[Emerging-updates] Daily Ruleset Update Summary 2017/04/14

Travis Green tgreen at emergingthreats.net
Fri Apr 14 16:49:03 EDT 2017


[***]            Summary:            [***]

3 new Open, 38 new Pro (3 + 35). Various Phishing,
Trojan-Banker.AndroidOS.Asacub.a

Thanks: @demonslay335

[+++]          Added rules:          [+++]

Open:

 2012118 - ET INFO http string in hex Possible Obfuscated Exploit Redirect
(info.rules)
 2013436 - ET INFO Redirection to driveby Page Home index.php (info.rules)
 2024205 - ET TROJAN Win32/Cradle Ransomware Onion Domain (trojan.rules)

Pro:

 2825955 - ETPRO TROJAN DNS Query to Cerber Domain (1npg9s . top)
(trojan.rules)
 2825956 - ETPRO TROJAN DNS Query to Cerber Domain (1nhkou . top)
(trojan.rules)
 2825957 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-04-13 1) (trojan.rules)
 2825958 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-04-13 2) (trojan.rules)
 2825959 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-04-13 3) (trojan.rules)
 2825960 - ETPRO CURRENT_EVENTS Successful Blockchain Phish Apr 13 2017
(current_events.rules)
 2825961 - ETPRO TROJAN APT28 XTunnel DNS Lookup (trojan.rules)
 2825962 - ETPRO CURRENT_EVENTS Successful Santander Phish Apr 14 2017
(current_events.rules)
 2825963 - ETPRO CURRENT_EVENTS Successful Caixa Bank (BR) Phish Apr 14
2017 (current_events.rules)
 2825964 - ETPRO CURRENT_EVENTS Successful Fedex Phish Apr 14 2017
(current_events.rules)
 2825965 - ETPRO CURRENT_EVENTS Secure Download Phishing Landing Apr 14
2017 (current_events.rules)
 2825966 - ETPRO CURRENT_EVENTS Successful Apple Phish Apr 14 2017
(current_events.rules)
 2825967 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 55
(mobile_malware.rules)
 2825968 - ETPRO CURRENT_EVENTS Successful Admin Server Portal Phish Apr 14
2017 (current_events.rules)
 2825969 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 56
(mobile_malware.rules)
 2825970 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 57
(mobile_malware.rules)
 2825971 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 58
(mobile_malware.rules)
 2825972 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 59
(mobile_malware.rules)
 2825973 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 60
(mobile_malware.rules)
 2825974 - ETPRO CURRENT_EVENTS Successful Instagram Phish Apr 14 2017
(current_events.rules)
 2825975 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 61
(mobile_malware.rules)
 2825976 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 62
(mobile_malware.rules)
 2825977 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 63
(mobile_malware.rules)
 2825978 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 64
(mobile_malware.rules)
 2825979 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 65
(mobile_malware.rules)
 2825980 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 66
(mobile_malware.rules)
 2825981 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 67
(mobile_malware.rules)
 2825982 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 68
(mobile_malware.rules)
 2825983 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 69
(mobile_malware.rules)
 2825984 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 70
(mobile_malware.rules)
 2825985 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 71
(mobile_malware.rules)
 2825986 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 72
(mobile_malware.rules)
 2825987 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 73
(mobile_malware.rules)
 2825988 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 74
(mobile_malware.rules)
 2825989 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 75
(mobile_malware.rules)


[///]     Modified active rules:     [///]

 2023612 - ET TROJAN Ransomware/Cerber Checkin M3 (1) (trojan.rules)
 2023613 - ET TROJAN Ransomware/Cerber Checkin M3 (2) (trojan.rules)
 2023614 - ET TROJAN Ransomware/Cerber Checkin M3 (3) (trojan.rules)
 2023615 - ET TROJAN Ransomware/Cerber Checkin M3 (4) (trojan.rules)
 2023616 - ET TROJAN Ransomware/Cerber Checkin M3 (5) (trojan.rules)
 2023617 - ET TROJAN Ransomware/Cerber Checkin M3 (6) (trojan.rules)
 2023618 - ET TROJAN Ransomware/Cerber Checkin M3 (7) (trojan.rules)
 2023619 - ET TROJAN Ransomware/Cerber Checkin M3 (8) (trojan.rules)
 2023620 - ET TROJAN Ransomware/Cerber Checkin M3 (9) (trojan.rules)
 2023621 - ET TROJAN Ransomware/Cerber Checkin M3 (10) (trojan.rules)
 2023622 - ET TROJAN Ransomware/Cerber Checkin M3 (11) (trojan.rules)
 2023623 - ET TROJAN Ransomware/Cerber Checkin M3 (12) (trojan.rules)
 2023624 - ET TROJAN Ransomware/Cerber Checkin M3 (13) (trojan.rules)
 2023625 - ET TROJAN Ransomware/Cerber Checkin M3 (14) (trojan.rules)
 2023626 - ET TROJAN Ransomware/Cerber Checkin M3 (15) (trojan.rules)
 2023627 - ET TROJAN Ransomware/Cerber Checkin M3 (16) (trojan.rules)
 2824707 - ETPRO TROJAN Possible CobaltStrike CnC Beacon (Fake Safe
Browsing) (trojan.rules)
 2825619 - ETPRO TROJAN PyCL/Fatboy Python Ransomware CnC Checkin
(trojan.rules)
 2825620 - ETPRO TROJAN PyCL/Fatboy Python Ransomware CnC Activity
(trojan.rules)
 2825625 - ETPRO TROJAN PyCL/Fatboy Python Ransomware CnC Activity M2
(trojan.rules)
 2825929 - ETPRO TROJAN MSIL/Remcos RAT CnC Checkin (trojan.rules)
 2825930 - ETPRO TROJAN MSIL/Remcos RAT CnC Keep-Alive (Inbound)
(trojan.rules)
 2825931 - ETPRO TROJAN MSIL/Remcos RAT CnC Keep-Alive (Outbound)
(trojan.rules)
 2825932 - ETPRO TROJAN MSIL/Remcos RAT CnC Requesting Init Screenshot
(trojan.rules)
 2825933 - ETPRO TROJAN MSIL/Remcos RAT CnC Sending Init Screenshot
(trojan.rules)
 2825934 - ETPRO TROJAN MSIL/Remcos RAT CnC Requesting Screenshot
(trojan.rules)
 2825935 - ETPRO TROJAN MSIL/Remcos RAT CnC Sending Screenshot
(trojan.rules)
 2825936 - ETPRO TROJAN MSIL/Remcos RAT CnC Requesting Uninstall
(trojan.rules)
 2825945 - ETPRO CURRENT_EVENTS Successful Impots. gouv. fr Phish Apr 13
2017 (current_events.rules)


[---]         Removed rules:         [---]

 2012118 - ET CURRENT_EVENTS http string in hex Likely Obfuscated Exploit
Redirect (current_events.rules)
 2013436 - ET CURRENT_EVENTS Redirection to driveby Page Home index.php
(current_events.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170414/99e024a1/attachment.html>


More information about the Emerging-updates mailing list