[Emerging-updates] Daily Ruleset Update Summary 2016/08/12

Francis Trudeau ftrudeau at emergingthreats.net
Fri Aug 12 18:36:37 EDT 2016


 [***] Summary: [***]

 8 new Open signatures, 24 new Pro (8 + 16).  Bancos, JexBoss, wSecure WP
RCE.

 Thanks:  @sempersecurus

 [+++]          Added rules:          [+++]

  2023051 - ET CURRENT_EVENTS Tech Support Phone Scam Landing Aug 12 M1
(current_events.rules)
  2023052 - ET CURRENT_EVENTS Tech Support Phone Scam Landing Aug 12 M2
(current_events.rules)
  2023053 - ET DOS DNS Amplification Attack Possible Inbound Windows
Non-Recursive Root Hint Reserved Port (dos.rules)
  2023054 - ET DOS DNS Amplification Attack Possible Outbound Windows
Non-Recursive Root Hint Reserved Port (dos.rules)
  2023055 - ET CURRENT_EVENTS Tech Support Phone Scam Landing (err.mp3) Aug
12 2016 (current_events.rules)
  2023056 - ET CURRENT_EVENTS Tech Support Phone Scam Landing (msg.mp3) Aug
12 2016 (current_events.rules)
  2023057 - ET CURRENT_EVENTS Tech Support Phone Scam Landing M1 Aug 12
2016 (current_events.rules)
  2023058 - ET CURRENT_EVENTS Tech Support Phone Scam Landing M2 Aug 12
2016 (current_events.rules)

 Pro:

  2821622 - ETPRO TROJAN Python/SupAgent .onion Proxy Domain (trojan.rules)
  2821623 - ETPRO TROJAN APT.Enfal SSL Cert - Downloaded by Cmstar
(trojan.rules)
  2821624 - ETPRO TROJAN Observed Malicious SSL Cert (Zeus Panda Injects)
(trojan.rules)
  2821625 - ETPRO TROJAN Observed Malicious SSL Cert (Zeus Panda Injects)
(trojan.rules)
  2821626 - ETPRO TROJAN MSIL/Bancos Variant CnC Checkin (trojan.rules)
  2821627 - ETPRO WEB_SPECIFIC_APPS Drupal Module Coder RCE PoC Inbound
(web_specific_apps.rules)
  2821628 - ETPRO WEB_SPECIFIC_APPS wSecure WP Plugin RCE
(web_specific_apps.rules)
  2821629 - ETPRO CURRENT_EVENTS Stripe Phishing Landing Aug 12 2016
(current_events.rules)
  2821630 - ETPRO CURRENT_EVENTS Successful Stripe Phish Aug 12 2016
(current_events.rules)
  2821631 - ETPRO CURRENT_EVENTS Successful Adobe/Excel Phish Aug 12 2016
(current_events.rules)
  2821632 - ETPRO CURRENT_EVENTS Successful Gmail Phish M1 Aug 12 2016
(current_events.rules)
  2821633 - ETPRO CURRENT_EVENTS Successful Gmail Phish M2 (set) Aug 12
2016 (current_events.rules)
  2821634 - ETPRO CURRENT_EVENTS Successful Gmail Phish M2 Aug 12 2016
(current_events.rules)
  2821636 - ETPRO WEB_SERVER JexBoss User-Agent Observed (INBOUND)
(web_server.rules)
  2821637 - ETPRO WEB_SERVER JexBoss Common URI struct Observed (INBOUND)
(web_server.rules)
  2821638 - ETPRO WEB_SERVER JexBoss Common URI struct Observed 2 (INBOUND)
(web_server.rules)


 [///]     Modified active rules:     [///]

  2013352 - ET TROJAN Executable Download Purporting to be JavaScript
likely 2nd stage Infection (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20160812/ddc256f2/attachment.html>


More information about the Emerging-updates mailing list