[Emerging-Sigs] Daily Ruleset Update Summary 2018/01/04

Travis Green tgreen at emergingthreats.net
Thu Jan 4 13:17:50 HST 2018


[***]            Summary:            [***]

5 new Open, 15 new Pro (5 + 10). Spectre Kernel Memory Leakage JavaScript,
Oilrig DNS, Various Phishing.


[+++]          Added rules:          [+++]

Open:

2025182 - ET TROJAN Oilrig Stealer CnC Checkin (trojan.rules)
2025183 - ET TROJAN Python Monero Miner CnC DNS Query (trojan.rules)
2025184 - ET WEB_CLIENT Spectre Kernel Memory Leakage JavaScript (POC
Based) (web_client.rules)
2025185 - ET WEB_CLIENT Spectre Kernel Memory Leakage JavaScript
(web_client.rules)
2025186 - ET CURRENT_EVENTS CoinMiner Malicious Authline Seen After
CVE-2017-10271 Exploit (current_events.rules)

Pro:

2829167 - ETPRO POLICY TDS SQL Batch Outbound (policy.rules)
2829168 - ETPRO TROJAN Oilrig DNS Tunneling Domain (trojan.rules)
2829169 - ETPRO POLICY Windows Executable Inbound via TDS (policy.rules)
2829170 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-01-04
(current_events.rules)
2829171 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-04 1) (trojan.rules)
2829172 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-04 3) (trojan.rules)
2829173 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-04 4) (trojan.rules)
2829174 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-04 5) (trojan.rules)
2829175 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-04 6) (trojan.rules)
2829176 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-04 7) (trojan.rules)


[///]     Modified active rules:     [///]

2816393 - ETPRO CURRENT_EVENTS Possible Phishing Landing Obfuscation
2016-02-26 (current_events.rules)
2828463 - ETPRO CURRENT_EVENTS Successful Generic Phish Oct 27 2017
(current_events.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20180104/5a40c465/attachment.html>


More information about the Emerging-sigs mailing list