[Emerging-updates] Daily Ruleset Update Summary 2017/11/21

Francis Trudeau ftrudeau at emergingthreats.net
Tue Nov 21 10:22:18 EST 2017


 [***] Summary: [***]

 25 new Pro signatures.  Lazarus, Various MalDocs.

 [+++]          Added rules:          [+++]

  2828652 - ETPRO POLICY LabTechAgent PUA CnC Checkin (policy.rules)
  2828665 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc HTA Download)
(trojan.rules)
  2828666 - ETPRO TROJAN Observed Malicious MalDoc HTA DL Domain In SNI
(fbcom .review) (trojan.rules)
  2828667 - ETPRO TROJAN MSIL/Agent.ATK POST to CnC (trojan.rules)
  2828668 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL)
(current_events.rules)
  2828669 - ETPRO TROJAN Observed Malicious MalDoc DL Domain In SNI
(temizlikhizmetleri .net) (trojan.rules)
  2828670 - ETPRO INFO Dynamic DNS Domain (*.punkdns .top in DNS Lookup)
(info.rules)
  2828671 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus Domain Request in
SNI SET 1 (mobile_malware.rules)
  2828672 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus Domain Request in
SNI SET 2 (mobile_malware.rules)
  2828673 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus Domain Request in
SNI SET 3 (mobile_malware.rules)
  2828674 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus Domain Request in
SNI SET 4 (mobile_malware.rules)
  2828675 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus Domain Request in
SNI SET 5 (mobile_malware.rules)
  2828676 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus Domain Request in
SNI SET 6 (mobile_malware.rules)
  2828677 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus Domain Request in
SNI SET 7 (mobile_malware.rules)
  2828678 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus Domain Request in
SNI SET 8 (mobile_malware.rules)
  2828679 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus Domain Request in
SNI SET 9 (mobile_malware.rules)
  2828680 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus Domain Request in
SNI SET 10 (mobile_malware.rules)
  2828681 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus Domain Request in
SNI SET 11 (mobile_malware.rules)
  2828682 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus Domain Request in
SNI SET 12 (mobile_malware.rules)
  2828683 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus Domain Request in
SNI SET 13 (mobile_malware.rules)
  2828684 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus Domain Request in
SNI SET 14 (mobile_malware.rules)
  2828685 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus Domain Request in
SNI SET 15 (mobile_malware.rules)
  2828686 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus Domain Request in
SNI SET 16 (mobile_malware.rules)
  2828687 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus SSL CnC Cert
(mobile_malware.rules)
  2828688 - ETPRO USER_AGENTS IoT FamilyHub UA (Tizen) (user_agents.rules)


 [///]     Modified active rules:     [///]

  2011582 - ET POLICY Vulnerable Java Version 1.6.x Detected (policy.rules)
  2014297 - ET POLICY Vulnerable Java Version 1.7.x Detected (policy.rules)
  2019401 - ET POLICY Vulnerable Java Version 1.8.x Detected (policy.rules)
  2826995 - ETPRO MALWARE PUA Win32/SlimCleaner Checkin (malware.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20171121/289cd54a/attachment.html>


More information about the Emerging-updates mailing list