[Emerging-Sigs] Daily Ruleset Update Summary 2018/02/09

Travis Green tgreen at emergingthreats.net
Fri Feb 9 11:53:44 HST 2018


[***]            Summary:            [***]

9 new Open, 19 new Pro (9 + 10). Shurl0ckr Ransomware, OilRig RGDoor,
Various Phishing.


[+++]          Added rules:          [+++]

Open:

 2025332 - ET TROJAN Shurl0ckr Ransomware CnC (kdvm5fd6tn6jsbwh .onion .to
in DNS Lookup) (trojan.rules)
 2025333 - ET CURRENT_EVENTS Successful Generic .EDU Phish (Legit Set)
(current_events.rules)
 2025334 - ET CURRENT_EVENTS ASB Bank Phishing Landing 2018-02-09 M1
(current_events.rules)
 2025335 - ET CURRENT_EVENTS LinkedIn Phishing Landing 2018-02-09 M1
(current_events.rules)
 2025336 - ET CURRENT_EVENTS ASB Bank Phishing Landing 2018-02-09 M2
(current_events.rules)
 2025337 - ET CURRENT_EVENTS Wells Fargo Phishing Landing 2018-02-09
(current_events.rules)
 2025338 - ET CURRENT_EVENTS LinkedIn Phishing Landing 2018-02-09 M2
(current_events.rules)
 2025339 - ET CURRENT_EVENTS Facebook Phishing Landing 2018-02-09
(current_events.rules)
 2025340 - ET CURRENT_EVENTS Mailbox Revalidation Phishing Landing
2018-02-09 (current_events.rules)

Pro:

 2829617 - ETPRO EXPLOIT Adobe Flash Use After Free (CVE-2017-4877)
(exploit.rules)
 2829618 - ETPRO TROJAN Chthonic CnC Beacon 13 (trojan.rules)
 2829619 - ETPRO TROJAN OilRig RGDoor Implant Communicating with CnC
(trojan.rules)
 2829620 - ETPRO TROJAN Chthonic CnC Beacon Generic M1 (trojan.rules)
 2829621 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-09 1) (trojan.rules)
 2829622 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-09 2) (trojan.rules)
 2829623 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-09 3) (trojan.rules)
 2829624 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-09 4) (trojan.rules)
 2829625 - ETPRO TROJAN Chthonic CnC Beacon 14 (trojan.rules)
 2829626 - ETPRO TROJAN NameCoin .bit DNS Sinkhole Response (trojan.rules)


[///]     Modified active rules:     [///]

 2827572 - ETPRO CURRENT_EVENTS Successful Generic .EDU Phish Aug 17 2017
(current_events.rules)
 2828734 - ETPRO TROJAN Powerstats C2 (trojan.rules)
 2829308 - ETPRO TROJAN MSIL/Remcos Variant CnC Checkin (trojan.rules)
 2829459 - ETPRO TROJAN Win32/Agent.ZGL Variant W32/UDPOS Checkin
(trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20180209/2102638e/attachment.html>


More information about the Emerging-sigs mailing list