Daily Ruleset Update Summary 2017/02/08

[***] Summary: [***]

3 new Open signatures, 36 new Pro (3 + 33). Alreay Banker, KilerRAT, TorrentLocker, Serpent Ransomware, RocketKitten.

Thanks: Jeremy MJ.

[+++]          Added rules:          [+++]

Open:

2023884 - ET TROJAN Banker.Win32.Alreay DNS Lookup (tradeboard .mefound .com) (trojan.rules)
2023885 - ET TROJAN Banker.Win32.Alreay DNS Lookup (movis-es .ignorelist .com) (trojan.rules)
2023886 - ET TROJAN Banker.Win32.Alreay DNS Lookup (exbonus .mrbasic .com) (trojan.rules)

Pro:

2824829 - ETPRO TROJAN KilerRAT Variant CnC Command (ll) (trojan.rules)
2824830 - ETPRO TROJAN KilerRAT Variant CnC Command (Screen Capture) (trojan.rules)
2824831 - ETPRO TROJAN KilerRAT Variant CnC Command Response (inv) (trojan.rules)
2824832 - ETPRO TROJAN KilerRAT Variant CnC Command (Get Passwords) (trojan.rules)
2824833 - ETPRO TROJAN KilerRAT Variant CnC Command (Remote Desktop) (trojan.rules)
2824834 - ETPRO TROJAN KilerRAT Variant CnC Command (Remote Desktop) (trojan.rules)
2824835 - ETPRO TROJAN KilerRAT Variant CnC Command (act) (trojan.rules)
2824836 - ETPRO TROJAN KilerRAT Variant CnC Command (inf) (trojan.rules)
2824837 - ETPRO TROJAN Win32/Agent.RSY AIM Signon (trojan.rules)
2824838 - ETPRO TROJAN Win32/Agent.RSY AIM Sending Machine Info (trojan.rules)
2824839 - ETPRO TROJAN Win32/Agent.RSY AIM Sending Machine Info (trojan.rules)
2824840 - ETPRO TROJAN Win32/Agent.RSY AIM Sending Machine Info (trojan.rules)
2824841 - ETPRO WEB_SERVER Expression Engine CMS Type Juggling Exploit Attempt (web_server.rules)
2824842 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2) (trojan.rules)
2824843 - ETPRO MALWARE Win32/DownloadAdmin.AA PUP CnC Beacon (malware.rules)
2824844 - ETPRO MALWARE Win32/Rising.B PUP CnC Beacon (malware.rules)
2824845 - ETPRO MALWARE PUP/MailRu.B CnC Beacon (malware.rules)
2824846 - ETPRO TROJAN Win32/Spy.Banker.ACVB CnC Beacon (trojan.rules)
2824848 - ETPRO TROJAN Odinaff Malicious SSL Certificate Detected (trojan.rules)
2824849 - ETPRO TROJAN Serpent Ransomware Onion Domain (trojan.rules)
2824850 - ETPRO TROJAN Serpent Ransomware Domain (trojan.rules)
2824851 - ETPRO TROJAN Serpent Ransomware Domain (trojan.rules)
2824852 - ETPRO TROJAN Digisom Ransomware CnC Checkin (trojan.rules)
2824853 - ETPRO TROJAN RocketKitten Win32.Diple.gtyj CnC Beacon (trojan.rules)
2824854 - ETPRO CURRENT_EVENTS Successful Adobe PDF Phish M1 Feb 08 2017 (current_events.rules)
2824855 - ETPRO CURRENT_EVENTS Successful Adobe PDF Phish M2 Feb 08 2017 (current_events.rules)
2824856 - ETPRO CURRENT_EVENTS Successful Santander Bank (BR) Phish Feb 08 2017 (current_events.rules)
2824857 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Mobile Phish M1 Feb 08 2017 (current_events.rules)
2824858 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Mobile Phish M2 Feb 08 2017 (current_events.rules)
2824859 - ETPRO CURRENT_EVENTS Successful Sparkasse Bank (DE) Phish Feb 08 2017 (current_events.rules)
2824860 - ETPRO CURRENT_EVENTS Successful Outlook (FR) Phish Feb 08 2017 (current_events.rules)
2824861 - ETPRO CURRENT_EVENTS Successful DHL Phish (Meta HTTP-Equiv Refresh) Feb 08 2017 (current_events.rules)
2824862 - ETPRO CURRENT_EVENTS Successful Mailbox Validation Phish Feb 08 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2803851 - ETPRO WEB_CLIENT Microsoft Internet Explorer remote code execution via option element (web_client.rules)
2816102 - ETPRO CURRENT_EVENTS Successful Generic Phish (Redirect to Download PDF) Feb 8 (current_events.rules)
2824134 - ETPRO CURRENT_EVENTS Successful Generic Phish (Meta HTTP-Equiv Refresh) Dec 29 2016 (current_events.rules)
 

Date: 
Wednesday, February 8, 2017 - 00:00