[Emerging-updates] Daily Ruleset Update Summary 2017/04/12

Travis Green tgreen at emergingthreats.net
Wed Apr 12 19:06:34 EDT 2017


[***]            Summary:            [***]

1 new Open, 24 new Pro (1 + 23). Mole Ransomware, Various Phishing, Various
Android

Thanks: @rmkml

[+++]          Added rules:          [+++]

Open:

  2024203 - ET TROJAN Win32/Mole Ransomware CnC Beacon (trojan.rules)

Pro:

  2825898 - ETPRO TROJAN Win32.APosT.em DocStealer Retrieving Plugin
(trojan.rules)
  2825899 - ETPRO TROJAN MSIL/Unk.PWSDL Initial CnC Checkin (trojan.rules)
  2825900 - ETPRO TROJAN MSIL/Unk.PWSDL Main CnC Checkin (trojan.rules)
  2825901 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
34 (mobile_malware.rules)
  2825902 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
35 (mobile_malware.rules)
  2825903 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
36 (mobile_malware.rules)
  2825904 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
37 (mobile_malware.rules)
  2825905 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
38 (mobile_malware.rules)
  2825906 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
40 (mobile_malware.rules)
  2825907 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
41 (mobile_malware.rules)
  2825908 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
42 (mobile_malware.rules)
  2825909 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
43 (mobile_malware.rules)
  2825910 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
44 (mobile_malware.rules)
  2825911 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
45 (mobile_malware.rules)
  2825912 - ETPRO MALWARE Unknown Downloader Retrieving URL List
(malware.rules)
  2825913 - ETPRO TROJAN Unknown Downloader Request (trojan.rules)
  2825914 - ETPRO CURRENT_EVENTS Successful Paypal Phish Apr 12 2017
(current_events.rules)
  2825915 - ETPRO CURRENT_EVENTS Successful Facebook Payment Update Phish
Apr 12 2017 (current_events.rules)
  2825916 - ETPRO CURRENT_EVENTS Successful Santander Phish Apr 11 2017
(current_events.rules)
  2825917 - ETPRO CURRENT_EVENTS Successful Restore Missing Messages Phish
Apr 12 2017 (current_events.rules)
  2825918 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Fyec.bps CnC Beacon
(mobile_malware.rules)
  2825919 - ETPRO CURRENT_EVENTS Successful Banco Itau (BR) Phish Apr 12
2017 (current_events.rules)
  2825920 - ETPRO CURRENT_EVENTS Successful Administrator Quarterly
Verification Phish Apr 12 2017 (current_events.rules)


 [///]     Modified active rules:     [///]

  2007994 - ET MALWARE Suspicious User-Agent (1 space) (malware.rules)
  2015946 - ET CURRENT_EVENTS CrimeBoss - Setup (current_events.rules)
  2024197 - ET CURRENT_EVENTS SUSPICIOUS MSXMLHTTP DL of HTA (Observed in
RTF 0-day ) (current_events.rules)
  2814578 - ETPRO DNS SkullSecurity Encrypted Shell Possible Tunnel 2
(dns.rules)
  2814905 - ETPRO DNS SkullSecurity Encrypted Shell Possible Tunnel 3
(dns.rules)
  2814906 - ETPRO DNS SkullSecurity Encrypted Shell Possible Tunnel 4
(dns.rules)
  2815637 - ETPRO TROJAN Win32/Agent.XOA Checkin (APT-C-23) (trojan.rules)
  2821424 - ETPRO TROJAN Win32/Daserf CnC Beacon 1 (trojan.rules)
  2825239 - ETPRO TROJAN Lets Encrypt Free SSL Cert Observed in Possible
Apple Phishing (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170412/b8c56162/attachment.html>


More information about the Emerging-updates mailing list