[Emerging-Sigs] Daily Ruleset Update Summary 2018/02/02

Travis Green tgreen at emergingthreats.net
Fri Feb 2 11:13:00 HST 2018


[***]            Summary:            [***]

16 new Open, 27 new Pro (16 + 11). Backdoor.Elise, ROKRAT, VBS.ARS, Various
Phishing.

Thanks: @MalwrHunterTeam

[+++]          Added rules:          [+++]

Open:

 2025290 - ET CURRENT_EVENTS Likely Cloned .EDU Website Phishing Landing
2018-02-02 (current_events.rules)
 2025291 - ET TROJAN Backdoor.Elise CnC Beacon 2 M2 (trojan.rules)
 2025292 - ET CURRENT_EVENTS Wells Fargo Phishing Landing 2018-02-02 M1
(current_events.rules)
 2025293 - ET CURRENT_EVENTS Wells Fargo Phishing Landing 2018-02-02 M2
(current_events.rules)
 2025294 - ET CURRENT_EVENTS Wells Fargo Phishing Landing 2018-02-02 M3
(current_events.rules)
 2025295 - ET CURRENT_EVENTS Wells Fargo Phishing Landing 2018-02-02 M4
(current_events.rules)
 2025296 - ET CURRENT_EVENTS Wells Fargo Phishing Landing 2018-02-02 M5
(current_events.rules)
 2025297 - ET CURRENT_EVENTS Wells Fargo Phishing Landing 2018-02-02 M6
(current_events.rules)
 2025298 - ET CURRENT_EVENTS Wells Fargo Phishing Landing 2018-02-02 M7
(current_events.rules)
 2025299 - ET CURRENT_EVENTS Wells Fargo Phishing Landing 2018-02-02 M8
(current_events.rules)
 2025300 - ET CURRENT_EVENTS Wells Fargo Phishing Landing 2018-02-02 M9
(current_events.rules)
 2025301 - ET CURRENT_EVENTS Wells Fargo Phishing Landing 2018-02-02 M10
(current_events.rules)
 2025302 - ET MALWARE Win32.LoadMoney User Agent 2 (malware.rules)
 2025303 - ET MALWARE Win32/LoadMoney Adware Activity M2 (malware.rules)
 2025304 - ET TROJAN Observed ExecPS/Cobolt Domain (getfreshnews .com in
DNS Lookup) (trojan.rules)
 2025305 - ET TROJAN [Flashpoint] Possible CVE-2018-4878 Check-in
(trojan.rules)

Pro:

 2829533 - ETPRO EXPLOIT Adobe Flash Request Retrieving XOR Key (associated
with CVE-2018-4878) (exploit.rules)
 2829534 - ETPRO TROJAN Group123 Encoded ROKRAT Payload (Observed with
CVE-2018-4878) (trojan.rules)
 2829535 - ETPRO POLICY Possible ROKRAT SSL Certificate Observed
(policy.rules)
 2829537 - ETPRO TROJAN VBS.ARS Plugin Report (trojan.rules)
 2829538 - ETPRO TROJAN VBS.ARS Password Stealer Plugin Report
(trojan.rules)
 2829539 - ETPRO TROJAN Observed Malicious SSL Cert (Zeus Panda CnC)
(trojan.rules)
 2829540 - ETPRO TROJAN Observed Malicious SSL Cert (Bancos Variant
Downloader) (trojan.rules)
 2829541 - ETPRO TROJAN Observed Malicious SSL Cert (Bancos Variant
Downloader M2) (trojan.rules)
 2829542 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-02 1) (trojan.rules)
 2829543 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-02 2) (trojan.rules)
 2829544 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-02 3) (trojan.rules)


[///]     Modified active rules:     [///]

 2012906 - ET WEB_CLIENT Download of PDF With Uncompressed Flash Content
flowbit set (web_client.rules)
 2828385 - ETPRO CURRENT_EVENTS Chalbhai Phishing Landing Oct 23 2017
(current_events.rules)


[---]         Removed rules:         [---]

 2829525 - ETPRO CURRENT_EVENTS Possible Wells Fargo Phishing Landing -
Title over non SSL 2018-02-01 (current_events.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20180202/21fc5ecc/attachment-0001.html>


More information about the Emerging-sigs mailing list