[Emerging-Sigs] [Etpro-sigs] Daily Ruleset Update Summary 2017/12/29

Duane Howard duane.security at gmail.com
Tue Jan 2 09:38:02 HST 2018


both of the below rules contain
a  reference:md5,7c60ce8d44e21fcddd5214e93db7602e;
but the descriptions use different names for the malware? is the reference
incorrect on one of them, or are the names out of alignment?
2829108 - ETPRO TROJAN MSIL/Tiny.R CnC Checkin (Infoback) (trojan.rules)
2829110 - ETPRO TROJAN Win32/Crimson Variant CnC Checkin (trojan.rules)

-Duane

On Fri, Dec 29, 2017 at 1:00 PM, Travis Green <tgreen at emergingthreats.net>
wrote:

> [***]            Summary:            [***]
>
> 1 new Open, 13 new Pro (1 + 12). FireBlaze, MSIL/Tiny.R, Win32/Crimson
> Variant, Various Phishing.
>
>
> [+++]          Added rules:          [+++]
>
> Open:
>
>  2025177 - ET TROJAN Zeus Panda CnC Domain (in DNS Lookup) (trojan.rules)
>
> Pro:
>
>  2829106 - ETPRO CURRENT_EVENTS Observed FireBlaze Keylogger Downloader
> Domain (fireblazes .000webhostapp .com in TLS SNI) (current_events.rules)
>  2829107 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2017-12-29
> (current_events.rules)
>  2829108 - ETPRO TROJAN MSIL/Tiny.R CnC Checkin (Infoback) (trojan.rules)
>  2829109 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL)
> (current_events.rules)
>  2829110 - ETPRO TROJAN Win32/Crimson Variant CnC Checkin (trojan.rules)
>  2829111 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
> 2017-12-29 (current_events.rules)
>  2829112 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
> (2017-12-29 1) (trojan.rules)
>  2829113 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
> (2017-12-29 2) (trojan.rules)
>  2829114 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
> (2017-12-29 3) (trojan.rules)
>  2829115 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
> (2017-12-29 4) (trojan.rules)
>  2829116 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
> (2017-12-29 5) (trojan.rules)
>  2829117 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
> (2017-12-29 6) (trojan.rules)
>
>
> [///]     Modified active rules:     [///]
>
>  2814624 - ETPRO TROJAN XtremeRAT CnC Beacon 1 (trojan.rules)
>
>
> --
> PGP: 0xBED7B297
> <https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
>
> _______________________________________________
> Etpro-sigs mailing list
> Etpro-sigs at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/etpro-sigs
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20180102/d4718c13/attachment.html>


More information about the Emerging-sigs mailing list