Daily Ruleset Update Summary 2017/02/13

[***] Summary: [***]

6 new Open signatures, 44 new Pro (6 + 38). Qadars, SunDown EK, Pegasus, Kovter.

Thanks, James Lay, @cyber_attacks and @FiloSottile.

[+++]          Added rules:          [+++]

Open:

2023893 - ET TROJAN Qadars CnC DNS Lookup (bst2bgxin81a.org) (trojan.rules)
2023894 - ET TROJAN Qadars CnC DNS Lookup (websecuranalityc.com) (trojan.rules)
2023895 - ET TROJAN Qadars CnC DNS Lookup (liveskansys.com) (trojan.rules)
2023896 - ET EXPLOIT Possible Ticketbleed Client Hello (CVE-2016-9244) (exploit.rules)
2023897 - ET EXPLOIT Possible Ticketbleed Server Hello (CVE-2016-9244) (exploit.rules)
2023898 - ET TROJAN Possible Pegasus Related DNS Lookup (iusacell-movil .com.mx) (trojan.rules)
2023899 - ET TROJAN Possible Pegasus Related DNS Lookup (smsmensaje .mx) (trojan.rules)

Pro:

2824894 - ETPRO TROJAN MSIL/Unk.HTTP Bot CnC Activity (trojan.rules)
2824895 - ETPRO CURRENT_EVENTS Successful Office 365 Phish Feb 12 2017 (current_events.rules)
2824896 - ETPRO TROJAN Ransomware CnC DNS Lookup (btbord . org) (trojan.rules)
2824897 - ETPRO MALWARE Win32/Adware.Ymeta.A CnC Beacon (malware.rules)
2824898 - ETPRO MOBILE_MALWARE Android/SMSreg.TD Checkin 2 (mobile_malware.rules)
2824899 - ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2017 M1 (current_events.rules)
2824900 - ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2017 M2 (current_events.rules)
2824901 - ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2017 M3 (current_events.rules)
2824902 - ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2017 M4 (current_events.rules)
2824903 - ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2017 M5 (current_events.rules)
2824904 - ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2017 M6 (current_events.rules)
2824905 - ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2017 M7 (current_events.rules)
2824906 - ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2017 M8 (current_events.rules)
2824907 - ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2017 M9 (current_events.rules)
2824908 - ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2017 10 (current_events.rules)
2824909 - ETPRO CURRENT_EVENTS Possible SunDown EK Payload Feb 13 2017 (current_events.rules)
2824910 - ETPRO CURRENT_EVENTS Possible Secondary SunDown EK Landing URI Struct Jan 05 2017 (current_events.rules)
2824911 - ETPRO CURRENT_EVENTS SunDown EK Prefilter Feb 13 2017 (current_events.rules)
2824912 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-02-13 1) (trojan.rules)
2824913 - ETPRO TROJAN Malicious SSL Certificate Detected (Gootkit C2) (trojan.rules)
2824914 - ETPRO TROJAN Possible Remcos/Remvio DNS Lookup (trojan.rules)
2824915 - ETPRO POLICY Possible GameVance HTTP Request (policy.rules)
2824916 - ETPRO MOBILE_MALWARE PUA Android/Odpa.A Checkin (mobile_malware.rules)
2824917 - ETPRO TROJAN Win32/Kovter.A Connectivy Check (trojan.rules)
2824918 - ETPRO TROJAN Malicious SSL Certificate Detected (Gootkit C2) (trojan.rules)
2824919 - ETPRO TROJAN Win32/Zbot Client Checkin M3 (trojan.rules)
2824920 - ETPRO MOBILE_MALWARE Android/Monitor.Mytrackp.C Checkin (mobile_malware.rules)
2824921 - ETPRO TROJAN Banker.Win32.Alreay DNS Lookup (trojan.rules)
2824922 - ETPRO CURRENT_EVENTS Successful Microsoft Live Email Account Phish Feb 13 2017 (current_events.rules)
2824923 - ETPRO CURRENT_EVENTS Apple Phishing Landing M1 Feb 13 2017 (current_events.rules)
2824924 - ETPRO CURRENT_EVENTS Apple Phishing Landing M2 Feb 13 2017 (current_events.rules)
2824925 - ETPRO CURRENT_EVENTS Successful Khaleeji Commercial Bank Phish Feb 13 2017 (current_events.rules)
2824926 - ETPRO CURRENT_EVENTS Successful Societe Generale (FR) Phish M1 Feb 13 2017 (current_events.rules)
2824927 - ETPRO CURRENT_EVENTS Successful Societe Generale (FR) Phish M2 Feb 13 2017 (current_events.rules)
2824928 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M1 Feb 13 2017 (current_events.rules)
2824929 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M2 Feb 13 2017 (current_events.rules)
2824930 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M3 Feb 13 2017 (current_events.rules)
2824931 - ETPRO TROJAN Observed Malicious JS Domain in SSL SNI (trojan.rules)

[///]     Modified active rules:     [///]

2811866 - ETPRO MOBILE_MALWARE Android/SMSreg.TD Checkin (mobile_malware.rules)
2821840 - ETPRO MOBILE_MALWARE Android/SMForw.MV Checkin (mobile_malware.rules)
2823855 - ETPRO CURRENT_EVENTS SunDown EK Flash Exploit Dec 13 2016 (current_events.rules)
 

Date: 
Monday, February 13, 2017 - 00:00