[Emerging-Sigs] Daily Ruleset Update Summary 2017/12/07

Travis Green tgreen at emergingthreats.net
Thu Dec 7 12:09:18 HST 2017


[***]            Summary:            [***]

2 new Open, 18 new Pro (2 + 16). Sharik/Smoke Update, Cyberbit/PSS, Various
Mobile, Various Phishing.

Thanks: Arnold Chan


[+++]          Added rules:          [+++]

Open:

 2025141 - ET TROJAN Injected WP Keylogger/Coinminer Domain Detected
(cloudflare .solutions in DNS Lookup) (trojan.rules)
 2025142 - ET TROJAN Sharik/Smoke CnC Beacon 8 (trojan.rules)

Pro:

 2828809 - ETPRO CURRENT_EVENTS MalDoc Retrieving EXE Payload 2017-12-06
(current_events.rules)
 2828810 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
250 (mobile_malware.rules)
 2828811 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
251 (mobile_malware.rules)
 2828812 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
252 (mobile_malware.rules)
 2828813 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.fe Contact
Exfil via SMTP 5 (mobile_malware.rules)
 2828814 - ETPRO TROJAN MSIL/Subti.N CnC Beacon (trojan.rules)
 2828815 - ETPRO TROJAN Cyberbit/PSS CnC Domain (time-local .com in DNS
Lookup) (trojan.rules)
 2828816 - ETPRO TROJAN Cyberbit/PSS CnC Domain (time-local .net in DNS
Lookup) (trojan.rules)
 2828817 - ETPRO TROJAN Cyberbit/PSS CnC Domain (pupki .co in DNS Lookup)
(trojan.rules)
 2828818 - ETPRO TROJAN Cyberbit/PSS Staging Server Domain (eastafro .net
in DNS Lookup) (trojan.rules)
 2828819 - ETPRO TROJAN Cyberbit/PSS Staging Server Domain (diretube .co.uk
in DNS Lookup) (trojan.rules)
 2828820 - ETPRO TROJAN Cyberbit/PSS Staging Server Domain (meskereme .net
in DNS Lookup) (trojan.rules)
 2828821 - ETPRO TROJAN MSIL/Bazidow.A HTTP C2 (trojan.rules)
 2828822 - ETPRO TROJAN VBS/BoletoMestre IRC Checkin (trojan.rules)
 2828823 - ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell
Empire) (trojan.rules)
 2828824 - ETPRO INFO Suspicious HTTP Credential Post to IP Address -
Possible Successful Phish (info.rules)


[///]     Modified active rules:     [///]

 2021690 - ET TROJAN MWI Maldoc Stats Callout Aug 18 2015 (trojan.rules)
 2025102 - ET INFO HTTP POST Request to Suspicious *.ml Domain (info.rules)
 2025103 - ET INFO HTTP POST Request to Suspicious *.cf Domain (info.rules)
 2025119 - ET TROJAN Sharik/Smoke CnC Beacon 7 (trojan.rules)
 2025133 - ET POLICY possible OnePlus phone data leakage DNS (policy.rules)
 2025134 - ET POLICY OnePlus phone data leakage (policy.rules)
 2828788 - ETPRO TROJAN Win32/Banload.Downloader Requesting Payload
(trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20171207/8e2a63b9/attachment.html>


More information about the Emerging-sigs mailing list