Daily Ruleset Update Summary 2017/11/30

[***]            Summary:            [***]

6 new Pro. Java/TNJ, Coinminers.

[+++]          Added rules:          [+++]

Pro:

2828728 - ETPRO TROJAN Java/TNJ RAT Checkin (trojan.rules)
2828729 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-11-30 1) (trojan.rules)
2828730 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-11-30 2) (trojan.rules)
2828731 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-11-30 3) (trojan.rules)
2828732 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-11-30 4) (trojan.rules)
2828733 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-11-30 5) (trojan.rules)

[///]     Modified active rules:     [///]

2008020 - ET WORM Win32.Socks.s HTTP Post Checkin (worm.rules)
2008603 - ET USER_AGENTS Suspicious User-Agent Detected (RLMultySocket) (user_agents.rules)
2009714 - ET WEB_SERVER Script tag in URI Possible Cross Site Scripting Attempt (web_server.rules)
2010963 - ET WEB_SERVER SELECT USER SQL Injection Attempt in URI (web_server.rules)
2012619 - ET USER_AGENTS Suspicious User-Agent Mozilla/3.0 (user_agents.rules)
2012956 - ET DNS DNS Query for a Suspicious *.co.tv domain (dns.rules)
2013030 - ET POLICY libwww-perl User-Agent (policy.rules)
2013031 - ET POLICY Python-urllib/ Suspicious User Agent (policy.rules)
2013213 - ET INFO DYNAMIC_DNS HTTP Request to a 3322.net Domain *.3322.org (info.rules)
2014484 - ET INFO DYNAMIC_DNS Query to a *.bbsindex.com Domain (info.rules)
2015633 - ET INFO DYNAMIC_DNS Query to Abused Domain *.mooo.com (info.rules)
2015976 - ET TROJAN WORM_VOBFUS Checkin Generic (trojan.rules)
2016748 - ET TROJAN RansomCrypt Intial Check-in (trojan.rules)
2016810 - ET CURRENT_EVENTS Tor2Web .onion Proxy Service SSL Cert (2) (current_events.rules)
2016967 - ET TROJAN W32/Symmi Remote File Injector Initial CnC Beacon (trojan.rules)
2017136 - ET MALWARE Adware.Gamevance.AV Checkin (malware.rules)
2017639 - ET INFO JAR Size Under 30K Size - Potentially Hostile (info.rules)
2018219 - ET INFO DYNAMIC_DNS HTTP Request to a *.sytes.net Domain (info.rules)
2018228 - ET TROJAN Possible PlugX Common Header Struct (trojan.rules)
2018918 - ET POLICY possible Xiaomi phone data leakage DNS (policy.rules)
2018919 - ET POLICY possible Xiaomi phone data leakage HTTP (policy.rules)
2019512 - ET POLICY Possible IP Check api.ipify.org (policy.rules)
2019891 - ET TROJAN W32/Dridex POST CnC Beacon (trojan.rules)
2020083 - ET TROJAN Win64/Havex Checkin (trojan.rules)
2020116 - ET POLICY DNS Query to .onion proxy Domain (onion.to) (policy.rules)
2020565 - ET POLICY Dropbox DNS Lookup - Possible Offsite File Backup in Use (policy.rules)
2020628 - ET MALWARE MALWARE W32/WinWrapper.Adware POST CnC Beacon (malware.rules)
2020705 - ET TROJAN Generic - Mozilla 4.0 EXE Request (trojan.rules)
2022045 - ET POLICY DNS Query to .onion proxy Domain (forkinvestpay.com) (policy.rules)
2022280 - ET TROJAN Win32/Nivdort Posting Data 1 (trojan.rules)
2022482 - ET TROJAN JS/Nemucod requesting EXE payload 2016-02-01 (trojan.rules)
2022502 - ET TROJAN Suspicious Accept in HTTP POST - Possible Alphacrypt/TeslaCrypt (trojan.rules)
2022538 - ET TROJAN Ransomware Locky CnC Beacon (trojan.rules)
2022548 - ET TROJAN Ransomware Locky .onion Payment Domain (trojan.rules)
2022551 - ET POLICY Logmein.com/Join.me SSL Remote Control Access (policy.rules)
2022842 - ET TROJAN HTTPBrowser/Pisloader Covert DNS CnC Channel TXT Lookup (trojan.rules)
2023518 - ET POLICY Android Adups Firmware DNS Query 4 (policy.rules)
2023882 - ET INFO HTTP Request to a *.top domain (info.rules)
2024199 - ET CURRENT_EVENTS EITest SocENG Inject M2 (current_events.rules)
2024227 - ET INFO Lets Encrypt Free SSL Cert Observed with IDN/Punycode Domain - Possible Phishing (info.rules)
2024786 - ET POLICY Request for Coinhive Browser Monero Miner M2 (policy.rules)
2024808 - ET WEB_SPECIFIC_APPS Apache Tomcat Possible CVE-2017-12617 JSP Upload Bypass Attempt (web_specific_apps.rules)
2024809 - ET WEB_SPECIFIC_APPS Apache Tomcat Possible CVE-2017-12617 JSP Upload Bypass Attempt (web_specific_apps.rules)
2024810 - ET WEB_SPECIFIC_APPS Apache Tomcat Possible CVE-2017-12617 JSP Upload Bypass Attempt (web_specific_apps.rules)
2024811 - ET WEB_SPECIFIC_APPS Apache Tomcat Possible CVE-2017-12617 JSP Upload Bypass Attempt (web_specific_apps.rules)
2024812 - ET WEB_SPECIFIC_APPS Apache Tomcat Possible CVE-2017-12617 JSP Upload Bypass Attempt (web_specific_apps.rules)
2024813 - ET WEB_SPECIFIC_APPS Apache Tomcat Possible CVE-2017-12617 JSP Upload Bypass Attempt (web_specific_apps.rules)
2024828 - ET CURRENT_EVENTS Observed DNS Query to Browser Coinminer (crypto-loot[.]com) (current_events.rules)
2801321 - ETPRO WEB_CLIENT MHTML Attempted Script Execution (web_client.rules)
2802103 - ETPRO POLICY MOBILE iPhone locationd User-Agent Detected (policy.rules)
2805138 - ETPRO TROJAN Win32/SpyVoltar.A Checkin (trojan.rules)
2805776 - ETPRO POLICY PowerPack software bundle Downloader.Win32.SwiftCleaner.bd (policy.rules)
2805802 - ETPRO POLICY GEOIP info online service (freegeoip.net) (policy.rules)
2805985 - ETPRO TROJAN Fareit/Pony Downloader .exe file download (trojan.rules)
2806659 - ETPRO TROJAN Worm.Win32/Esfury.X Checkin (trojan.rules)
2806777 - ETPRO TROJAN Win32/Ghodow.NAS Checkin (trojan.rules)
2807393 - ETPRO TROJAN W32/Redyms.AF Checkin (trojan.rules)
2807793 - ETPRO TROJAN Win32/Rootkit.BlackEnergy.AG Checkin (trojan.rules)
2808030 - ETPRO TROJAN Win32.IRCBot Checkin (trojan.rules)
2808050 - ETPRO TROJAN Trojan-Ransom.Win32.Blocker.jgb Checkin (trojan.rules)
2808390 - ETPRO MALWARE PUP AdWare.OxyPumper Download (malware.rules)
2808715 - ETPRO TROJAN Win32/Sality.AM GET Request (trojan.rules)
2809531 - ETPRO TROJAN Likely Win32/Agobot Large POST to Legit Website (trojan.rules)
2809547 - ETPRO TROJAN Symmi payload download (trojan.rules)
2809683 - ETPRO POLICY IP Check freegeoip.net (policy.rules)
2810756 - ETPRO TROJAN Win32/Rovnix.P Retrieving .dat (trojan.rules)
2810959 - ETPRO MOBILE_MALWARE Riskware Android/SMSreg.OC Checkin (mobile_malware.rules)
2811535 - ETPRO MALWARE Win32/bmMedia.D PUP Downloader (malware.rules)
2812234 - ETPRO POLICY IP lookup pv.sohu.com (policy.rules)
2812378 - ETPRO MALWARE Downloader.Win32.Agent.diyn PUA (malware.rules)
2812465 - ETPRO USER_AGENTS Suspicious User-Agent (User-Agent) (user_agents.rules)
2812498 - ETPRO TROJAN Win32/Haperlock.A Connectivity Check (trojan.rules)
2812739 - ETPRO POLICY NetSupport Remote Admin Checkin (policy.rules)
2812834 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Sept 1 M2 (current_events.rules)
2814318 - ETPRO CURRENT_EVENTS Angler EK Landing URI Struct Oct 12 (current_events.rules)
2814736 - ETPRO TROJAN Pirpi CnC Beacon (trojan.rules)
2815325 - ETPRO TROJAN Andromeda CnC Beacon Fake UA 2 (trojan.rules)
2816095 - ETPRO CURRENT_EVENTS Angler EK Payload Feb 05 2015 M1 T1 (current_events.rules)
2816234 - ETPRO CURRENT_EVENTS Angler EK Feb 15 2015 M1 T2 (current_events.rules)
2816484 - ETPRO CURRENT_EVENTS Angler EK Landing Mar 02 2016 M1 T1 (current_events.rules)
2816511 - ETPRO CURRENT_EVENTS Angler EK Landing Mar 02 2016 M1 T1 (current_events.rules)
2821022 - ETPRO CURRENT_EVENTS Neutrino EK Payload July 08 2016 M1 (current_events.rules)
2821356 - ETPRO MALWARE Qiyi PUP Installer SSL Cert (malware.rules)
2821569 - ETPRO TROJAN Locky CnC checkin Aug 03 2016 M2 (trojan.rules)
2822860 - ETPRO MALWARE MSIL/Kryptik.EAN Variant Downloader Activity (malware.rules)
2825353 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected (trojan.rules)
2826889 - ETPRO TROJAN Win32.Cybergate RAT SQLite DL (trojan.rules)
2826896 - ETPRO TROJAN Win32/InstallCore CnC Activity (trojan.rules)
2827690 - ETPRO MOBILE_MALWARE PUP Android/Igexin.B Checkin 2 (mobile_malware.rules)
2827774 - ETPRO TROJAN Backdoor.Ratenjay POST with System Information (trojan.rules)
2828722 - ETPRO TROJAN Win32/1ms0rry CoinMiner Botnet CnC Checkin M2 (trojan.rules)

Date: 
Thursday, November 30, 2017 - 00:00