[Emerging-Sigs] Daily Ruleset Update Summary 2017/12/27

Travis Green tgreen at emergingthreats.net
Wed Dec 27 14:29:23 HST 2017


[***]            Summary:            [***]

15 new Pro. Suspicious Terse HTTP, Malicious SSL Certs, Various Phishing.

Thanks: @AttackDetection


[+++]          Added rules:          [+++]

Pro:

 2829074 - ETPRO POLICY Suspicious Terse HTTP Request to yourjavascript
.com (policy.rules)
 2829075 - ETPRO TROJAN Observed Malicious SSL Cert (URLZone CnC)
(trojan.rules)
 2829076 - ETPRO TROJAN Observed Malicious SSL Cert (Bateleur CnC)
(trojan.rules)
 2829077 - ETPRO CURRENT_EVENTS Successful International Card Services
Phish 2017-12-27 (current_events.rules)
 2829078 - ETPRO MALWARE Adware.Genius.B Version Check (malware.rules)
 2829079 - ETPRO POLICY HTTP Request to iplogger .ru for External IP
Address (policy.rules)
 2829080 - ETPRO CURRENT_EVENTS Successful Apple Phish 2017-12-27
(current_events.rules)
 2829081 - ETPRO CURRENT_EVENTS Apple Phishing Landing Javascript
2017-12-27 (current_events.rules)
 2829082 - ETPRO CURRENT_EVENTS Successful Docusign Phish 2017-12-27
(current_events.rules)
 2829083 - ETPRO CURRENT_EVENTS Successful Generic UIV Phish 2017-12-27
(current_events.rules)
 2829084 - ETPRO CURRENT_EVENTS Successful IRS Phish 2017-12-27
(current_events.rules)
 2829093 - ETPRO CURRENT_EVENTS Generic Spam-Egy Phishing Landing
2017-12-27 (current_events.rules)
 2829094 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2017-12-27
(current_events.rules)
 2829095 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set)
2017-12-27 (current_events.rules)
 2829096 - ETPRO CURRENT_EVENTS Possible Successful Generic Multi Step
Phish 2017-12-27 (current_events.rules)


[///]     Modified active rules:     [///]

 2829038 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(NDF5eWJUWEZnYk...) (trojan.rules)


[---]  Disabled and modified rules:  [---]

 2822783 - ETPRO CURRENT_EVENTS Successful Facebook Phish Oct 20 2016
(current_events.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20171227/12ef88dd/attachment.html>


More information about the Emerging-sigs mailing list