[Emerging-Sigs] Daily Ruleset Update Summary 2017/12/20

Travis Green tgreen at emergingthreats.net
Wed Dec 20 13:26:26 HST 2017


[***]            Summary:            [***]

5 new Open, 13 new Pro (5 + 8). FormBook, Win32/Backdoor.YesMaster, Various
Mobile, Various Phishing.

Thanks: Arvind Kumar


[+++]          Added rules:          [+++]

Open:

 2025156 - ET TROJAN Possible Trickbot/Dyre Serial Number in SSL Cert
(trojan.rules)
 2025157 - ET TROJAN Win32/Backdoor.YesMaster CnC Checkin (trojan.rules)
 2025158 - ET CURRENT_EVENTS Possible Fedex Phishing Landing - Title over
non SSL (current_events.rules)
 2025159 - ET CURRENT_EVENTS Possible Halkbank (TK) Phishing Landing -
Title over non SSL (current_events.rules)
 2025160 - ET CURRENT_EVENTS Possible Ziraat Bank (TK) Phishing Landing -
Title over non SSL (current_events.rules)

Pro:

 2829000 - ETPRO TROJAN FormBook CnC Checkin (GET) (trojan.rules)
 2829001 - ETPRO CURRENT_EVENTS Successful Ebay Phish 2017-12-19
(current_events.rules)
 2829002 - ETPRO CURRENT_EVENTS Successful BBVA Columbia Phish 2017-12-19
(current_events.rules)
 2829003 - ETPRO MOBILE_MALWARE ANDROIDOS_ANUBISSPY Checkin
(mobile_malware.rules)
 2829004 - ETPRO TROJAN FormBook CnC Checkin (POST) (trojan.rules)
 2829005 - ETPRO CURRENT_EVENTS Successful Generic Phish 2017-12-20
(current_events.rules)
 2829006 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set)
2017-12-20 (current_events.rules)
 2829007 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2017-12-20
(current_events.rules)


[///]     Modified active rules:     [///]

 2001616 - ET ATTACK_RESPONSE Zone-H.org defacement notification
(attack_response.rules)
 2819987 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Hqwar.q Checkin
(mobile_malware.rules)
 2828463 - ETPRO CURRENT_EVENTS Successful Generic Phish Oct 27 2017
(current_events.rules)


[---]  Disabled and modified rules:  [---]

 2828995 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-15 1) (trojan.rules)
 2828996 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-15 2) (trojan.rules)
 2828997 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-15 3) (trojan.rules)
 2828998 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-15 4) (trojan.rules)
 2828999 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-15 5) (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20171220/003e7df7/attachment-0001.html>


More information about the Emerging-sigs mailing list