[Emerging-Sigs] Daily Ruleset Update Summary 2018/02/06

Travis Green tgreen at emergingthreats.net
Tue Feb 6 12:32:30 HST 2018


[***]            Summary:            [***]

4 new Open, 22 new Pro (4 + 18). Andariel Rifdoor/RIFLE, up.pzchao,
Abnormal x509v3 SubjectKeyIdentifier, Huawei RCE CVE-2017-17215, Various
Mobile, Various Phishing.


[+++]          Added rules:          [+++]

Open:

 2025315 - ET POLICY Possible Windows Binary Observed in SSL/TLS
Certificate (policy.rules)
 2025316 - ET CURRENT_EVENTS Office 365 Phishing Landing 2018-02-06
(current_events.rules)
 2025319 - ET POLICY [Fidelis] Abnormal x509v3 SubjectKeyIdentifier
extension (policy.rules)
 2025320 - ET POLICY [Fidelis] Abnormal Very Long x509v3
SubjectKeyIdentifier Extension (policy.rules)

Pro:

 2829562 - ETPRO TROJAN Andariel Rifdoor/RIFLE CnC Beacon (trojan.rules)
 2829563 - ETPRO CURRENT_EVENTS Successful Ebay Phish 2018-02-06 (DE)
(current_events.rules)
 2829564 - ETPRO TROJAN up.pzchao Checkin via HTTP POST (trojan.rules)
 2829565 - ETPRO TROJAN up.pzchao Checkin via HTTP POST M2 (trojan.rules)
 2829566 - ETPRO TROJAN DustySky Downeks/Quasar/other DNS Lookup (fulltext
.yourtrap .com in DNS Lookup) (trojan.rules)
 2829567 - ETPRO TROJAN DustySky Downeks/Quasar/other DNS Lookup (fulltext
.yourtrap .com in TLS SNI) (trojan.rules)
 2829568 - ETPRO TROJAN DustySky Downeks/Quasar/other DNS Lookup (checktest
.www1 .biz in DNS Lookup) (trojan.rules)
 2829569 - ETPRO TROJAN DustySky Downeks/Quasar/other DNS Lookup (checktest
.www1 .biz in TLS SNI) (trojan.rules)
 2829570 - ETPRO TROJAN DDoS Win32.Macri Checkin (trojan.rules)
 2829573 - ETPRO TROJAN Win32/GandCrab Ransomware IP Address Check M1
(trojan.rules)
 2829574 - ETPRO TROJAN Win32/GandCrab Ransomware IP Address Check M2
(trojan.rules)
 2829575 - ETPRO TROJAN Win32/Scote Checkin (trojan.rules)
 2829576 - ETPRO TROJAN Win32/Scote Keepalive (trojan.rules)
 2829577 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
277 (mobile_malware.rules)
 2829578 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
278 (mobile_malware.rules)
 2829579 - ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215)
(exploit.rules)
 2829580 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
279 (mobile_malware.rules)
 2829581 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
280 (mobile_malware.rules)


[///]     Modified active rules:     [///]

 2014726 - ET POLICY Outdated Flash Version M1 (policy.rules)
 2024228 - ET INFO Suspicious HTML Decimal Obfuscated Title - Possible
Phishing Landing Apr 19 2017 (info.rules)
 2024379 - ET POLICY Outdated Flash Version M2 (policy.rules)
 2024850 - ET CURRENT_EVENTS Successful HMRC Phish Oct 18 2017
(current_events.rules)
 2025184 - ET WEB_CLIENT Spectre Kernel Memory Leakage JavaScript (POC
Based) (web_client.rules)
 2025185 - ET WEB_CLIENT Spectre Kernel Memory Leakage JavaScript
(web_client.rules)
 2025188 - ET WEB_CLIENT Spectre Exploit Javascript (web_client.rules)
 2025195 - ET EXPLOIT Possible MeltDown PoC Download In Progress
(exploit.rules)
 2824863 - ETPRO TROJAN Win32/Fadok.A Checkin (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20180206/6d231e9e/attachment.html>


More information about the Emerging-sigs mailing list