Daily Ruleset Update Summary 2017/11/29

[***]            Summary:            [***]

5 new Pro. Magniber Domains, MSIL.ThorCrypt Coinminer.

[+++]          Added rules:          [+++]

Pro:

2828713 - ETPRO TROJAN Magniber C2 Domain (466z01c24629j4mwba7 in DNS Lookup) (trojan.rules)
2828714 - ETPRO TROJAN Magniber C2 Domain (a65m0f2s2c8jqnm1z23 in DNS Lookup) (trojan.rules)
2828715 - ETPRO TROJAN Magniber C2 Domain (jmo3s4fsck7dl2r6k06 in DNS Lookup) (trojan.rules)
2828716 - ETPRO TROJAN Magniber C2 Domain (n03dnfbwe16ykbg09q3 in DNS Lookup) (trojan.rules)
2828717 - ETPRO TROJAN Magniber C2 Domain (uto8fy4yb29t21h90xs in DNS Lookup) (trojan.rules)
2828718 - ETPRO TROJAN Magniber C2 Domain (xbe90fo28cw428780p9 in DNS Lookup) (trojan.rules)
2828719 - ETPRO TROJAN Magniber C2 Domain (y6k59ks6m902oi2946i in DNS Lookup) (trojan.rules)
2828720 - ETPRO TROJAN Magniber C2 Domain (yju358dfc5rgh56ir19 in DNS Lookup) (trojan.rules)
2828721 - ETPRO TROJAN MSIL.ThorCrypt Coinminer Retrieving Module (trojan.rules)
2828722 - ETPRO TROJAN Win32/1ms0rry CoinMiner Botnet CnC Checkin M2 (trojan.rules)
2828723 - ETPRO TROJAN Ars Stealer CnC Checkin (trojan.rules)
2828724 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-11-29 1) (trojan.rules)
2828725 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-11-29 2) (trojan.rules)
2828726 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-11-29 3) (trojan.rules)
2828727 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-11-29 4) (trojan.rules)

[///]     Modified active rules:     [///]

2002400 - ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) (user_agents.rules)
2014543 - ET CURRENT_EVENTS TDS Sutra - request in.cgi (current_events.rules)
2018096 - ET TROJAN W32/Asprox.ClickFraudBot CnC Beacon (trojan.rules)
2020181 - ET TROJAN WIN32/KOVTER.B Checkin (trojan.rules)
2024980 - ET EXPLOIT Actiontec C1000A backdoor account M2 (exploit.rules)
2024996 - ET WEB_CLIENT Google Chrome XSS (CVE-2017-5124) (web_client.rules)
2025070 - ET TROJAN Win32/Atraps Receiving Config via Image File (steganography) (trojan.rules)
2025080 - ET EXPLOIT Actiontec C1000A backdoor account M1 (exploit.rules)
2806327 - ETPRO MALWARE Adware/PCMega.J Install (malware.rules)
2808004 - ETPRO MALWARE Win32.AdWare.Midia (malware.rules)
2814962 - ETPRO MALWARE Win32/Adware.MaxDriver.A Variant Activity (malware.rules)
2828688 - ETPRO USER_AGENTS IoT FamilyHub UA (Tizen) (user_agents.rules)

[---]  Disabled and modified rules:  [---]

2013901 - ET TROJAN Suspicious User Agent GeneralDownloadApplication (trojan.rules)

[---]         Removed rules:         [---]

2803117 - ETPRO USER_AGENTS Suspicious User-Agent (GeneralDownloadApplication) (user_agents.rules)
2804796 - ETPRO WEB_CLIENT Microsoft Rich Text File download with vulnerable ActiveX control flowbit set 1 (web_client.rules)
2804797 - ETPRO WEB_CLIENT Microsoft Rich Text File download with vulnerable ActiveX control flowbit set 2 (web_client.rules)
2804798 - ETPRO WEB_CLIENT Microsoft Rich Text File download with vulnerable ActiveX control flowbit set 3 (web_client.rules)
2804909 - ETPRO WEB_CLIENT Hostile Microsoft Rich Text File (RTF) with corrupted listoverride (web_client.rules)
2804921 - ETPRO WEB_CLIENT Microsoft Excel file download - SET 1 (web_client.rules)
2809464 - ETPRO TROJAN Vawtrak/NeverQuest Posting Data (trojan.rules)
2809465 - ETPRO TROJAN Vawtrak/NeverQuest Posting Data (trojan.rules)
2812679 - ETPRO TROJAN Vawtrak/NeverQuest CnC Beacon (trojan.rules)
2820646 - ETPRO NETBIOS Tree Connect AndX Request IPC$ Unicode (netbios.rules)
2828632 - ETPRO WEB_CLIENT Adobe Acrobat PDF Reader use after free JavaScript engine (CVE-2017-16393) (web_client.rules)

Date: 
Wednesday, November 29, 2017 - 00:00