[Emerging-updates] Daily Ruleset Update Summary 2017/04/10

Travis Green tgreen at emergingthreats.net
Mon Apr 10 17:33:51 EDT 2017


[***]            Summary:            [***]

5 new Open, 18 new Pro (5 + 13). CVE-2017-3881, RTF 0-day, Various Android

Thanks: MS_ISAC, @rmkml

[+++]          Added rules:          [+++]

 2024192 - ET EXPLOIT Possible RTF 0-day HTA (exploit.rules)
 2024193 - ET EXPLOIT Possible RTF 0-day HTA M2 (exploit.rules)
 2024194 - ET EXPLOIT Cisco Catalyst Remote Code Execution (CVE-2017-3881)
(exploit.rules)
 2024195 - ET WEB_CLIENT HTA File Download Flowbit Set (web_client.rules)
 2024196 - ET WEB_CLIENT HTA File containing Wscript.Shell Call - Potential
Office Exploit Attempt (web_client.rules)
 2825831 - ETPRO CURRENT_EVENTS RIG EK Landing Apr 04 2017
(current_events.rules)
 2825832 - ETPRO MALWARE PUP Adware/Kraddare HTTP Request (malware.rules)
 2825833 - ETPRO TROJAN Possible Win32/PSWTool.WebBrowserPassView.B
Download From Free Hosting Service (trojan.rules)
 2825834 - ETPRO MOBILE_MALWARE Android/SMForw.AC SMS Exfil
(mobile_malware.rules)
 2825835 - ETPRO MOBILE_MALWARE Android/Styricka.A CnC Beacon
(mobile_malware.rules)
 2825836 - ETPRO MOBILE_MALWARE Android/Koler.AS DNS Lookup
(mobile_malware.rules)
 2825837 - ETPRO MOBILE_MALWARE Android/Koler.AS DNS Lookup 2
(mobile_malware.rules)
 2825838 - ETPRO MOBILE_MALWARE Android/Koler.AS DNS Lookup 3
(mobile_malware.rules)
 2825839 - ETPRO MOBILE_MALWARE Android/Koler.AS DNS Lookup 4
(mobile_malware.rules)
 2825840 - ETPRO MOBILE_MALWARE Android/Koler.AS DNS Lookup 5
(mobile_malware.rules)
 2825841 - ETPRO MOBILE_MALWARE Android/Koler.AS DNS Lookup 6
(mobile_malware.rules)
 2825842 - ETPRO MOBILE_MALWARE Android/Koler.AS DNS Lookup 7
(mobile_malware.rules)
 2825843 - ETPRO MOBILE_MALWARE Android/SMForw.RI CnC Beacon
(mobile_malware.rules)


[///]     Modified active rules:     [///]

 2011341 - ET TROJAN Suspicious POST With Reference to WINDOWS Folder
Possible Malware Infection (trojan.rules)
 2017627 - ET TROJAN W32/Kegotip CnC Beacon (trojan.rules)
 2023583 - ET TROJAN Known Malicious Doc Downloading Payload Dec 06 2016
(trojan.rules)
 2825826 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(trojan.rules)


[---]         Disabled rules:        [---]

 2012941 - ET CURRENT_EVENTS Phoenix Exploit Kit Newplayer.pdf
(current_events.rules)
 2024083 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170410/31917ab5/attachment.html>


More information about the Emerging-updates mailing list