[Emerging-Sigs] Daily Ruleset Update Summary 2018/01/22

Travis Green tgreen at emergingthreats.net
Mon Jan 22 14:30:22 HST 2018


[***]            Summary:            [***]

15 new Open, 27 new Pro (15 + 12). MSIL/SamMiner CnC, VBS.ARS Checkin,
Various Mobile, Various Phishing.

Thanks: @MalwrHunterTeam


 [+++]          Added rules:          [+++]

  Open:

  2025227 - ET INFO Possible Phishing Landing - Common Multiple JS Unescape
May 25 2017 (info.rules)
  2025228 - ET TROJAN Observed Evrial Domain (projectevrial .ru in DNS
Lookup) (trojan.rules)
  2025229 - ET CURRENT_EVENTS Email Verification/Upgrade Phishing Landing
2018-01-22 (current_events.rules)
  2025230 - ET TROJAN VBS.ARS Checkin (trojan.rules)
  2025231 - ET INFO Multiple Javascript Unescapes - Common Obfuscation
Observed in Phish Landing (info.rules)
  2025232 - ET CURRENT_EVENTS Email Server Mobile Security Settings
Phishing Landing 2018-01-22 (current_events.rules)
  2025233 - ET CURRENT_EVENTS Dropbox Phishing Landing - Title over non SSL
(current_events.rules)
  2025234 - ET TROJAN Win32/Rodecap/Travle/PYLOT CnC Checkin M2
(trojan.rules)
  2025235 - ET TROJAN MSIL/SamMiner CnC Checkin M1 (trojan.rules)
  2025236 - ET CURRENT_EVENTS Possible Compromised Wordpress - Generic
Phishing Landing 2018-01-22 (current_events.rules)
  2025237 - ET TROJAN MSIL/SamMiner CnC Checkin M2 (trojan.rules)
  2025238 - ET INFO Base64 Encoded powershell.exe in HTTP Response M1
(info.rules)
  2025239 - ET INFO Base64 Encoded powershell.exe in HTTP Response M2
(info.rules)
  2025240 - ET INFO Base64 Encoded powershell.exe in HTTP Response M3
(info.rules)
  2025241 - ET TROJAN Unknown Brazilian Banker CnC Activity (trojan.rules)

  Pro:

  2829365 - ETPRO CURRENT_EVENTS Microsoft Documentation Phishing Landing
2018-01-22 (current_events.rules)
  2829366 - ETPRO CURRENT_EVENTS Successful GoDaddy Phish 2018-01-22
(current_events.rules)
  2829367 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-22 1) (trojan.rules)
  2829368 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-22 2) (trojan.rules)
  2829369 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-22 3) (trojan.rules)
  2829370 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-22 4) (trojan.rules)
  2829371 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-22 5) (trojan.rules)
  2829372 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-22 6) (trojan.rules)
  2829373 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-22 7) (trojan.rules)
  2829374 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-22 8) (trojan.rules)
  2829375 - ETPRO CURRENT_EVENTS Successful IRS Credit Card Information
Phish 2018-01-22 (current_events.rules)
  2829376 - ETPRO TROJAN SSL/TLS Certificate Observed (Meterpreter)
(trojan.rules)


 [///]     Modified active rules:     [///]

  2008038 - ET MALWARE Suspicious User-Agent (Mozilla/4.0 (compatible ICS))
(malware.rules)
  2025013 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Nov
20 2017 (current_events.rules)
  2822114 - ETPRO TROJAN Etirehni/PYLOT CnC Beacon - Downloaded by Cmstar
(trojan.rules)
  2829004 - ETPRO TROJAN FormBook CnC Checkin (POST) (trojan.rules)
  2829005 - ETPRO CURRENT_EVENTS Successful Generic Phish 2017-12-20
(current_events.rules)


 [---]         Removed rules:         [---]

  2826541 - ETPRO CURRENT_EVENTS Possible Phishing Landing - Common
Multiple JS Unescape May 25 2017 (current_events.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20180122/d194cc02/attachment.html>


More information about the Emerging-sigs mailing list