[Emerging-updates] [Emerging-Sigs] Daily Ruleset Update Summary 2017/04/12

Jack Mott jmott at emergingthreats.net
Wed Apr 12 19:14:51 EDT 2017


Additional thanks for the contributions of Russell Fulton, Chad Smith,
and Kevin Ross.

Best,

Jack

On Wed, Apr 12, 2017 at 5:06 PM, Travis Green
<tgreen at emergingthreats.net> wrote:
> [***]            Summary:            [***]
>
> 1 new Open, 24 new Pro (1 + 23). Mole Ransomware, Various Phishing, Various
> Android
>
> Thanks: @rmkml
>
> [+++]          Added rules:          [+++]
>
> Open:
>
>   2024203 - ET TROJAN Win32/Mole Ransomware CnC Beacon (trojan.rules)
>
> Pro:
>
>   2825898 - ETPRO TROJAN Win32.APosT.em DocStealer Retrieving Plugin
> (trojan.rules)
>   2825899 - ETPRO TROJAN MSIL/Unk.PWSDL Initial CnC Checkin (trojan.rules)
>   2825900 - ETPRO TROJAN MSIL/Unk.PWSDL Main CnC Checkin (trojan.rules)
>   2825901 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 34
> (mobile_malware.rules)
>   2825902 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 35
> (mobile_malware.rules)
>   2825903 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 36
> (mobile_malware.rules)
>   2825904 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 37
> (mobile_malware.rules)
>   2825905 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 38
> (mobile_malware.rules)
>   2825906 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 40
> (mobile_malware.rules)
>   2825907 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 41
> (mobile_malware.rules)
>   2825908 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 42
> (mobile_malware.rules)
>   2825909 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 43
> (mobile_malware.rules)
>   2825910 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 44
> (mobile_malware.rules)
>   2825911 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 45
> (mobile_malware.rules)
>   2825912 - ETPRO MALWARE Unknown Downloader Retrieving URL List
> (malware.rules)
>   2825913 - ETPRO TROJAN Unknown Downloader Request (trojan.rules)
>   2825914 - ETPRO CURRENT_EVENTS Successful Paypal Phish Apr 12 2017
> (current_events.rules)
>   2825915 - ETPRO CURRENT_EVENTS Successful Facebook Payment Update Phish
> Apr 12 2017 (current_events.rules)
>   2825916 - ETPRO CURRENT_EVENTS Successful Santander Phish Apr 11 2017
> (current_events.rules)
>   2825917 - ETPRO CURRENT_EVENTS Successful Restore Missing Messages Phish
> Apr 12 2017 (current_events.rules)
>   2825918 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Fyec.bps CnC Beacon
> (mobile_malware.rules)
>   2825919 - ETPRO CURRENT_EVENTS Successful Banco Itau (BR) Phish Apr 12
> 2017 (current_events.rules)
>   2825920 - ETPRO CURRENT_EVENTS Successful Administrator Quarterly
> Verification Phish Apr 12 2017 (current_events.rules)
>
>
>  [///]     Modified active rules:     [///]
>
>   2007994 - ET MALWARE Suspicious User-Agent (1 space) (malware.rules)
>   2015946 - ET CURRENT_EVENTS CrimeBoss - Setup (current_events.rules)
>   2024197 - ET CURRENT_EVENTS SUSPICIOUS MSXMLHTTP DL of HTA (Observed in
> RTF 0-day ) (current_events.rules)
>   2814578 - ETPRO DNS SkullSecurity Encrypted Shell Possible Tunnel 2
> (dns.rules)
>   2814905 - ETPRO DNS SkullSecurity Encrypted Shell Possible Tunnel 3
> (dns.rules)
>   2814906 - ETPRO DNS SkullSecurity Encrypted Shell Possible Tunnel 4
> (dns.rules)
>   2815637 - ETPRO TROJAN Win32/Agent.XOA Checkin (APT-C-23) (trojan.rules)
>   2821424 - ETPRO TROJAN Win32/Daserf CnC Beacon 1 (trojan.rules)
>   2825239 - ETPRO TROJAN Lets Encrypt Free SSL Cert Observed in Possible
> Apple Phishing (trojan.rules)
>
>
> --
> PGP: 0xBED7B297
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
>
>


More information about the Emerging-updates mailing list