[Emerging-Sigs] Daily Ruleset Update Summary 2018/02/14

Travis Green tgreen at emergingthreats.net
Wed Feb 14 13:06:18 HST 2018


[***]            Summary:            [***]

4 new Open, 23 new Pro (4 + 19). Hworm/Houdini, Win32/ASPC, Various
Phishing.


[+++]          Added rules:          [+++]

Open:

 2025355 - ET CURRENT_EVENTS Dropbox Phishing Landing 2018-02-14
(current_events.rules)
 2025356 - ET CURRENT_EVENTS Linkedin Phishing Landing 2018-02-14
(current_events.rules)
 2025357 - ET CURRENT_EVENTS Facebook Phishing Landing 2018-02-14
(current_events.rules)
 2025358 - ET MALWARE Rogue.WinPCDefender Checkin (malware.rules)

Pro:

 2829657 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
 2829658 - ETPRO TROJAN Observed APT28 Domain in SNI (trojan.rules)
 2829659 - ETPRO TROJAN Hworm/Houdini DNS Lookup M1 (trojan.rules)
 2829660 - ETPRO TROJAN Hworm/Houdini DNS Lookup M2 (trojan.rules)
 2829661 - ETPRO TROJAN Win32/ASPC Bot CnC Checkin (trojan.rules)
 2829662 - ETPRO TROJAN Win32/ASPC Bot CnC Checkin 2 (trojan.rules)
 2829663 - ETPRO CURRENT_EVENTS Successful Dropbox Business Phish
2018-02-14 (current_events.rules)
 2829664 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2018-02-14 M1
(current_events.rules)
 2829665 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2018-02-14 M2
(current_events.rules)
 2829666 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2018-02-14 M3
(current_events.rules)
 2829667 - ETPRO CURRENT_EVENTS Successful USAA Phish 2018-02-14 M1
(current_events.rules)
 2829668 - ETPRO CURRENT_EVENTS Successful USAA Phish 2018-02-14 M2
(current_events.rules)
 2829669 - ETPRO CURRENT_EVENTS Successful USAA Phish 2018-02-14 M3
(current_events.rules)
 2829670 - ETPRO CURRENT_EVENTS Successful USAA Phish 2018-02-14 M4
(current_events.rules)
 2829671 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-02-14
(current_events.rules)
 2829672 - ETPRO CURRENT_EVENTS Successful LastPass Phish 2018-02-14
(current_events.rules)
 2829673 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-14 1) (trojan.rules)
 2829674 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-14 2) (trojan.rules)
 2829675 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-14 3) (trojan.rules)


[///]     Modified active rules:     [///]

 2025331 - ET POLICY Possible External IP Lookup Domain Observed in SNI
(ipinfo. io) (policy.rules)
 2823674 - ETPRO TROJAN W32/Quasar 1.3 RAT MiscHandler HTTP Pattern
(trojan.rules)
 2827239 - ETPRO TROJAN MSIL/TopherMiner PWS CnC Checkin M2 (trojan.rules)
 2829259 - ETPRO MALWARE MSIL/AdFraudClicker Activity (malware.rules)
 2829407 - ETPRO TROJAN Mirai Variant DNS Lookup M1 (trojan.rules)
 2829408 - ETPRO TROJAN Mirai Variant DNS Lookup M2 (trojan.rules)
 2829409 - ETPRO TROJAN Mirai Variant DNS Lookup M3 (trojan.rules)
 2829410 - ETPRO TROJAN Mirai Variant DNS Lookup M4 (trojan.rules)
 2829411 - ETPRO TROJAN Mirai Variant DNS Lookup M5 (trojan.rules)
 2829412 - ETPRO TROJAN Mirai Variant DNS Lookup M6 (trojan.rules)
 2829413 - ETPRO TROJAN Mirai Variant DNS Lookup M7 (trojan.rules)
 2829414 - ETPRO TROJAN Mirai Variant DNS Lookup M8 (trojan.rules)
 2829415 - ETPRO TROJAN Mirai Variant DNS Lookup M9 (trojan.rules)
 2829416 - ETPRO TROJAN Mirai Variant DNS Lookup M10 (trojan.rules)
 2829417 - ETPRO TROJAN Mirai Variant DNS Lookup M11 (trojan.rules)
 2829418 - ETPRO TROJAN Mirai Variant DNS Lookup M12 (trojan.rules)
 2829419 - ETPRO TROJAN Mirai Variant DNS Lookup M13 (trojan.rules)
 2829420 - ETPRO TROJAN Mirai Variant DNS Lookup M14 (trojan.rules)
 2829421 - ETPRO TROJAN Mirai Variant DNS Lookup M15 (trojan.rules)
 2829422 - ETPRO TROJAN Mirai Variant DNS Lookup M16 (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20180214/7ae50ab1/attachment.html>


More information about the Emerging-sigs mailing list