Daily Ruleset Update Summary 2017/02/22

[***] Summary: [***]

1 new Open signature, 29 new Pro. VenusLocker, Loda Logger, Kovter.

Thanks: Jeremy MJ.

[+++]          Added rules:          [+++]

Open:

2024006 - ET INFO Opera Adblocker Update Flowbit Set (info.rules)

Pro:

2825063 - ETPRO TROJAN PowerShell Empire Request HTTP Pattern (trojan.rules)
2825064 - ETPRO TROJAN PowerShell Empire Response HTTP Pattern (trojan.rules)
2825065 - ETPRO TROJAN Spora .onion Proxy Domain (trojan.rules)
2825066 - ETPRO TROJAN W32/VenusLocker Ransomware Desktop Background Image GET Request 2 (trojan.rules)
2825067 - ETPRO TROJAN W32/VenusLocker Ransomware Key Generation (trojan.rules)
2825068 - ETPRO TROJAN W32/VenusLocker Ransomware Key Generation Success (trojan.rules)
2825069 - ETPRO CURRENT_EVENTS Successful IRS Phish M1 Feb 22 2017 (current_events.rules)
2825070 - ETPRO CURRENT_EVENTS Successful IRS Phish M2 Feb 22 2017 (current_events.rules)
2825071 - ETPRO CURRENT_EVENTS Successful IRS Phish M3 Feb 22 2017 (current_events.rules)
2825072 - ETPRO CURRENT_EVENTS Unk.MalDoc CnC Checkin (current_events.rules)
2825073 - ETPRO CURRENT_EVENTS Evil Redirector Leading to Kovter Soceng Feb 21 2017 (current_events.rules)
2825074 - ETPRO TROJAN Kovter Soceng SSL Certificate Detected (trojan.rules)
2825075 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-02-21 1) (trojan.rules)
2825076 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-02-21 2) (trojan.rules)
2825077 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-02-21 3) (trojan.rules)
2825078 - ETPRO TROJAN DNS Query to Cerber Domain (12c8ff . top) (trojan.rules)
2825079 - ETPRO TROJAN DNS Query to Cerber Domain (1dyzdh . top) (trojan.rules)
2825080 - ETPRO TROJAN DNS Query to Cerber Domain (13upky . top) (trojan.rules)
2825081 - ETPRO TROJAN DNS Query to Cerber Domain (1gqqsc . top) (trojan.rules)
2825082 - ETPRO TROJAN DNS Query to Cerber Domain (1cggqc . top) (trojan.rules)
2825083 - ETPRO TROJAN DNS Query to Cerber Domain (12ulcz . top) (trojan.rules)
2825084 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Shedun.Z Config Download (mobile_malware.rules)
2825085 - ETPRO TROJAN Loda Logger Screenshot Request (trojan.rules)
2825086 - ETPRO TROJAN Loda Logger Module Download Request (trojan.rules)
2825087 - ETPRO TROJAN Loda Logger Module Execute Request (trojan.rules)
2825088 - ETPRO TROJAN Loda Logger List Disk Drives Request (trojan.rules)
2825089 - ETPRO TROJAN Loda Logger List Desktop Files Request (trojan.rules)
2825090 - ETPRO TROJAN Loda Logger List Disk Drive Files Request (trojan.rules)

[///]     Modified active rules:     [///]

2014545 - ET CURRENT_EVENTS TDS Sutra - page redirecting to a SutraTDS (current_events.rules)
2022466 - ET CURRENT_EVENTS Possible Keitaro TDS Redirect (current_events.rules)
2809563 - ETPRO MOBILE_MALWARE Android.Trojan.Lovespy.D Checkin (mobile_malware.rules)
2812559 - ETPRO CURRENT_EVENTS Successful Impots.gouv.fr Phish Aug 20 1 (current_events.rules)
2822116 - ETPRO TROJAN Loda Logger CnC Beacon (trojan.rules)
2822117 - ETPRO TROJAN Loda Logger CnC Beacon Response (trojan.rules)
2822647 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Oct 14 2016 (current_events.rules)
2824604 - ETPRO MOBILE_MALWARE Anubis Android Loader Checkin (mobile_malware.rules)
 

Date: 
Wednesday, February 22, 2017 - 00:00