[Emerging-Sigs] Daily Ruleset Update Summary 2018/02/08

Travis Green tgreen at emergingthreats.net
Thu Feb 8 10:58:49 HST 2018


[***]            Summary:            [***]

2 new Open, 24 new Pro (2 + 22). MSIL/TohperMiner, MSIL/KyoznikMiner,
OrientDB 2.2.x RCE, Various Mobile, Various Phishing.


[+++]          Added rules:          [+++]

Open:

 2025330 - ET POLICY Possible External IP Lookup SSL Cert Observed (
ipinfo.io) (policy.rules)
 2025331 - ET POLICY Possible External IP Lookup Domain Observed in SNI (
ipinfo.io) (policy.rules)

Pro:

 2806924 - ETPRO INFO Korean Web Traffic Statistics Service (info.rules)
 2829592 - ETPRO TROJAN Win32/Remcos RAT Checkin 8 (trojan.rules)
 2829593 - ETPRO TROJAN Win32/Banload.Downloader Variant CnC Check-in
(trojan.rules)
 2829594 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
281 (mobile_malware.rules)
 2829595 - ETPRO TROJAN Reveton Domain Observed (itisagooddaytodie .com in
DNS Lookup) (trojan.rules)
 2829596 - ETPRO TROJAN Reveton Domain Observed (googleprofit8 .com in DNS
Lookup) (trojan.rules)
 2829597 - ETPRO TROJAN MSIL/KyoznikMiner CnC Checkin (trojan.rules)
 2829598 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
282 (mobile_malware.rules)
 2829599 - ETPRO TROJAN Reveton Domain Observed (lalalablabla1313lolo .com
in DNS Lookup) (trojan.rules)
 2829600 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
283 (mobile_malware.rules)
 2829601 - ETPRO EXPLOIT OrientDB 2.2.x Remote Code Execution
(exploit.rules)
 2829602 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
284 (mobile_malware.rules)
 2829603 - ETPRO TROJAN njRAT/Bladabindi Variant CnC Activity (trojan.rules)
 2829604 - ETPRO TROJAN njRAT/Bladabindi Variant CnC Keep-Alive
(trojan.rules)
 2829605 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
285 (mobile_malware.rules)
 2829606 - ETPRO TROJAN MSIL/TohperMiner CnC Checkin (trojan.rules)
 2829611 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-08 1) (trojan.rules)
 2829612 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-08 2) (trojan.rules)
 2829613 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-08 3) (trojan.rules)
 2829614 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-08 4) (trojan.rules)
 2829615 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-08 5) (trojan.rules)
 2829616 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-08 6) (trojan.rules)


[///]     Modified active rules:     [///]

 2828790 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.gen CnC
Beacon (mobile_malware.rules)
 2829591 - ETPRO TROJAN DanderSpritz Implant Communicating with PeddleCheap
Module (trojan.rules)


[---]  Disabled and modified rules:  [---]

 2014135 - ET TROJAN Zeus/Reveton checkin to /images.rar (trojan.rules)
 2015874 - ET TROJAN Known Reveton Domain HTTP whatwillber.com
(trojan.rules)
 2828913 - ETPRO TROJAN WIN32/KOVTER.B Checkin 2 M3 (trojan.rules)


[---]         Removed rules:         [---]

 2806924 - ETPRO TROJAN Muldrop Checkin (trojan.rules)
 2806942 - ETPRO TROJAN Trojan-Ransom.Win32.PornoAsset Checkin
(trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20180208/1cf7a72a/attachment.html>


More information about the Emerging-sigs mailing list