[Emerging-Sigs] Daily Ruleset Update Summary 2018/01/30

Travis Green tgreen at emergingthreats.net
Tue Jan 30 12:22:01 HST 2018


[***]            Summary:            [***]

9 new Open, 36 new Pro (9 + 27). Evrial CnC, APT POWERSTAT CnC, Various
Mobile, Various Phishing.


[+++]          Added rules:          [+++]

Open:

 2025266 - ET TROJAN Evrial Stealer CnC Activity (trojan.rules)
 2025267 - ET INFO Possible Phishing Redirect 2018-01-30 (info.rules)
 2025268 - ET CURRENT_EVENTS Impots.gouv.fr Phishing Landing 2018-01-30
(current_events.rules)
 2025269 - ET CURRENT_EVENTS Turbotax Phishing Landing 2018-01-30
(current_events.rules)
 2025270 - ET CURRENT_EVENTS Bank of America Phishing Landing 2018-01-30
(current_events.rules)
 2025271 - ET CURRENT_EVENTS Possible Capital One Phishing Landing - Title
over non SSL (current_events.rules)
 2025272 - ET CURRENT_EVENTS GrandSoft EK IE Exploit Jan 30 2018
(current_events.rules)
 2025273 - ET MOBILE_MALWARE Android.Trojan.Marcher.U DNS Lookup
(mobile_malware.rules)
 2025274 - ET CURRENT_EVENTS Verizon Wireless Phishing Landing 2018-01-30
(current_events.rules)

Pro:

 2810166 - ETPRO INFO Commonly Abused File Sharing Site Domain HTTP request
(savepic .su) (info.rules)
 2829472 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
263 (mobile_malware.rules)
 2829473 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
264 (mobile_malware.rules)
 2829474 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
265 (mobile_malware.rules)
 2829475 - ETPRO CURRENT_EVENTS Successful HMRC Phish 2018-01-30
(current_events.rules)
 2829476 - ETPRO CURRENT_EVENTS Successful Orange (FR) Phish 2018-01-30
(current_events.rules)
 2829477 - ETPRO CURRENT_EVENTS Successful Apple Phish 2018-01-30
(current_events.rules)
 2829478 - ETPRO CURRENT_EVENTS Successful Apple UI Support Phish
2018-01-30 (current_events.rules)
 2829479 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-01-30
(current_events.rules)
 2829480 - ETPRO CURRENT_EVENTS Successful TSB Bank (UK) Phish 2018-01-30
(current_events.rules)
 2829481 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
266 (mobile_malware.rules)
 2829482 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
267 (mobile_malware.rules)
 2829483 - ETPRO TROJAN MuddyWater APT POWERSTAT CnC M1 (trojan.rules)
 2829484 - ETPRO TROJAN MuddyWater APT POWERSTAT CnC M2 (trojan.rules)
 2829485 - ETPRO POLICY External IP Address Lookup - apinotes .com
(policy.rules)
 2829486 - ETPRO TROJAN MSIL/IRCbot.M!bit Command (Join) (trojan.rules)
 2829487 - ETPRO TROJAN MSIL/IRCbot.M!bit Command (Key logger)
(trojan.rules)
 2829488 - ETPRO TROJAN MSIL/IRCbot.M!bit Command (Window Logger)
(trojan.rules)
 2829489 - ETPRO TROJAN MSIL/IRCbot.M!bit Command (Recording Mic)
(trojan.rules)
 2829490 - ETPRO TROJAN MSIL/IRCbot.M!bit Command (CommandShell)
(trojan.rules)
 2829491 - ETPRO TROJAN MSIL/IRCbot.M!bit Command (Infoharvest)
(trojan.rules)
 2829492 - ETPRO MOBILE_MALWARE Android.Trojan.Marcher.U Domain Request in
SNI (mobile_malware.rules)
 2829493 - ETPRO TROJAN GlobeImposter Payment Domain (bcwfga5ssxh3jrlp in
DNS Lookup) (trojan.rules)
 2829494 - ETPRO TROJAN LockeR Payment Domain (lockerrwhuaf2jjx in DNS
Lookup) (trojan.rules)
 2829495 - ETPRO TROJAN Fake Twitch SocEng DNS Lookup 1 (trojan.rules)
 2829496 - ETPRO TROJAN Fake Twitch SocEng DNS Lookup 2 (trojan.rules)
 2829497 - ETPRO TROJAN Maldoc Powershell Payload Request (trojan.rules)


[///]     Modified active rules:     [///]

 2025188 - ET WEB_CLIENT Spectre Exploit Javascript (web_client.rules)
 2025253 - ET TROJAN [PTsecurity] Kuriyama Loader Checkin (trojan.rules)
 2829470 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(TnJ1MXpaeXM3SzlXeENDeHFZ) (trojan.rules)


[---]         Removed rules:         [---]

 2810166 - ETPRO TROJAN Probably Evil MS Office HTTP request to savepic.su
(trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20180130/36997132/attachment.html>


More information about the Emerging-sigs mailing list