Daily Ruleset Update Summary 2017/05/01

[***]            Summary:            [***]

1 new Open, 21 new Pro (1 + 20). APT10 DNS, Jorgee Scan, Various Phishing

Thanks: Nathan Fowler, @MS_ISAC

[+++]          Added rules:          [+++]

Open:

2024265 - ET WEB_SERVER Jorgee Scan (web_server.rules)

Pro:

2826183 - ETPRO TROJAN APT.ChChes CnC Beacon 3 (trojan.rules)
2826184 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup (app.lehigtapp .com) (trojan.rules)
2826185 - ETPRO TROJAN ABUSE.CH TorrentLocker Payment Page (2ymh2gnnbg6pgq2r) (trojan.rules)
2826186 - ETPRO TROJAN ABUSE.CH TorrentLocker Payment Domain (micronit . tw) (trojan.rules)
2826187 - ETPRO TROJAN ABUSE.CH TorrentLocker Payment Domain (winregion . tw) (trojan.rules)
2826188 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup (area.wthelpdesk .com) (trojan.rules)
2826189 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup (dick.ccfchrist .com) (trojan.rules)
2826190 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup (fukuoka.cloud-maste .com) (trojan.rules)
2826191 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup (inspgon.re26 .com) (trojan.rules)
2826192 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup (jepsen.r3u8 .com) (trojan.rules)
2826193 - ETPRO TROJAN ABUSE.CH TorrentLocker Payment Domain (flackbon . tw) (trojan.rules)
2826194 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup (jimin.jimindaddy .com) (trojan.rules)
2826195 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup (kawasaki.unhamj .com) (trojan.rules)
2826196 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup (nttdata.otzo .com) (trojan.rules)
2826197 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup (sakai.unhamj .com) (trojan.rules)
2826198 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup (scorpion.poulsenv .com) (trojan.rules)
2826199 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup (trout.belowto .com) (trojan.rules)
2826200 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup (zebra.wthelpdesk .com) (trojan.rules)
2826201 - ETPRO TROJAN Carbanak VBS/GGLDR v2 CnC Beacon 2 (trojan.rules)
2826202 - ETPRO MALWARE Wizzcaster Adware/PUP Checkin M2 (malware.rules)

[///]     Modified active rules:     [///]

2009949 - ET WEB_SERVER Tilde in URI - potential .pl source disclosure vulnerability (web_server.rules)
2009950 - ET WEB_SERVER Tilde in URI - potential .inc source disclosure vulnerability (web_server.rules)
2009951 - ET WEB_SERVER Tilde in URI - potential .conf source disclosure vulnerability (web_server.rules)
2009952 - ET WEB_SERVER Tilde in URI - potential .asp source disclosure vulnerability (web_server.rules)
2009953 - ET WEB_SERVER Tilde in URI - potential .aspx source disclosure vulnerability (web_server.rules)
2009955 - ET WEB_SERVER Tilde in URI - potential .php~ source disclosure vulnerability (web_server.rules)
2010820 - ET WEB_SERVER Tilde in URI - potential .cgi source disclosure vulnerability (web_server.rules)
2014934 - ET CURRENT_EVENTS FoxxySoftware - Landing Page (current_events.rules)
2019714 - ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile (current_events.rules)
2023765 - ET TROJAN Betabot Checkin 5 (trojan.rules)
2024173 - ET TROJAN Red Leaves magic packet detected (APT10 implant) (trojan.rules)
2024174 - ET TROJAN Red Leaves magic packet response detected (APT10 implant) (trojan.rules)

[---]         Removed rules:         [---]

2008492 - ET TROJAN Win32.Downloader.pgp Checkin (trojan.rules)
2811710 - ETPRO WEB_SERVER Jorgee Scan (web_server.rules)
 

Date: 
Monday, May 1, 2017 - 00:00