Checkin (malware.rules)
 2805805 - ETPRO TROJAN Win32.Downloader-RGC Downloading executable
(trojan.rules)
 2805807 - ETPRO TROJAN Win32/Comisproc Checkin (trojan.rules)
 2805822 - ETPRO TROJAN Android/Gmaster.A Checkin (trojan.rules)
 2805823 - ETPRO TROJAN Win32/Injector.Autoit.CI Checkin (trojan.rules)
 2805824 - ETPRO TROJAN Mal/FakeSg-B Checkin (trojan.rules)
 2805825 - ETPRO TROJAN Backdoor.Win32.Rbot.kkw Checkin (trojan.rules)
 2805836 - ETPRO TROJAN ponmocup Checkin 1 (trojan.rules)
 2805837 - ETPRO TROJAN ponmocup Checkin 2 (trojan.rules)
 2805838 - ETPRO TROJAN .Win32.Vobfus Trojan UA ????[A-F] (trojan.rules)
 2805839 - ETPRO TROJAN Win32/Tibs.gen!G / Trojan-Downloader.Win32.Zlob.jsq
Checkin (trojan.rules)
 2805846 - ETPRO TROJAN Cryp_Xin2/Clicker.Win32.Small.zy Checkin 3 qfa
(trojan.rules)
 2805848 - ETPRO MOBILE_MALWARE Exploit.Andr.Lotoor Checkin
(mobile_malware.rules)
 2805857 - ETPRO TROJAN Virus.Win32.Virut.a Proxy Registration 2
(trojan.rules)


[---]         Removed rules:         [---]

 2009028 - ET MALWARE 404 Response with an EXE Attached - Likely Malware
Drop (malware.rules)
 2010868 - ET MALWARE Incorrectly formatted User-Agent string (dashes
instead of semicolons) Likely Hostile (malware.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20171110/7193da71/attachment-0001.html>


More information about the Emerging-updates mailing list