Daily Ruleset Update Summary 2017/03/16

[***] Summary: [***]

28 new Open signatures, 39 new Pro (28 + 11). MagikPOS, Gozi, vxCrypt Ransomware.

Thanks: @abuse_ch

[+++]          Added rules:          [+++]

 Open:

2024064 - ET TROJAN MagikPOS Downloader Retrieving Payload (trojan.rules)
2024065 - ET SHELLCODE Linux/x86-64 - Reverse Shell Shellcode (shellcode.rules)
2024066 - ET TROJAN MagikPOS Downloader Checkin (trojan.rules)
2024067 - ET TROJAN MagikPOS CnC Beacon (trojan.rules)
2024068 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (trojan.rules)
2024069 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (trojan.rules)
2024070 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (trojan.rules)
2024071 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Android Marcher C2) (trojan.rules)
2024072 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (trojan.rules)
2024073 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (trojan.rules)
2024074 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (trojan.rules)
2024075 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (trojan.rules)
2024076 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (trojan.rules)
2024077 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Chthonic MITM) (trojan.rules)
2024078 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (trojan.rules)
2024079 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (trojan.rules)
2024080 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (trojan.rules)
2024081 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (trojan.rules)
2024082 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (trojan.rules)
2024083 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (trojan.rules)
2024084 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (trojan.rules)
2024085 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (trojan.rules)
2024086 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (trojan.rules)
2024087 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (trojan.rules)
2024088 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (trojan.rules)
2024089 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (trojan.rules)
2024090 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (trojan.rules)
2024091 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (trojan.rules)

Pro:

2825474 - ETPRO TROJAN MSIL/vxCrypt Ransomware CnC Checkin (trojan.rules)
2825475 - ETPRO TROJAN MSIL/Unk.CoinMiner CnC Checkin (trojan.rules)
2825476 - ETPRO MOBILE_MALWARE Android.Monitor.MobileSpy.I Checkin 2 (mobile_malware.rules)
2825477 - ETPRO TROJAN Crypt.Blue FUD Crypter Request M1 (trojan.rules)
2825478 - ETPRO TROJAN Crypt.Blue FUD Crypter Request M2 (trojan.rules)
2825479 - ETPRO MOBILE_MALWARE Android/AdDisplay.Clevernet.A Checkin (mobile_malware.rules)
2825480 - ETPRO MOBILE_MALWARE Android.Trojan.SMSBot.C CnC Beacon (mobile_malware.rules)
2825481 - ETPRO CURRENT_EVENTS Successful Microsoft Live Email Account Phish Mar 15 2017 (current_events.rules)
2825482 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Stiniter.a Checkin (mobile_malware.rules)
2825483 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Stiniter.a CnC Beacon (mobile_malware.rules)
2825484 - ETPRO INFO DYNAMIC_DNS Query to a Suspicious *.punkdns.pw Domain (info.rules)

[///]     Modified active rules:     [///]

2002400 - ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) (user_agents.rules)
2012810 - ET POLICY HTTP Request to a *.tk domain (policy.rules)
2018403 - ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe (trojan.rules)
 

Date: 
Thursday, March 16, 2017 - 00:00