[Emerging-Sigs] Daily Ruleset Update Summary 2018/02/22

Travis Green tgreen at emergingthreats.net
Thu Feb 22 12:51:55 HST 2018


[***]            Summary:            [***]

4 new Open, 23 new Pro (4 + 19). Threadkit, MSIL/PSK Stealer, Various
Mobile, Various Phishing.


[+++]          Added rules:          [+++]

Open:

 2025377 - ET CURRENT_EVENTS Wells Fargo Phishing Landing 2018-02-22
(current_events.rules)
 2025378 - ET CURRENT_EVENTS Office 365 Phishing Landing 2018-02-22
(current_events.rules)
 2025379 - ET CURRENT_EVENTS Upgrade Advantage Phishing Landing 2018-02-22
(current_events.rules)
 2025380 - ET CURRENT_EVENTS Wells Fargo Phishing Landing 2018-02-22
(current_events.rules)

Pro:

 2828412 - ETPRO TROJAN Threadkit Checkin M1 (trojan.rules)
 2829765 - ETPRO CURRENT_EVENTS Successful Apple Phish 2018-02-22
(current_events.rules)
 2829766 - ETPRO CURRENT_EVENTS Successful Digital Credit Union Phish
2018-02-22 (current_events.rules)
 2829767 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2018-02-22
(current_events.rules)
 2829768 - ETPRO CURRENT_EVENTS Successful Google Drive Phish 2018-02-22
(current_events.rules)
 2829769 - ETPRO CURRENT_EVENTS Successful Apple Phish 2018-02-22
(current_events.rules)
 2829770 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group CnC)
(trojan.rules)
 2829771 - ETPRO TROJAN Observed Malicious SSL Cert (Bateleur CnC)
(trojan.rules)
 2829772 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
289 (mobile_malware.rules)
 2829773 - ETPRO TROJAN Threadkit Checkin M2 (trojan.rules)
 2829774 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
290 (mobile_malware.rules)
 2829775 - ETPRO TROJAN MSIL/PSK Stealer Sending Screenshot (trojan.rules)
 2829776 - ETPRO TROJAN AridViper Domain Observed (katesacker .club in DNS
Lookup) (trojan.rules)
 2829777 - ETPRO TROJAN AridViper Domain Observed (katesacker .club in TLS
SNI) (trojan.rules)
 2829778 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-22 1) (trojan.rules)
 2829779 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-22 2) (trojan.rules)
 2829780 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-22 3) (trojan.rules)
 2829781 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-22 4) (trojan.rules)
 2829782 - ETPRO CURRENT_EVENTS Successful International Card Services
Phish 2018-02-22 (current_events.rules)


[///]     Modified active rules:     [///]

 2024420 - ET TROJAN MalDoc Retrieving Malicious Payload (Possibly Ursnif)
(trojan.rules)


[---]  Disabled and modified rules:  [---]

 2825658 - ETPRO TROJAN Unknown KeyLogger CnC Checkin (trojan.rules)


[---]         Removed rules:         [---]

 2828412 - ETPRO CURRENT_EVENTS MalDoc Reporting Infection
(current_events.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20180222/3af5fe2a/attachment.html>


More information about the Emerging-sigs mailing list