[Emerging-Sigs] Daily Ruleset Update Summary 2018/02/16

Travis Green tgreen at emergingthreats.net
Fri Feb 16 12:06:37 HST 2018


[***]            Summary:            [***]

1 new Open, 25 new Pro (1 + 24). MuddyWater APT POWERSTAT CnC, KovCoreG
SocEng, Various Mobile, Various Phishing.


 [+++]          Added rules:          [+++]

Open:

  2025368 - ET CURRENT_EVENTS Successful Generic Multi-Account Phish
2018-02-16 (current_events.rules)

Pro:

  2829687 - ETPRO CURRENT_EVENTS Successful IRS Phish 2018-02-16
(current_events.rules)
  2829688 - ETPRO TROJAN Kovter Malicious SSL Certificate Detected
(trojan.rules)
  2829689 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 15
(mobile_malware.rules)
  2829690 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
286 (mobile_malware.rules)
  2829691 - ETPRO TROJAN MuddyWater APT POWERSTAT CnC M3 (trojan.rules)
  2829692 - ETPRO TROJAN MuddyWater APT POWERSTAT CnC M4 (trojan.rules)
  2829693 - ETPRO TROJAN KovCoreG SocEng DNS Lookup (trojan.rules)
  2829694 - ETPRO TROJAN KovCoreG SocEng Domain in SNI (trojan.rules)
  2829695 - ETPRO TROJAN KovCoreG SocEng Malicious SSL Certificate Detected
(trojan.rules)
  2829696 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-02-16
(current_events.rules)
  2829697 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-02-16
(current_events.rules)
  2829698 - ETPRO CURRENT_EVENTS Successful Verified by Visa Phish
2018-02-16 (current_events.rules)
  2829699 - ETPRO CURRENT_EVENTS Successful Unicred Mobile Phish 2018-02-16
(current_events.rules)
  2829700 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2018-02-16
(current_events.rules)
  2829701 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2018-02-16
(current_events.rules)
  2829702 - ETPRO CURRENT_EVENTS Successful Swisscom Phish 2018-02-16
(current_events.rules)
  2829703 - ETPRO CURRENT_EVENTS Successful BNP Paribas Phish 2018-02-16
(current_events.rules)
  2829704 - ETPRO CURRENT_EVENTS Successful Sparkasse Phish 2018-02-16
(current_events.rules)
  2829705 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-16 1) (trojan.rules)
  2829706 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-16 2) (trojan.rules)
  2829707 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-16 3) (trojan.rules)
  2829708 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-16 4) (trojan.rules)
  2829709 - ETPRO MALWARE MSIL/Linkury Toolbar Style External IP Check
(malware.rules)
  2829710 - ETPRO MALWARE MSIL/Linkury Toolbar Activity (malware.rules)


 [+++]  Enabled and modified rules:   [+++]

  2828913 - ETPRO TROJAN WIN32/KOVTER.B Checkin 2 M3 (trojan.rules)


 [///]     Modified active rules:     [///]

  2821031 - ETPRO CURRENT_EVENTS Successful Craigslist Phish Jul 11 2016
(current_events.rules)
  2824923 - ETPRO CURRENT_EVENTS Apple Phishing Landing M1 Feb 13 2017
(current_events.rules)
  2825163 - ETPRO CURRENT_EVENTS Successful Generic Phish (Redirect to
Download PDF) Feb 28 2017 (current_events.rules)
  2829671 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-02-14
(current_events.rules)


 [---]  Disabled and modified rules:  [---]

  2801334 - ETPRO WEB_CLIENT Adobe PDF Memory Corruption /Ff Dictionary Key
Corruption (web_client.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20180216/1c52fc13/attachment.html>


More information about the Emerging-sigs mailing list