[Emerging-Sigs] Daily Ruleset Update Summary 2017/12/18

Travis Green tgreen at emergingthreats.net
Mon Dec 18 13:21:42 HST 2017


[***]            Summary:            [***]

1 new Open, 17 new Pro (1 + 16). M2Soft ActiveX Vulnerability, Win32/Satan
Cryptor 2.0 Ransomware, MSIL/ISU System CnC, Various Mobile, Various
Phishing.


[+++]          Added rules:          [+++]

Open:

 2025154 - ET POLICY External IP Lookup Domain (curlmyip .net in DNS
lookup) (policy.rules)

Pro:

 2828955 - ETPRO TROJAN W32/Nymaim Checkin 8 (trojan.rules)
 2828956 - ETPRO WEB_CLIENT M2Soft ActiveX Vulnerability M1
(web_client.rules)
 2828957 - ETPRO WEB_CLIENT M2Soft ActiveX Vulnerability M1
(web_client.rules)
 2828958 - ETPRO TROJAN Win32/Satan Cryptor 2.0 Ransomware CnC Activity
(trojan.rules)
 2828959 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
256 (mobile_malware.rules)
 2828960 - ETPRO TROJAN Ursnif v3 SSL Certificate Observed (trojan.rules)
 2828961 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL)
(current_events.rules)
 2828962 - ETPRO CURRENT_EVENTS Successful Deutschlandcard Phish 2017-12-18
(current_events.rules)
 2828963 - ETPRO CURRENT_EVENTS Successful Impots.Gouv.fr Phish 2017-12-18
(current_events.rules)
 2828964 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL)
(current_events.rules)
 2828965 - ETPRO WEB_CLIENT MS Edge Memory Corruption Vulnerability
(CVE-2017-11845) (web_client.rules)
 2828966 - ETPRO CURRENT_EVENTS Successful Generic Phish - HTTP POST to
HTML Decimal Obfuscated Title 2017-12-18 (current_events.rules)
 2828967 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
257 (mobile_malware.rules)
 2828968 - ETPRO CURRENT_EVENTS Successful Generic Financial Phish -
2017-12-18 (current_events.rules)
 2828969 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2017-12-18
(current_events.rules)
 2828970 - ETPRO TROJAN MSIL/ISU System CnC Checkin (trojan.rules)


[///]     Modified active rules:     [///]

 2024908 - ET CURRENT_EVENTS Qtloader encrypted check-in Oct 19 M1
(current_events.rules)
 2025137 - ET CURRENT_EVENTS Possible Facebook Phishing Landing - Title
over non SSL (current_events.rules)
 2025146 - ET DNS Query for Suspicious .gr.com Domain (gr .com in DNS
Lookup) (dns.rules)
 2827384 - ETPRO CURRENT_EVENTS Possible Successful Generic Multi Step
Phish Aug 03 2017 (current_events.rules)
 2828444 - ETPRO TROJAN Observed Malicious SSL Cert (W32.MDFSMiner
Downloader) (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20171218/1e835b40/attachment.html>


More information about the Emerging-sigs mailing list