[Emerging-updates] Daily Ruleset Update Summary 2017/11/22

Francis Trudeau ftrudeau at emergingthreats.net
Wed Nov 22 14:05:50 EST 2017


 [***] Summary: [***]

 6 new Open signatures, 17 new Pro (6 + 11).  NanoCore, CoinMiners.

 Thanks:  @AttackDetection

 [+++]          Added rules:          [+++]

 Open:

  2025014 - ET MOBILE_MALWARE Android/TrojanDropper.Agent.BKY DNS
Lookup 1 (mobile_malware.rules)
  2025015 - ET MOBILE_MALWARE Android/TrojanDropper.Agent.BKY DNS
Lookup 2 (mobile_malware.rules)
  2025016 - ET MOBILE_MALWARE Android/TrojanDropper.Agent.BKY DNS
Lookup 3 (mobile_malware.rules)
  2025017 - ET MOBILE_MALWARE Android/TrojanDropper.Agent.BKY DNS
Lookup 4 (mobile_malware.rules)
  2025018 - ET TROJAN Possible NanoCore C2 64B (trojan.rules)
  2025019 - ET TROJAN Possible NanoCore C2 60B (trojan.rules)

 Pro:

  2828689 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-22 1) (trojan.rules)
  2828690 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-22 2) (trojan.rules)
  2828691 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-22 3) (trojan.rules)
  2828692 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-22 4) (trojan.rules)
  2828693 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-22 5) (trojan.rules)
  2828694 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-22 6) (trojan.rules)
  2828695 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-22 7) (trojan.rules)
  2828696 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-22 8) (trojan.rules)
  2828697 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-22 9) (trojan.rules)
  2828698 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-22 10) (trojan.rules)
  2828699 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-22 11) (trojan.rules)


 [///]     Modified active rules:     [///]

  2017707 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic
(OUTBOUND) 4 (trojan.rules)
  2024420 - ET TROJAN MalDoc Retrieving Malicious Payload (Possibly
Ursnif) (trojan.rules)


More information about the Emerging-updates mailing list