[Emerging-Sigs] Daily Ruleset Update Summary 2018/02/05

Travis Green tgreen at emergingthreats.net
Mon Feb 5 12:22:50 HST 2018


[***]            Summary:            [***]

9 new Open, 25 new Pro (9 + 16). W32/Kimsuky, SunDown EK Payload, Various
Mobile, Various Phishing.

Thanks: @AttackDetection

[+++]          Added rules:          [+++]

Open:

 2025306 - ET CURRENT_EVENTS Banque Populaire Phishing Landing 2018-02-05
(current_events.rules)
 2025307 - ET CURRENT_EVENTS Paypal Phishing Landing 2018-02-05
(current_events.rules)
 2025308 - ET CURRENT_EVENTS Possible Generic Antibots Phishing Landing
2018-02-05 (current_events.rules)
 2025309 - ET CURRENT_EVENTS Facebook Upgrade Payment Phishing Landing
2018-02-05 (current_events.rules)
 2025310 - ET CURRENT_EVENTS Mailbox Upgrade Phishing Landing 2018-02-05
(current_events.rules)
 2025311 - ET CURRENT_EVENTS Yahoo Account Verification Phishing Landing
2018-02-05 (current_events.rules)
 2025312 - ET CURRENT_EVENTS Google/Adobe Shared Document Phishing Landing
2018-02-05 (current_events.rules)
 2025313 - ET CURRENT_EVENTS Orange Phishing Landing 2018-02-05 (FR)
(current_events.rules)
 2025314 - ET POLICY Vulnerable Java Version 9.0.x Detected (policy.rules)

Pro:

 2829546 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
275 (mobile_malware.rules)
 2829547 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
276 (mobile_malware.rules)
 2829548 - ETPRO TROJAN W32/Kimsuky Sending Encrypted System Information to
CnC (trojan.rules)
 2829549 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-05 1) (trojan.rules)
 2829550 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-05 2) (trojan.rules)
 2829551 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-05 3) (trojan.rules)
 2829552 - ETPRO TROJAN W32/Kimsuky Requesting Stage 2 Payload
(trojan.rules)
 2829553 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-05 4) (trojan.rules)
 2829554 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-05 5) (trojan.rules)
 2829555 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-05 6) (trojan.rules)
 2829556 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-05 7) (trojan.rules)
 2829557 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-05 8) (trojan.rules)
 2829558 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-05 9) (trojan.rules)
 2829559 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-05 10) (trojan.rules)
 2829560 - ETPRO CURRENT_EVENTS SunDown EK Payload 2018-02-05
(current_events.rules)
 2829561 - ETPRO TROJAN SSL/TLS Certificate Observed (Sundown EK)
(trojan.rules)


[///]     Modified active rules:     [///]

 2011581 - ET POLICY Vulnerable Java Version 1.5.x Detected (policy.rules)
 2011582 - ET POLICY Vulnerable Java Version 1.6.x Detected (policy.rules)
 2011584 - ET POLICY Vulnerable Java Version 1.4.x Detected (policy.rules)
 2014297 - ET POLICY Vulnerable Java Version 1.7.x Detected (policy.rules)
 2019401 - ET POLICY Vulnerable Java Version 1.8.x Detected (policy.rules)
 2023681 - ET MOBILE_MALWARE Android Fancy Bear Checkin 2
(mobile_malware.rules)
 2025152 - ET TROJAN [PTsecurity] DorkBot.Downloader CnC Response
(trojan.rules)
 2025153 - ET TROJAN [PTsecurity] DorkBot.Downloader CnC Beacon
(trojan.rules)
 2025184 - ET WEB_CLIENT Spectre Kernel Memory Leakage JavaScript (POC
Based) (web_client.rules)
 2025185 - ET WEB_CLIENT Spectre Kernel Memory Leakage JavaScript
(web_client.rules)
 2025188 - ET WEB_CLIENT Spectre Exploit Javascript (web_client.rules)
 2025195 - ET EXPLOIT Possible MeltDown PoC Download In Progress
(exploit.rules)
 2025196 - ET EXPLOIT Possible Spectre PoC Download In Progress
(exploit.rules)
 2025305 - ET TROJAN [Flashpoint] Possible CVE-2018-4878 Check-in
(trojan.rules)
 2829545 - ETPRO EXPLOIT Adobe Flash Use After Free (CVE-2018-4878)
(exploit.rules)


[---]         Removed rules:         [---]

 2801695 - ETPRO SCADA_SPECIAL DNP3 Non-DNP3 Communication on a DNP3 Port
(scada_special.rules)
 2829533 - ETPRO EXPLOIT Adobe Flash Request Retrieving XOR Key (associated
with CVE-2018-4878) (exploit.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20180205/167b0e9d/attachment.html>


More information about the Emerging-sigs mailing list