Daily Ruleset Update Summary 2017/03/24

[***] Summary: [***]

23 new Pro signatures. Misdat/Poldat, Samsam Ransomware, CVE-2017-0154.

[+++]          Added rules:          [+++]

2825584 - ETPRO TROJAN Targeted Unknown Bot CnC Beacon (trojan.rules)
2825585 - ETPRO TROJAN Misdat/Poldat Variant CnC Beacon (trojan.rules)
2825586 - ETPRO TROJAN SpyLuk RAT Checkin (trojan.rules)
2825587 - ETPRO MOBILE_MALWARE Android/Spy.Banker.IE Checkin (mobile_malware.rules)
2825588 - ETPRO MOBILE_MALWARE Android/Spy.Banker.IE Checkin 2 (mobile_malware.rules)
2825589 - ETPRO TROJAN Samsam Ransomware Domain in SSL Client Hello (trojan.rules)
2825590 - ETPRO TROJAN Samsam Ransomware Domain in SSL Client Hello (trojan.rules)
2825591 - ETPRO EXPLOIT Possible Internet Explorer 11 UXSS (CVE-2017-0154) M2 (exploit.rules)
2825592 - ETPRO TROJAN DNS Query to Sage Domain (we0sgd . com) (trojan.rules)
2825593 - ETPRO TROJAN DNS Query to Sage Domain (lfsjkad . net) (trojan.rules)
2825594 - ETPRO TROJAN DNS Query to Sage Domain (yio3lvx . com) (trojan.rules)
2825595 - ETPRO TROJAN DNS Query to Cerber Domain (1pglcs . top) (trojan.rules)
2825596 - ETPRO TROJAN DNS Query to Cerber Domain (1js3tl . top) (trojan.rules)
2825597 - ETPRO TROJAN DNS Query to Cerber Domain (12t3rn . top) (trojan.rules)
2825598 - ETPRO TROJAN DNS Query to Cerber Domain (1cewld . top) (trojan.rules)
2825599 - ETPRO TROJAN DNS Query to TorrentLocker Domain (hoptrop . pl) (trojan.rules)
2825600 - ETPRO TROJAN DNS Query to TorrentLocker Domain (mailteam . pl) (trojan.rules)
2825601 - ETPRO TROJAN DNS Query to TorrentLocker Domain (frontymen . pl) (trojan.rules)
2825602 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-03-24 1) (trojan.rules)
2825603 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-03-24 2) (trojan.rules)
2825604 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-03-24 3) (trojan.rules)
2825605 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-03-24 4) (trojan.rules)
2825606 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-03-24 5) (trojan.rules)

[---]  Disabled and modified rules:  [---]

2824316 - ETPRO WEB_CLIENT Possible Adobe Reader (CVE-2017-2946) (web_client.rules)
 

Date: 
Friday, March 24, 2017 - 00:00