Daily Ruleset Update Summary 2017/02/07

[***] Summary: [***]

8 new Open signatures, 34 new Pro (8 + 26). iKittens OSX malware, Terror EK, Serpent Ransomware.

Thanks: Kevin Branch.

[+++]          Added rules:          [+++]

Open:

2023876 - ET TROJAN Possible iKittens OSX MacDownloader CNC Beacon (trojan.rules)
2023877 - ET TROJAN iKittens OSX MacDownloader DNS Lookup (officialswebsites .info) (trojan.rules)
2023878 - ET CURRENT_EVENTS Terror EK Landing M1 Feb 07 2016 M1 (current_events.rules)
2023879 - ET CURRENT_EVENTS Terror EK Landing M1 Feb 07 2016 M2 (current_events.rules)
2023880 - ET CURRENT_EVENTS Possible Successful Craigslist Phishing Domain Feb 07 2017 (current_events.rules)
2023881 - ET CURRENT_EVENTS Possible Craigslist Phishing Domain Feb 07 2017 (current_events.rules)
2023882 - ET INFO HTTP Request to a *.top domain (info.rules)
2023883 - ET DNS Query to a *.top domain - Likely Hostile (dns.rules)

Pro:

2824798 - ETPRO TROJAN Win32.Bunitu DNS Lookup (trojan.rules)
2824799 - ETPRO TROJAN Lets Encrypt Free SSL Cert Observed in Possible American Express Phishing (trojan.rules)
2824800 - ETPRO TROJAN Lets Encrypt Free SSL Cert Observed in Possible Apple iCloud Phishing (trojan.rules)
2824801 - ETPRO TROJAN Lets Encrypt Free SSL Cert Observed in Possible Paypal Phishing (trojan.rules)
2824802 - ETPRO TROJAN Win32/BlueHeaven Checkin  (trojan.rules)
2824803 - ETPRO CURRENT_EVENTS Successful Generic Anonisma Phish Feb 06 2017 (current_events.rules)
2824804 - ETPRO MOBILE_MALWARE Android/Agent.EB Checkin (mobile_malware.rules)
2824805 - ETPRO MOBILE_MALWARE Android.Trojan.FakeInst.AR Checkin (mobile_malware.rules)
2824806 - ETPRO TROJAN Unknown Backdoor SSL Cert (legitimate compromised site) (trojan.rules)
2824807 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Feb 07 2017 (current_events.rules)
2824808 - ETPRO TROJAN Win32/Serpent Ransomware Checkin (trojan.rules)
2824809 - ETPRO CURRENT_EVENTS Successful Adobe PDF Phish M1 Feb 07 2017 (current_events.rules)
2824810 - ETPRO CURRENT_EVENTS Successful Adobe PDF Phish M2 Feb 07 2017 (current_events.rules)
2824811 - ETPRO CURRENT_EVENTS Successful Adobe PDF Phish M3 Feb 07 2017 (current_events.rules)
2824812 - ETPRO CURRENT_EVENTS Successful Craigslist Phish Feb 07 2017 (current_events.rules)
2824813 - ETPRO CURRENT_EVENTS Successful IRS Phish Feb 07 2017 (current_events.rules)
2824814 - ETPRO CURRENT_EVENTS Successful Tangerine Bank Phish Feb 07 2017 (current_events.rules)
2824815 - ETPRO POLICY Observed Tor Browser Bundle Download (policy.rules)
2824816 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-02-07 1) (trojan.rules)
2824817 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-02-07 2) (trojan.rules)
2824818 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth (NDg3emFCckplRDdXSEtmc3UzTXc2dmVlVDNoTFZlc3dWNm5FR0VFUGlqUjFNdUc4cnJZSzFIQmFWWjg3b1IxaXBHR1NmcndiWWd1Ym5HOWprcnkySjhpUTk3VVZBdG06eA==) (trojan.rules)
2824819 - ETPRO TROJAN DNS Query to Cerber Domain (145rzb . top) (trojan.rules)
2824820 - ETPRO TROJAN DNS Query to Cerber Domain (1c4zie . top) (trojan.rules)
2824821 - ETPRO TROJAN DNS Query to Cerber Domain (1feasu . top) (trojan.rules)
2824822 - ETPRO TROJAN DNS Query to Cerber Domain (u25sbm . bid) (trojan.rules)
2824823 - ETPRO TROJAN DNS Query to Cerber Domain (7ud98m . bid) (trojan.rules)

[///]     Modified active rules:     [///]

2023832 - ET DOS SMB Tree_Connect Stack Overflow Attempt (CVE-2017-0016) (dos.rules)
2023873 - ET POLICY DNS Query to Hamas Terrorist Propaganda TV Channel (aqsatv.ps) (policy.rules)
2023874 - ET POLICY Hamas Terrorist Propaganda TV Channel (aqsatv.ps) (policy.rules)
2820781 - ETPRO TROJAN Possible APT SWC Redirecting to PluginDetect/Evercookie Landing June 21 2016 (trojan.rules)
 

Date: 
Tuesday, February 7, 2017 - 00:00