[Emerging-Sigs] Daily Ruleset Update Summary 2018/02/15

Travis Green tgreen at emergingthreats.net
Thu Feb 15 12:23:17 HST 2018


[***]            Summary:            [***]

9 new Open, 20 new Pro (9 + 11). MSIL/Agent.BIC Variant, PowerShell
Commands via DNS TXT, Various Phishing.


[+++]          Added rules:          [+++]

Open:

 2025359 - ET TROJAN MSIL/Agent.BIC Variant CnC Checkin (trojan.rules)
 2025360 - ET CURRENT_EVENTS Possible Wells Fargo Phishing Landing - Title
over non SSL (current_events.rules)
 2025361 - ET CURRENT_EVENTS Sparkasse Phishing Landing 2018-02-15
(current_events.rules)
 2025362 - ET CURRENT_EVENTS Dropbox Phishing Landing 2018-02-15
(current_events.rules)
 2025363 - ET CURRENT_EVENTS Facebook Phishing Landing 2018-02-15
(current_events.rules)
 2025364 - ET CURRENT_EVENTS Google Docs Phishing Landing 2018-02-15
(current_events.rules)
 2025365 - ET CURRENT_EVENTS Dropbox Phishing Landing 2018-02-15
(current_events.rules)
 2025366 - ET CURRENT_EVENTS Chase Phishing Landing 2018-02-15
(current_events.rules)
 2025367 - ET CURRENT_EVENTS Square Phishing Landing 2018-02-15
(current_events.rules)

Pro:

 2829676 - ETPRO TROJAN Hworm/Houdini CnC Checkin (trojan.rules)
 2829677 - ETPRO TROJAN Observed Malicious SSL Cert (Shino Bot CnC)
(trojan.rules)
 2829678 - ETPRO TROJAN MalDoc Retrieving PowerShell Commands via DNS TXT
(trojan.rules)
 2829679 - ETPRO CURRENT_EVENTS Observed Malicious Domain used in MalDoc
(holiday-factory .000webhostapp .com in TLS SNI) (current_events.rules)
 2829680 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2018-02-15
(current_events.rules)
 2829681 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2018-02-15
(current_events.rules)
 2829682 - ETPRO CURRENT_EVENTS Successful Chase Phish 2018-02-15
(current_events.rules)
 2829683 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-15 1) (trojan.rules)
 2829684 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-15 2) (trojan.rules)
 2829685 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-15 3) (trojan.rules)
 2829686 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-15 4) (trojan.rules)


[///]     Modified active rules:     [///]

 2010715 - ET SCAN ZmEu exploit scanner (scan.rules)
 2025281 - ET CURRENT_EVENTS Cloned Website Phishing Landing - Saved
Website Comment Observed (current_events.rules)
 2025292 - ET CURRENT_EVENTS Wells Fargo Phishing Landing 2018-02-02 M1
(current_events.rules)
 2828789 - ETPRO TROJAN Reaver C2 Checkin Command (trojan.rules)
 2829671 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-02-14
(current_events.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20180215/6fa898c1/attachment.html>


More information about the Emerging-sigs mailing list