[Emerging-Sigs] Daily Ruleset Update Summary 2018/01/19

Travis Green tgreen at emergingthreats.net
Fri Jan 19 11:39:43 HST 2018


[***]            Summary:            [***]

5 new Open, 18 new Pro (5 + 13). Skygofree, Win32.Drun, Various Mobile,
Various Phishing.


[+++]          Added rules:          [+++]

Open:

 2025222 - ET EXPLOIT Generic ADSL Router DNS Change Request (exploit.rules)
 2025223 - ET EXPLOIT Possible Belkin N600DB Wireless Router Request
Forgery Attempt (exploit.rules)
 2025224 - ET TROJAN Unknown EXE Dropped by 2017-11882 RTF (trojan.rules)
 2025225 - ET TROJAN Win32.Drun Checkin (trojan.rules)
 2025226 - ET CURRENT_EVENTS Microsoft Questionnaire Phishing Landing
2018-01-19 (current_events.rules)

Pro:

 2829352 - ETPRO INFO Observed Dynamic DNS Domain (*.anondns .net in DNS
Lookup) (info.rules)
 2829353 - ETPRO CURRENT_EVENTS Successful ATT Phish 2018-01-19
(current_events.rules)
 2829354 - ETPRO TROJAN Observed Malicious SSL Cert (MSIL/Kryptik.GYM)
(trojan.rules)
 2829355 - ETPRO TROJAN Skygofree CnC Beacon (trojan.rules)
 2829356 - ETPRO INFO Observed Dynamic DNS Domain (*.linkpc .net)
(info.rules)
 2829357 - ETPRO CURRENT_EVENTS Successful Made In China Phish 2018-01-19
(current_events.rules)
 2829358 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-19 1) (trojan.rules)
 2829359 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-19 2) (trojan.rules)
 2829360 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-19 3) (trojan.rules)
 2829361 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-19 4) (trojan.rules)
 2829362 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-19 5) (trojan.rules)
 2829363 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-19 6) (trojan.rules)
 2829364 - ETPRO TROJAN Observed Malicious SSL Cert (Agent Tesla CnC)
(trojan.rules)


[///]     Modified active rules:     [///]

 2024436 - ET TROJAN Formbook 0.3 Checkin (trojan.rules)
 2821014 - ETPRO WEB_CLIENT suspicious .CAB containing single executable
file inbound (observed in maldoc campaign) (web_client.rules)
 2829000 - ETPRO TROJAN FormBook CnC Checkin (GET) (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20180119/71f4a5fb/attachment.html>


More information about the Emerging-sigs mailing list