[Emerging-updates] Daily Ruleset Update Summary 2017/04/04

Travis Green tgreen at emergingthreats.net
Tue Apr 4 19:03:40 EDT 2017


[***]            Summary:            [***]

14 new Open, 56 new Pro (14 + 42). Terror EK, Red Leaves, Felismus, Various
Phishing, Various Android

Thanks: @illegalFawn, @malware_traffic, @malwrhunterteam, Russell Fulton &
NCCGroup

[+++]          Added rules:          [+++]

 Open:

 2024167 - ET CURRENT_EVENTS Successful Mail.ru Phish Apr 04 2017
(current_events.rules)
 2024168 - ET CURRENT_EVENTS Terror EK CVE-2016-0189 Exploit
(current_events.rules)
 2024169 - ET CURRENT_EVENTS Terror EK CVE-2016-0189 Exploit M2
(current_events.rules)
 2024170 - ET CURRENT_EVENTS Terror EK CVE-2015-2419 Exploit
(current_events.rules)
 2024171 - ET MOBILE_MALWARE Android Trojan Pegasus CnC Beacon
(mobile_malware.rules)
 2024172 - ET MOBILE_MALWARE Android Trojan Pegasus CnC Beacon M2
(mobile_malware.rules)
 2024173 - ET TROJAN [NCC Group] Red Leaves magic packet detected (APT10
implant) (trojan.rules)
 2024174 - ET TROJAN [NCC Group] Red Leaves magic packet response detected
(APT10 implant) (trojan.rules)
 2024175 - ET TROJAN Red Leaves HTTP CnC Beacon (APT10 implant)
(trojan.rules)
 2024176 - ET TROJAN Felismus CnC Beacon 1 (trojan.rules)
 2024177 - ET TROJAN Felismus CnC Beacon 2 (trojan.rules)
 2024178 - ET TROJAN MSIL/Matrix Ransomware Sending Encrypted Filelist
(trojan.rules)
 2024179 - ET TROJAN Win32/Neutrino Checkin 6 (trojan.rules)
 2024180 - ET CURRENT_EVENTS Terror EK Payload Download
(current_events.rules)

 Pro:

 2825727 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 9
(mobile_malware.rules)
 2825728 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 10
(mobile_malware.rules)
 2825729 - ETPRO TROJAN W32.Geodo/Emotet Checkin M2 (trojan.rules)
 2825730 - ETPRO CURRENT_EVENTS Successful Paypal (DE) Phish Apr 4 2017
(current_events.rules)
 2825731 - ETPRO CURRENT_EVENTS Successful Mailserve Webmail Phish Apr 04
2017 (current_events.rules)
 2825732 - ETPRO CURRENT_EVENTS Successful EDF (FR) Phish Apr 04 2017
(current_events.rules)
 2825733 - ETPRO CURRENT_EVENTS Successful Santander Phish M1 Apr 04 2017
(current_events.rules)
 2825734 - ETPRO CURRENT_EVENTS Successful Santander Phish M2 Apr 04 2017
(current_events.rules)
 2825735 - ETPRO CURRENT_EVENTS Successful Santander Phish M3 Apr 04 2017
(current_events.rules)
 2825736 - ETPRO CURRENT_EVENTS Successful ICS Phish Apr 04 2017
(current_events.rules)
 2825737 - ETPRO TROJAN DNS Query to Cerber Domain (1jnhdc . top)
(trojan.rules)
 2825738 - ETPRO TROJAN DNS Query to Cerber Domain (1bas8q . top)
(trojan.rules)
 2825739 - ETPRO TROJAN DNS Query to Cerber Domain (1jwuaa . top)
(trojan.rules)
 2825740 - ETPRO TROJAN DNS Query to Cerber Domain (1hpvzl . top)
(trojan.rules)
 2825741 - ETPRO TROJAN DNS Query to Cerber Domain (1a8u1r . top)
(trojan.rules)
 2825742 - ETPRO TROJAN DNS Query to Cerber Domain (1eagrj . top)
(trojan.rules)
 2825743 - ETPRO TROJAN DNS Query to Cerber Domain (14stvt . top)
(trojan.rules)
 2825744 - ETPRO TROJAN DNS Query to Cerber Domain (18f5bw . top)
(trojan.rules)
 2825745 - ETPRO TROJAN DNS Query to Cerber Domain (1fzz7a . top)
(trojan.rules)
 2825746 - ETPRO TROJAN DNS Query to Cerber Domain (1mat7v . top)
(trojan.rules)
 2825747 - ETPRO TROJAN DNS Query to Cerber Domain (1w5iy8 . top)
(trojan.rules)
 2825748 - ETPRO TROJAN DNS Query to Cerber Domain (1acfka . top)
(trojan.rules)
 2825749 - ETPRO TROJAN DNS Query to Sage Domain (y8lkjg5 . net)
(trojan.rules)
 2825750 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 11
(mobile_malware.rules)
 2825751 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 12
(mobile_malware.rules)
 2825752 - ETPRO TROJAN Win32/MoonWind CnC (trojan.rules)
 2825753 - ETPRO TROJAN Win32/Remcos RAT Checkin 5 (trojan.rules)
 2825754 - ETPRO TROJAN Win32/Remcos RAT Checkin 4 (trojan.rules)
 2825755 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 13
(mobile_malware.rules)
 2825756 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 14
(mobile_malware.rules)
 2825757 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 15
(mobile_malware.rules)
 2825758 - ETPRO TROJAN MSIL/Filecoder.FR Ransomware CnC Checkin
(trojan.rules)
 2825759 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 16
(mobile_malware.rules)
 2825760 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 17
(mobile_malware.rules)
 2825761 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 18
(mobile_malware.rules)
 2825762 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 19
(mobile_malware.rules)
 2825763 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 20
(mobile_malware.rules)
 2825764 - ETPRO TROJAN Win32/Neutrino Checkin 5 (trojan.rules)
 2825765 - ETPRO CURRENT_EVENTS Possible Magnitude EK First Stage Landing
Apr 04 2017 (current_events.rules)
 2825766 - ETPRO TROJAN Loki Bot Checkin M2 (trojan.rules)
 2825767 - ETPRO TROJAN Stolich Gen Ransomware CnC Create Key (trojan.rules)
 2825768 - ETPRO TROJAN Stolich Gen Ransomware CnC Save Key (trojan.rules)


[///]     Modified active rules:     [///]

 2820316 - ETPRO TROJAN EDA2 Gen Ransomware CnC Create Key (trojan.rules)


[---]         Disabled rules:        [---]

 2008500 - ET MALWARE Sogou.com Spyware User-Agent (SogouIMEMiniSetup)
(malware.rules)
 2020984 - ET CURRENT_EVENTS Fiesta EK PDF Exploit Apr 23 2015
(current_events.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170404/c4f76876/attachment.html>


More information about the Emerging-updates mailing list