[Emerging-Sigs] Daily Ruleset Update Summary 2018/02/13

Travis Green tgreen at emergingthreats.net
Tue Feb 13 14:46:18 HST 2018


[***]            Summary:            [***]

9 new Open, 28 new Pro (9 + 19). Evrial Stealer, MAPP, Win32/CoinBit
Stealer, Various Phishing.

Feburary MAPP coverage:
2829653 => CVE-2018-4903
2829654 => CVE-2018-4906
2829655 => CVE-2018-4906
2829656 => CVE-2018-4912


[+++]          Added rules:          [+++]

Open:
 2025346 - ET TROJAN Evrial Stealer Retrieving CnC Information
(trojan.rules)
 2025347 - ET CURRENT_EVENTS Facebook Phishing Landing 2018-02-13 M1
(current_events.rules)
 2025348 - ET CURRENT_EVENTS Facebook Phishing Landing 2018-02-13 M2
(current_events.rules)
 2025349 - ET CURRENT_EVENTS LinkedIn Phishing Landing 2018-02-13
(current_events.rules)
 2025350 - ET CURRENT_EVENTS Capital One Phishing Landing 2018-02-13 M1
(current_events.rules)
 2025351 - ET CURRENT_EVENTS Wells Fargo Phishing Landing 2018-02-13
(current_events.rules)
 2025352 - ET CURRENT_EVENTS Capital One Phishing Landing 2018-02-13 M2
(current_events.rules)
 2025353 - ET CURRENT_EVENTS Generic Email Validation Phishing Landing
2018-02-13 (current_events.rules)
 2025354 - ET CURRENT_EVENTS Possible Successful Generic Phish (set)
2018-02-13 (current_events.rules)

Pro:

 2829638 - ETPRO POLICY External IP Address Lookup via ident .me
(policy.rules)
 2829639 - ETPRO POLICY External IP Address Lookup via www. sensum .inf .br
(policy.rules)
 2829640 - ETPRO CURRENT_EVENTS Successful Apple Phish 2018-02-13
(current_events.rules)
 2829641 - ETPRO TROJAN Gozi/Ursnif DNS Lookup (trojan.rules)
 2829642 - ETPRO TROJAN Observed Gozi/Ursnif Domain in SNI (trojan.rules)
 2829643 - ETPRO TROJAN Gozi/Ursnif Malicious SSL Certificate Detected
(trojan.rules)
 2829644 - ETPRO TROJAN MSIL/KyoznikMiner CnC Checkin M2 (trojan.rules)
 2829645 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2018-02-13
(current_events.rules)
 2829646 - ETPRO CURRENT_EVENTS Successful Microsoft Online Phish
2018-02-13 (current_events.rules)
 2829647 - ETPRO CURRENT_EVENTS Successful Shared PDF Phish 2018-02-13
(current_events.rules)
 2829648 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-13 1) (trojan.rules)
 2829649 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-13 2) (trojan.rules)
 2829650 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-13 3) (trojan.rules)
 2829651 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-13 4) (trojan.rules)
 2829652 - ETPRO TROJAN Win32/CoinBit Stealer CnC Checkin (trojan.rules)
 2829653 - ETPRO WEB_CLIENT Possible Adobe Reader TIFF Memory Corruption
(CVE-2018-4903) (web_client.rules)
 2829654 - ETPRO WEB_CLIENT Possible Adobe Reader EMF Memory Corruption M1
(CVE-2018-4906) (web_client.rules)
 2829655 - ETPRO WEB_CLIENT Possible Adobe Reader EMF Memory Corruption M2
(CVE-2018-4906) (web_client.rules)
 2829656 - ETPRO EXPLOIT Adobe Acrobat JP2 OOB (CVE-2018-4912)
(exploit.rules)


[///]     Modified active rules:     [///]

 2025327 - ET CURRENT_EVENTS Dropbox/OneDrive Phishing Landing 2018-02-07
(current_events.rules)
 2025331 - ET POLICY Possible External IP Lookup Domain Observed in SNI
(ipinfo. io) (policy.rules)
 2827605 - ETPRO TROJAN Win32/1ms0rry CoinMiner Botnet CnC Checkin
(trojan.rules)
 2828467 - ETPRO TROJAN MSIL/MarioRAT Sending Screenshot to CnC
(trojan.rules)
 2828722 - ETPRO TROJAN Win32/1ms0rry CoinMiner Botnet CnC Checkin M2
(trojan.rules)
 2829407 - ETPRO TROJAN Mirai Variant DNS Lookup M1 (trojan.rules)
 2829408 - ETPRO TROJAN Mirai Variant DNS Lookup M2 (trojan.rules)
 2829409 - ETPRO TROJAN Mirai Variant DNS Lookup M3 (trojan.rules)
 2829410 - ETPRO TROJAN Mirai Variant DNS Lookup M4 (trojan.rules)
 2829411 - ETPRO TROJAN Mirai Variant DNS Lookup M5 (trojan.rules)
 2829412 - ETPRO TROJAN Mirai Variant DNS Lookup M6 (trojan.rules)
 2829413 - ETPRO TROJAN Mirai Variant DNS Lookup M7 (trojan.rules)
 2829414 - ETPRO TROJAN Mirai Variant DNS Lookup M8 (trojan.rules)
 2829415 - ETPRO TROJAN Mirai Variant DNS Lookup M9 (trojan.rules)
 2829416 - ETPRO TROJAN Mirai Variant DNS Lookup M10 (trojan.rules)
 2829417 - ETPRO TROJAN Mirai Variant DNS Lookup M11 (trojan.rules)
 2829418 - ETPRO TROJAN Mirai Variant DNS Lookup M12 (trojan.rules)
 2829419 - ETPRO TROJAN Mirai Variant DNS Lookup M13 (trojan.rules)
 2829420 - ETPRO TROJAN Mirai Variant DNS Lookup M14 (trojan.rules)
 2829421 - ETPRO TROJAN Mirai Variant DNS Lookup M15 (trojan.rules)
 2829422 - ETPRO TROJAN Mirai Variant DNS Lookup M16 (trojan.rules)


[---]  Disabled and modified rules:  [---]

 2828189 - ETPRO TROJAN WIN32/KOVTER.B Checkin 2 M2 (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20180213/e7b2c45e/attachment.html>


More information about the Emerging-sigs mailing list