Daily Ruleset Update Summary 2017/02/28

[***] Summary: [***]

7 new Open signatures, 18 new Pro (7 + 11). Pteranodon Backdoor, Gamaredon, Infostealer.Bancos ProxyChanger.

[+++]          Added rules:          [+++]

Open:

2024022 - ET TROJAN Pteranodon Backdoor Checkin (trojan.rules)
2024023 - ET TROJAN Pteranodon Backdoor CnC POST (trojan.rules)
2024024 - ET TROJAN Pteranodon Variant 1 Backdoor Checkin (trojan.rules)
2024025 - ET TROJAN Pteranodon Variant 2 Backdoor Checkin (trojan.rules)
2024026 - ET TROJAN Pteranodon Variant 3 Backdoor Checkin (trojan.rules)
2024027 - ET TROJAN Gamaredon File Stealer POST (trojan.rules)
2024028 - ET TROJAN Infostealer.Bancos ProxyChanger Checkin (trojan.rules)

Pro:

2825152 - ETPRO MALWARE MSIL/Adware.Dotdo.AP Checkin 2 (malware.rules)
2825153 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.NM Checkin (mobile_malware.rules)
2825154 - ETPRO MOBILE_MALWARE Android/Mseg.B CnC Beacon (mobile_malware.rules)
2825155 - ETPRO CURRENT_EVENTS MalDoc Retrieving Payload Feb 28 2017 (current_events.rules)
2825156 - ETPRO TROJAN DNS Query to Cerber Domain (14kfoz . top) (trojan.rules)
2825157 - ETPRO TROJAN DNS Query to Cerber Domain (13g2v9 . top) (trojan.rules)
2825158 - ETPRO TROJAN DNS Query to Cerber Domain (1daq6h . top) (trojan.rules)
2825159 - ETPRO TROJAN DNS Query to Cerber Domain (1jh5kv . top) (trojan.rules)
2825160 - ETPRO TROJAN DNS Query to Cerber Domain (1kq4l8 . top) (trojan.rules)
2825161 - ETPRO TROJAN DNS Query to Cerber Domain (1ebvqb . top) (trojan.rules)
2825162 - ETPRO TROJAN DNS Query to Cerber Domain (1bywu2 . top) (trojan.rules)

[---]  Disabled and modified rules:  [---]

2809512 - ETPRO EXPLOIT Possible IPMI 1.5 Session-ID Exploit Attempt CVE-2014-8272 (exploit.rules)
 

Date: 
Tuesday, February 28, 2017 - 00:00