[Emerging-Sigs] Daily Ruleset Update Summary 2018/01/10

Travis Green tgreen at emergingthreats.net
Wed Jan 10 13:38:43 HST 2018


[***]            Summary:            [***]

4 new Open, 21 new Pro (4 + 17). MeltDown PoC DL, Spectre PoC DL, Various
Phishing.


[+++]          Added rules:          [+++]

Open:

 2012612 - ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers
(info.rules)
 2025195 - ET EXPLOIT Possible MeltDown PoC Download In Progress
(exploit.rules)
 2025196 - ET EXPLOIT Possible Spectre PoC Download In Progress
(exploit.rules)
 2025197 - ET CURRENT_EVENTS Tech Support Phone Scam Landing 2018-01-10
(current_events.rules)

Pro:

 2829231 - ETPRO TROJAN Win32/Xmrok Coinminer Checkin (trojan.rules)
 2829232 - ETPRO CURRENT_EVENTS Secure Cloud Files Phishing Landing
2018-01-10 M1 (current_events.rules)
 2829233 - ETPRO CURRENT_EVENTS Secure Cloud Files Phishing Landing
2018-01-10 M2 (current_events.rules)
 2829234 - ETPRO CURRENT_EVENTS Successful Secure Cloud Files Phish
2018-01-10 M1 (current_events.rules)
 2829235 - ETPRO CURRENT_EVENTS Successful Secure Cloud Files Phish
2018-01-10 M2 (current_events.rules)
 2829236 - ETPRO CURRENT_EVENTS Successful Secure Cloud Files Phish
2018-01-10 M3 (current_events.rules)
 2829237 - ETPRO TROJAN Python/CoinMiner Requesting Payload (trojan.rules)
 2829238 - ETPRO TROJAN Obfuscated PowerShell Inbound (trojan.rules)
 2829239 - ETPRO TROJAN Qarallex RAT Onion Domain (trojan.rules)
 2829240 - ETPRO CURRENT_EVENTS Successful ATT Phish 2018-01-10
(current_events.rules)
 2829241 - ETPRO CURRENT_EVENTS Successful Orange Phish 2018-01-10
(current_events.rules)
 2829242 - ETPRO CURRENT_EVENTS Successful Ameli.fr Phish 2018-01-10
(current_events.rules)
 2829243 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-01-10
(current_events.rules)
 2829244 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-10 1) (trojan.rules)
 2829245 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-10 2) (trojan.rules)
 2829246 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-10 3) (trojan.rules)
 2829247 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-10 4) (trojan.rules)


[///]     Modified active rules:     [///]

 2011941 - ET WEB_SPECIFIC_APPS Open Source Support Ticket System
module.php Local File Inclusion Attempt (web_specific_apps.rules)
 2809267 - ETPRO TROJAN W32/TinyZBot Fake Resume Upload GET Request
(Operation Cleaver) (trojan.rules)
 2810654 - ETPRO POLICY Possibly Suspicious example.com SSL Cert
(policy.rules)
 2820780 - ETPRO TROJAN APT SWC Redirected Request June 21 2016
(trojan.rules)
 2822981 - ETPRO CURRENT_EVENTS Successful Dropbox/Docusign Phish Oct 28
2016 (current_events.rules)


[---]  Disabled and modified rules:  [---]

 2829187 - ETPRO TROJAN MSIL.NepaCollector CnC M1 (buildInfo) (trojan.rules)
 2829188 - ETPRO TROJAN MSIL.NepaCollector CnC M2 (isMaster) (trojan.rules)
 2829189 - ETPRO TROJAN MSIL.NepaCollector CnC M3 (getLastError)
(trojan.rules)
 2829202 - ETPRO TROJAN MSIL/Zbrain PUP/Stealer Installer UA (trojan.rules)


[---]         Removed rules:         [---]

 2012612 - ET TROJAN Hiloti Style GET to PHP with invalid terse MSIE
headers (trojan.rules)
 2021645 - ET TROJAN APT Cheshire Cat DNS Lookup (holidayapartments4you.
com) (trojan.rules)
 2021646 - ET TROJAN APT Cheshire Cat DNS Lookup (euro-rafting.com)
(trojan.rules)
 2021647 - ET TROJAN APT Cheshire Cat DNS Lookup
(holidayapartments-Paris.com) (trojan.rules)
 2021648 - ET TROJAN APT Cheshire Cat DNS Lookup (
paris-holidayapartments.com) (trojan.rules)
 2021649 - ET TROJAN APT Cheshire Cat DNS Lookup (
franceholidayapartments.com) (trojan.rules)
 2021650 - ET TROJAN APT Cheshire Cat DNS Lookup (apartmentsin-paris.com)
(trojan.rules)
 2021651 - ET TROJAN APT Cheshire Cat DNS Lookup (raftingholiday.com)
(trojan.rules)
 2021652 - ET TROJAN APT Cheshire Cat DNS Lookup (eurorafting-tr.com)
(trojan.rules)
 2021653 - ET TROJAN APT Cheshire Cat DNS Lookup (turkeyextremerafting.com)
(trojan.rules)
 2021654 - ET TROJAN APT Cheshire Cat DNS Lookup (raftingtours-turkey.com)
(trojan.rules)
 2021655 - ET TROJAN APT Cheshire Cat DNS Lookup (divextreme-ar.com)
(trojan.rules)
 2021656 - ET TROJAN APT Cheshire Cat DNS Lookup (crazy-jump.com)
(trojan.rules)
 2021657 - ET TROJAN APT Cheshire Cat DNS Lookup (dive-extreme.com)
(trojan.rules)
 2021658 - ET TROJAN APT Cheshire Cat DNS Lookup (tandemskydive-ar.com)
(trojan.rules)
 2021659 - ET TROJAN APT Cheshire Cat DNS Lookup (groupdive. com)
(trojan.rules)
 2021660 - ET TROJAN APT Cheshire Cat DNS Lookup (skydivelessons.com)
(trojan.rules)
 2021661 - ET TROJAN APT Cheshire Cat DNS Lookup (bungee4you-br.com)
(trojan.rules)
 2021662 - ET TROJAN APT Cheshire Cat DNS Lookup (brazil-crazybungee.com)
(trojan.rules)
 2021663 - ET TROJAN APT Cheshire Cat DNS Lookup (bungeejumping-br.com)
(trojan.rules)
 2021664 - ET TROJAN APT Cheshire Cat DNS Lookup (groupbungee-br.com)
(trojan.rules)
 2021665 - ET TROJAN APT Cheshire Cat DNS Lookup (divextreme-au.com)
(trojan.rules)
 2021666 - ET TROJAN APT Cheshire Cat DNS Lookup (crazyjump-uy.com)
(trojan.rules)
 2021667 - ET TROJAN APT Cheshire Cat DNS Lookup (stuntjumps.com)
(trojan.rules)
 2021668 - ET TROJAN APT Cheshire Cat DNS Lookup (tandemskydive-au.com)
(trojan.rules)
 2021669 - ET TROJAN APT Cheshire Cat DNS Lookup (groupdive-au.com)
(trojan.rules)
 2021670 - ET TROJAN APT Cheshire Cat DNS Lookup (au-skydivelessons.com)
(trojan.rules)
 2021671 - ET TROJAN APT Cheshire Cat DNS Lookup (bungee4you-uy.com)
(trojan.rules)
 2021672 - ET TROJAN APT Cheshire Cat DNS Lookup (uruguay-crazybungee.com)
(trojan.rules)
 2021673 - ET TROJAN APT Cheshire Cat DNS Lookup (bungeejumping-uy.com)
(trojan.rules)
 2021674 - ET TROJAN APT Cheshire Cat DNS Lookup (groupbungee-uy.com)
(trojan.rules)
 2021675 - ET TROJAN APT Cheshire Cat DNS Lookup (circlesofourlives-ir.com)
(trojan.rules)
 2021676 - ET TROJAN APT Cheshire Cat DNS Lookup (clickflowers-hk.com)
(trojan.rules)
 2021677 - ET TROJAN APT Cheshire Cat DNS Lookup (cropcirclestours.com)
(trojan.rules)
 2021678 - ET TROJAN APT Cheshire Cat DNS Lookup (irelancropcircles.com)
(trojan.rules)
 2021679 - ET TROJAN APT Cheshire Cat DNS Lookup (ir-cool.com)
(trojan.rules)
 2021680 - ET TROJAN APT Cheshire Cat DNS Lookup (magnificentcircles.com)
(trojan.rules)
 2021681 - ET TROJAN APT Cheshire Cat DNS Lookup (china-flowershop.com)
(trojan.rules)
 2021682 - ET TROJAN APT Cheshire Cat DNS Lookup (hongkong-bouquets.com)
(trojan.rules)
 2021683 - ET TROJAN APT Cheshire Cat DNS Lookup (beautifuldaisies.com)
(trojan.rules)
 2021684 - ET TROJAN APT Cheshire Cat DNS Lookup (rosesinchina.com)
(trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20180110/109c6583/attachment.html>


More information about the Emerging-sigs mailing list