[Emerging-updates] Daily Ruleset Update Summary 2017/12/05

Travis Green tgreen at emergingthreats.net
Tue Dec 5 12:37:57 HST 2017


[***]            Summary:            [***]

4 new Open, 18 new Pro (4 + 14). SluttyPutty UA, Smoke Loader Update,
Reaver C2, Various Phishing, Various Mobile.

Thanks: @AttackDetection

[+++]          Added rules:          [+++]

Open:

 2025118 - ET TROJAN Observed SluttyPutty Maldoc User-Agent (trojan.rules)
 2025119 - ET TROJAN Sharik/Smoke CnC Beacon 7 (trojan.rules)
 2025120 - ET TROJAN Possible Sharik/Smoke Loader Microsoft Connectivity
check (trojan.rules)
 2025121 - ET TROJAN MewsSpy.AE Onion Domain (cxkefbwo7qcmlelb in DNS
Lookup) (trojan.rules)

Pro:

 2828789 - ETPRO TROJAN Reaver C2 Checkin Command (trojan.rules)
 2828790 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.gen CnC
Beacon (mobile_malware.rules)
 2828791 - ETPRO MOBILE_MALWARE Android/Guerrilla.AM Checkin
(mobile_malware.rules)
 2828792 - ETPRO MOBILE_MALWARE Android/SMForw.RA SMS Exfil via SMTP
(mobile_malware.rules)
 2828793 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ff Reporting
Infection via SMTP (mobile_malware.rules)
 2828794 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.kj Contact
Exfil via SMTP (mobile_malware.rules)
 2828795 - ETPRO TROJAN Observed Malicious SSL Cert (Likely Pentester CnC)
(trojan.rules)
 2828796 - ETPRO TROJAN Molerats/GazaHacker Checkin M2 (trojan.rules)
 2828797 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-05 1) (trojan.rules)
 2828798 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-05 2) (trojan.rules)
 2828799 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-05 3) (trojan.rules)
 2828800 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-05 4) (trojan.rules)
 2828801 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-05 5) (trojan.rules)
 2828802 - ETPRO CURRENT_EVENTS Successful Chase Phish 2017-12-05
(current_events.rules)


[///]     Modified active rules:     [///]

 2017060 - ET EXPLOIT SolusVM 1.13.03 SQL injection (exploit.rules)


[---]         Removed rules:         [---]

 2814971 - ETPRO TROJAN Liudoor Handshake Init (trojan.rules)
 2814972 - ETPRO TROJAN Liudoor Handshake Successful (trojan.rules)
 2814973 - ETPRO TROJAN Liudoor Sending Shell (trojan.rules)
 2814974 - ETPRO TROJAN Liudoor Handshake Failed (trojan.rules)
 2821585 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Congur.al Checkin
(mobile_malware.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20171205/ef9a3bda/attachment.html>


More information about the Emerging-updates mailing list