[Emerging-Sigs] Daily Ruleset Update Summary 2017/12/15

Travis Green tgreen at emergingthreats.net
Fri Dec 15 13:03:16 HST 2017


[***]            Summary:            [***]

3 new Open, 18 new Pro (3 + 15). Win32/Downloader.op17, Evil TeamViewer,
PAN Firewall CVE-2017-15944, Various Mobile.

Thanks: @AttackDetection


[+++]          Added rules:          [+++]

Open:

 2025151 - ET CURRENT_EVENTS Malicious Fake JS Lib Inject
(current_events.rules)
 2025152 - ET TROJAN [PTsecurity] Win32/Downloader.op17 CnC Response
(trojan.rules)
 2025153 - ET TROJAN [PTsecurity] Win32/Downloader.op17 CnC Beacon
(trojan.rules)

Pro:

 2828907 - ETPRO TROJAN Evil TeamViewer CnC Checkin 3 (trojan.rules)
 2828908 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-15 1) (trojan.rules)
 2828909 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-15 2) (trojan.rules)
 2828910 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-15 3) (trojan.rules)
 2828911 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-15 4) (trojan.rules)
 2828912 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-15 5) (trojan.rules)
 2828913 - ETPRO TROJAN WIN32/KOVTER.B Checkin 2 M3 (trojan.rules)
 2828914 - ETPRO TROJAN MSIL/Hon.DoS.Tool CnC Checkin (trojan.rules)
 2828915 - ETPRO MALWARE Win32/Hao123.K Checkin 3 (malware.rules)
 2828916 - ETPRO TROJAN MSIL/TrojanClicker.Agent.NSJ Activity (trojan.rules)
 2828917 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.at Contact
Exfil via SMTP (mobile_malware.rules)
 2828918 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.at Reporting
Infection via SMTP (mobile_malware.rules)
 2828919 - ETPRO WEB_SERVER PAN Firewall CVE-2017-15944 Authentication
Bypass Attempt (web_server.rules)
 2828920 - ETPRO WEB_SERVER PAN Firewall CVE-2017-15944 XML Injection
Attempt (web_server.rules)
 2828954 - ETPRO WEB_SPECIFIC_APPS Apache Tomcat CVE-2016-6816 Security
Bypass Attempt (web_specific_apps.rules)


[///]     Modified active rules:     [///]

 2025119 - ET TROJAN Sharik/Smoke CnC Beacon 7 (trojan.rules)
 2025149 - ET POLICY IP Check (rl. ammyy. com) (policy.rules)
 2810607 - ETPRO TROJAN Upatre Retrieving encoded payload (Common Header
Struct) (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20171215/14b21249/attachment.html>


More information about the Emerging-sigs mailing list