[Emerging-updates] Daily Ruleset Update Summary 2017/04/07

Travis Green tgreen at emergingthreats.net
Fri Apr 7 17:05:44 EDT 2017


[***]            Summary:            [***]

9 new Open, 15 new Pro (9 + 6). CrypMIC, Various Phishing


[+++]          Added rules:          [+++]

Open:

 2024183 - ET TROJAN Possible Turla Carbon Paper CnC Beacon (Fake
User-Agent) (trojan.rules)
 2024184 - ET CURRENT_EVENTS Successful HM Revenue & Customs Phish M1 Apr
07 2017 (current_events.rules)
 2024185 - ET CURRENT_EVENTS Successful HM Revenue & Customs Phish M2 Apr
07 2017 (current_events.rules)
 2024186 - ET CURRENT_EVENTS Successful Santander Phish M1 Apr 07 2017
(current_events.rules)
 2024187 - ET CURRENT_EVENTS Successful Santander Phish M2 Apr 07 2017
(current_events.rules)
 2024188 - ET CURRENT_EVENTS Successful Santander Phish M3 Apr 07 2017
(current_events.rules)
 2024189 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion
Domain (trojan.rules)
 2024190 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion
Domain (trojan.rules)
 2024191 - ET EXPLOIT TP-Link Archer C2 and Archer C20i Remote Code
Execution (exploit.rules)

Pro:

 2825825 - ETPRO CURRENT_EVENTS Successful Generic Phish - JS History.Go
Redirect Apr 07 2017 (current_events.rules)
 2825826 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(trojan.rules)
 2825827 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-04-07 1) (trojan.rules)
 2825828 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-04-07 2) (trojan.rules)
 2825829 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-04-07 3) (trojan.rules)
 2825830 - ETPRO TROJAN DNS Query to Cerber Domain (1a7wnt . top)
(trojan.rules)


[///]     Modified active rules:     [///]

 2003492 - ET MALWARE Suspicious Mozilla User-Agent - Likely Fake
(Mozilla/4.0) (malware.rules)
 2825705 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-04-03 1) (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170407/5ffa2811/attachment.html>


More information about the Emerging-updates mailing list