[Emerging-updates] Daily Ruleset Update Summary 2017/04/13

Travis Green tgreen at emergingthreats.net
Thu Apr 13 17:04:38 EDT 2017


[***]            Summary:            [***]

1 new Open, 35 new Pro (1 + 34). Hidden-Tear Variant Ransomware, Various
Phishing, Various Android


[+++]          Added rules:          [+++]

Open:

 2024204 - ET TROJAN MSIL/Hidden-Tear Variant Ransomware CnC Checkin
(trojan.rules)

Pro:

 2825921 - ETPRO CURRENT_EVENTS Successful Paypal Phish Apr 12 2017
(current_events.rules)
 2825922 - ETPRO CURRENT_EVENTS Successful Santander Phish Apr 12 2017
(current_events.rules)
 2825923 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.FY CnC Beacon
(mobile_malware.rules)
 2825924 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.FY CnC Beacon 2
(mobile_malware.rules)
 2825925 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.FY CnC Beacon 3
(mobile_malware.rules)
 2825926 - ETPRO TROJAN Callisto RCS CnC Beacon 1 (trojan.rules)
 2825927 - ETPRO TROJAN RCS Variant CnC Beacon (trojan.rules)
 2825928 - ETPRO MOBILE_MALWARE PUA Android/SMSreg.UX CnC Beacon
(mobile_malware.rules)
 2825929 - ETPRO TROJAN MSIL/Remcos RAT CnC Checkin (trojan.rules)
 2825930 - ETPRO TROJAN MSIL/Remcos RAT CnC Keep-Alive (Inbound)
(trojan.rules)
 2825931 - ETPRO TROJAN MSIL/Remcos RAT CnC Keep-Alive (Outbound)
(trojan.rules)
 2825932 - ETPRO TROJAN MSIL/Remcos RAT CnC Requesting Init Screenshot
(trojan.rules)
 2825933 - ETPRO TROJAN MSIL/Remcos RAT CnC Sending Init Screenshot
(trojan.rules)
 2825934 - ETPRO TROJAN MSIL/Remcos RAT CnC Requesting Screenshot
(trojan.rules)
 2825935 - ETPRO TROJAN MSIL/Remcos RAT CnC Sending Screenshot
(trojan.rules)
 2825936 - ETPRO TROJAN MSIL/Remcos RAT CnC Requesting Uninstall
(trojan.rules)
 2825937 - ETPRO CURRENT_EVENTS Successful Apple Phish M1 Apr 13 2017
(current_events.rules)
 2825938 - ETPRO CURRENT_EVENTS Successful Apple Phish M2 Apr 13 2017
(current_events.rules)
 2825939 - ETPRO CURRENT_EVENTS Successful Apple Phish M3 Apr 13 2017
(current_events.rules)
 2825940 - ETPRO CURRENT_EVENTS Successful Amazon Phish M1 Apr 13 2017
(current_events.rules)
 2825941 - ETPRO CURRENT_EVENTS Successful Amazon Phish M2 Apr 13 2017
(current_events.rules)
 2825942 - ETPRO CURRENT_EVENTS Successful Fortuneo Banque (FR) Phish Apr
13 2017 (current_events.rules)
 2825943 - ETPRO TROJAN ZLoader Malicious SSL Cert Observed (trojan.rules)
 2825944 - ETPRO TROJAN ZLoader Malicious SSL Cert Observed (trojan.rules)
 2825945 - ETPRO CURRENT_EVENTS Successful Impots.gouv.fr Phish Apr 13 2017
(current_events.rules)
 2825946 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 46
(mobile_malware.rules)
 2825947 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 47
(mobile_malware.rules)
 2825948 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 48
(mobile_malware.rules)
 2825949 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 49
(mobile_malware.rules)
 2825950 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 50
(mobile_malware.rules)
 2825951 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 51
(mobile_malware.rules)
 2825952 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 52
(mobile_malware.rules)
 2825953 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 53
(mobile_malware.rules)
 2825954 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 54
(mobile_malware.rules)


[///]     Modified active rules:     [///]

 2003492 - ET MALWARE Suspicious Mozilla User-Agent - Likely Fake
(Mozilla/4.0) (malware.rules)
 2023335 - ET TROJAN Nuke Ransomware Checkin (trojan.rules)
 2808718 - ETPRO TROJAN Backdoor.Win32/Turla.A Checkin (trojan.rules)
 2824707 - ETPRO TROJAN Possible CobaltStrike CnC Beacon (Fake Safe
Browsing) (trojan.rules)
 2825898 - ETPRO TROJAN Win32.APosT.em DocStealer Retrieving Plugin
(trojan.rules)


[---]         Disabled rules:        [---]

 2820603 - ETPRO EXPLOIT Possible CVE-2016-3218 Executable Inbound
(exploit.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170413/990bd52b/attachment.html>


More information about the Emerging-updates mailing list