[Emerging-updates] Daily Ruleset Update Summary 2017/11/29

Travis Green tgreen at emergingthreats.net
Wed Nov 29 13:50:40 EST 2017


[***]            Summary:            [***]

5 new Pro. Magniber Domains, MSIL.ThorCrypt Coinminer.


 [+++]          Added rules:          [+++]

Pro:

  2828713 - ETPRO TROJAN Magniber C2 Domain (466z01c24629j4mwba7 in DNS
Lookup) (trojan.rules)
  2828714 - ETPRO TROJAN Magniber C2 Domain (a65m0f2s2c8jqnm1z23 in DNS
Lookup) (trojan.rules)
  2828715 - ETPRO TROJAN Magniber C2 Domain (jmo3s4fsck7dl2r6k06 in DNS
Lookup) (trojan.rules)
  2828716 - ETPRO TROJAN Magniber C2 Domain (n03dnfbwe16ykbg09q3 in DNS
Lookup) (trojan.rules)
  2828717 - ETPRO TROJAN Magniber C2 Domain (uto8fy4yb29t21h90xs in DNS
Lookup) (trojan.rules)
  2828718 - ETPRO TROJAN Magniber C2 Domain (xbe90fo28cw428780p9 in DNS
Lookup) (trojan.rules)
  2828719 - ETPRO TROJAN Magniber C2 Domain (y6k59ks6m902oi2946i in DNS
Lookup) (trojan.rules)
  2828720 - ETPRO TROJAN Magniber C2 Domain (yju358dfc5rgh56ir19 in DNS
Lookup) (trojan.rules)
  2828721 - ETPRO TROJAN MSIL.ThorCrypt Coinminer Retrieving Module
(trojan.rules)
  2828722 - ETPRO TROJAN Win32/1ms0rry CoinMiner Botnet CnC Checkin M2
(trojan.rules)
  2828723 - ETPRO TROJAN Ars Stealer CnC Checkin (trojan.rules)
  2828724 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-29 1) (trojan.rules)
  2828725 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-29 2) (trojan.rules)
  2828726 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-29 3) (trojan.rules)
  2828727 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-29 4) (trojan.rules)


 [///]     Modified active rules:     [///]

  2002400 - ET USER_AGENTS Suspicious User Agent (Microsoft Internet
Explorer) (user_agents.rules)
  2014543 - ET CURRENT_EVENTS TDS Sutra - request in.cgi
(current_events.rules)
  2018096 - ET TROJAN W32/Asprox.ClickFraudBot CnC Beacon (trojan.rules)
  2020181 - ET TROJAN WIN32/KOVTER.B Checkin (trojan.rules)
  2024980 - ET EXPLOIT Actiontec C1000A backdoor account M2 (exploit.rules)
  2024996 - ET WEB_CLIENT Google Chrome XSS (CVE-2017-5124)
(web_client.rules)
  2025070 - ET TROJAN Win32/Atraps Receiving Config via Image File
(steganography) (trojan.rules)
  2025080 - ET EXPLOIT Actiontec C1000A backdoor account M1 (exploit.rules)
  2806327 - ETPRO MALWARE Adware/PCMega.J Install (malware.rules)
  2808004 - ETPRO MALWARE Win32.AdWare.Midia (malware.rules)
  2814962 - ETPRO MALWARE Win32/Adware.MaxDriver.A Variant Activity
(malware.rules)
  2828688 - ETPRO USER_AGENTS IoT FamilyHub UA (Tizen) (user_agents.rules)


 [---]  Disabled and modified rules:  [---]

  2013901 - ET TROJAN Suspicious User Agent GeneralDownloadApplication
(trojan.rules)


 [---]         Removed rules:         [---]

  2803117 - ETPRO USER_AGENTS Suspicious User-Agent
(GeneralDownloadApplication) (user_agents.rules)
  2804796 - ETPRO WEB_CLIENT Microsoft Rich Text File download with
vulnerable ActiveX control flowbit set 1 (web_client.rules)
  2804797 - ETPRO WEB_CLIENT Microsoft Rich Text File download with
vulnerable ActiveX control flowbit set 2 (web_client.rules)
  2804798 - ETPRO WEB_CLIENT Microsoft Rich Text File download with
vulnerable ActiveX control flowbit set 3 (web_client.rules)
  2804909 - ETPRO WEB_CLIENT Hostile Microsoft Rich Text File (RTF) with
corrupted listoverride (web_client.rules)
  2804921 - ETPRO WEB_CLIENT Microsoft Excel file download - SET 1
(web_client.rules)
  2809464 - ETPRO TROJAN Vawtrak/NeverQuest Posting Data (trojan.rules)
  2809465 - ETPRO TROJAN Vawtrak/NeverQuest Posting Data (trojan.rules)
  2812679 - ETPRO TROJAN Vawtrak/NeverQuest CnC Beacon (trojan.rules)
  2820646 - ETPRO NETBIOS Tree Connect AndX Request IPC$ Unicode
(netbios.rules)
  2828632 - ETPRO WEB_CLIENT Adobe Acrobat PDF Reader use after free
JavaScript engine (CVE-2017-16393) (web_client.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20171129/1a1f62a8/attachment.html>


More information about the Emerging-updates mailing list