[Emerging-updates] Daily Ruleset Update Summary 2016/08/11

Francis Trudeau ftrudeau at emergingthreats.net
Thu Aug 11 17:53:52 EDT 2016


 [***] Summary: [***]

 4 new Open signatures, 18 new Pro (4 + 14).  Monsoon Tinytyphon, Lance
Stealer, OwaAuth/Soybalek Backdoor.

 [+++]          Added rules:          [+++]

 Open:

  2023047 - ET CURRENT_EVENTS Adobe Shared Document Phishing Landing Nov 19
2015 (current_events.rules)
  2023048 - ET CURRENT_EVENTS Successful Generic Adobe Shared Document
Phish Aug 11 2016 (current_events.rules)
  2023049 - ET TROJAN Monsoon Tinytyphon CnC Beacon GET (trojan.rules)
  2023050 - ET TROJAN Monsoon Tinytyphon CnC Beacon Exfiltrating Docs
(trojan.rules)

 Pro:

  2821600 - ETPRO TROJAN MSIL/Unknown Backdoor CnC Checkin (trojan.rules)
  2821601 - ETPRO TROJAN Lance Stealer Screenshot Exfil (trojan.rules)
  2821602 - ETPRO TROJAN Malicious SSL certificate detected (Malware C2)
(trojan.rules)
  2821603 - ETPRO TROJAN Win32.Getapula Stealer Checkin (trojan.rules)
  2821604 - ETPRO MOBILE_MALWARE Android.Trojan.FakeBank.BA APK Download
(mobile_malware.rules)
  2821613 - ETPRO TROJAN Observed Malicious SSL Cert (Zeus Panda Banker)
(trojan.rules)
  2821614 - ETPRO TROJAN PoisonIvy Keepalive to CnC 471 (trojan.rules)
  2821615 - ETPRO CURRENT_EVENTS Possible MalDoc Download Request (set)
(current_events.rules)
  2821616 - ETPRO CURRENT_EVENTS MalDoc Payload Inbound Aug 11
(current_events.rules)
  2821617 - ETPRO CURRENT_EVENTS Successful DHL Phish Aug 11 2016
(current_events.rules)
  2821618 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Aug
11 2016 (current_events.rules)
  2821619 - ETPRO CURRENT_EVENTS Successful USAA Phish Aug 11 2016
(current_events.rules)
  2821620 - ETPRO TROJAN OwaAuth/Soybalek Backdoor Magic String (INBOUND) 1
(trojan.rules)
  2821621 - ETPRO TROJAN OwaAuth/Soybalek Backdoor Magic String (INBOUND) 2
(trojan.rules)


 [///]     Modified active rules:     [///]

  2006406 - ET TROJAN Proxy.Win32.Agent.mx (2) (trojan.rules)


 [---]         Removed rules:         [---]

  2815029 - ETPRO CURRENT_EVENTS Adobe Shared Document Phishing Landing Nov
19 (current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20160811/f7b2d1ee/attachment.html>


More information about the Emerging-updates mailing list