[Emerging-Sigs] Daily Ruleset Update Summary 2018/01/29

Travis Green tgreen at emergingthreats.net
Mon Jan 29 12:20:05 HST 2018


[***]            Summary:            [***]

10 new Open, 23 new Pro (10 + 13). Evrial Domains, MSIL/Mishkaio, Various
Mobile, Various Phishing.


[+++]          Added rules:          [+++]

Open:

 2025256 - ET TROJAN Observed Evrial Domain (cryptoclipper .ru in DNS
Lookup) (trojan.rules)
 2025257 - ET TROJAN Observed Evrial Domain (projectevrial .ru in TLS SNI)
(trojan.rules)
 2025258 - ET CURRENT_EVENTS Possible Halkbank (TK) Phishing Landing -
Title over non SSL (current_events.rules)
 2025259 - ET CURRENT_EVENTS Generic Smail Phishing Landing 2018-01-29
(current_events.rules)
 2025260 - ET CURRENT_EVENTS Apple Phishing Landing 2018-01-29 M1
(current_events.rules)
 2025261 - ET CURRENT_EVENTS Apple Phishing Landing 2018-01-29 M2
(current_events.rules)
 2025262 - ET CURRENT_EVENTS Paypal Phishing Landing 2018-01-29
(current_events.rules)
 2025263 - ET CURRENT_EVENTS Office 365 Phishing Landing 2018-01-29
(current_events.rules)
 2025264 - ET CURRENT_EVENTS Microsoft Onedrive Phishing Landing 2018-01-29
(current_events.rules)
 2025265 - ET CURRENT_EVENTS Smartsheet Phishing Landing 2018-01-29
(current_events.rules)

Pro:

 2829459 - ETPRO TROJAN Win32/Agent.ZGL Variant Checkin (trojan.rules)
 2829460 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
259 (mobile_malware.rules)
 2829461 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
260 (mobile_malware.rules)
 2829462 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
261 (mobile_malware.rules)
 2829463 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
262 (mobile_malware.rules)
 2829464 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-29 1) (trojan.rules)
 2829465 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-29 2) (trojan.rules)
 2829466 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-29 3) (trojan.rules)
 2829467 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-29 4) (trojan.rules)
 2829468 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-29 5) (trojan.rules)
 2829469 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-29 6) (trojan.rules)
 2829470 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(TnJ1MXpaeXM3SzlXeENDeHFZ) (trojan.rules)
 2829471 - ETPRO TROJAN MSIL/Mishkaio Checkin M1 (trojan.rules)


[///]     Modified active rules:     [///]

 2025253 - ET TROJAN [PTsecurity] Kuriyama Loader Checkin (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20180129/18ec45fc/attachment.html>


More information about the Emerging-sigs mailing list