[Emerging-updates] Daily Ruleset Update Summary 2017/12/13

Travis Green tgreen at emergingthreats.net
Wed Dec 13 12:57:39 HST 2017


[***]            Summary:            [***]

2 new Open, 18 new Pro (2 + 16). Bot.Sezin, DarkKomet, Mera Keylogger,
Various Phishing, Various Mobile.

Thanks: Arvind Kumar


[+++]          Added rules:          [+++]

Open:

 2025147 - ET TROJAN Win32/Downloader.Small.BIL CnC Checkin (trojan.rules)
 2025148 - ET TROJAN Win32/Bot.Sezin CnC Checkin (trojan.rules)

Pro:

 2828875 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.a Checkin 2
(mobile_malware.rules)
 2828876 - ETPRO TROJAN Win32/DarkKomet Host Reply 1 (flowbit set)
(trojan.rules)
 2828877 - ETPRO TROJAN Win32/DarkKomet CnC Communicating with Infected
Host (trojan.rules)
 2828878 - ETPRO MOBILE_MALWARE Android/DroidDream.D Checkin 2
(mobile_malware.rules)
 2828879 - ETPRO MOBILE_MALWARE Android/DroidDream.D Checkin 3
(mobile_malware.rules)
 2828880 - ETPRO MOBILE_MALWARE Android/DroidDream.D Checkin 4
(mobile_malware.rules)
 2828881 - ETPRO INFO Suspicious HEAD Request for Terse Filename from Doc
(info.rules)
 2828882 - ETPRO INFO Suspicious GET Request for Terse Filename from Doc
(info.rules)
 2828883 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
255 (mobile_malware.rules)
 2828884 - ETPRO TROJAN Mera Keylogger CnC Heartbeat (trojan.rules)
 2828885 - ETPRO TROJAN Mera Keylogger CnC DATA POST (trojan.rules)
 2828886 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-08 1) (trojan.rules)
 2828887 - ETPRO CURRENT_EVENTS Successful Facebook Account Recovery Phish
2017-12-13 (current_events.rules)
 2828888 - ETPRO CURRENT_EVENTS Successful Chase Phish 2017-12-13
(current_events.rules)
 2828889 - ETPRO CURRENT_EVENTS Successful Generic L33bo Phish - URI
Contents (set) (current_events.rules)
 2828890 - ETPRO TROJAN SmartMiner Reporting Via GoogleAnalytics
(trojan.rules)


[///]     Modified active rules:     [///]

 2828748 - ETPRO TROJAN Win32/DarkKomet Server Reply 1 (flowbit set)
(trojan.rules)
 2828866 - ETPRO CURRENT_EVENTS MalDoc Retrieving Payload 2017-12-12
(current_events.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20171213/4102ef29/attachment.html>


More information about the Emerging-updates mailing list