[Emerging-updates] Daily Ruleset Update Summary 2017/12/19

Travis Green tgreen at emergingthreats.net
Tue Dec 19 13:14:31 HST 2017


[***]            Summary:            [***]

1 new Open, 24 new Pro (1 + 23). SmokeLoader encrypted module, Various
Mobile, Various Phishing.

Thanks: @AttackDetection


[+++]          Added rules:          [+++]

Open:

 2025155 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TrickBot CnC) (trojan.rules)

Pro:

 2828972 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-18 1) (trojan.rules)
 2828973 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-18 2) (trojan.rules)
 2828974 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-18 3) (trojan.rules)
 2828975 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-18 4) (trojan.rules)
 2828976 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-18 5) (trojan.rules)
 2828977 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-18 6) (trojan.rules)
 2828978 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-18 7) (trojan.rules)
 2828979 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-18 8) (trojan.rules)
 2828980 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-18 9) (trojan.rules)
 2828981 - ETPRO CURRENT_EVENTS Successful Microsoft Live Account
Verification Phish 2017-12-19 (current_events.rules)
 2828982 - ETPRO CURRENT_EVENTS Successful Santander Phish 2017-12-19 M1
(current_events.rules)
 2828983 - ETPRO CURRENT_EVENTS Successful Santander Phish 2017-12-19 M2
(current_events.rules)
 2828984 - ETPRO CURRENT_EVENTS Successful Microsoft Document Management
System Phish 2017-12-19 M1 (current_events.rules)
 2828985 - ETPRO CURRENT_EVENTS Successful Microsoft Document Management
System Phish 2017-12-19 M2 (current_events.rules)
 2828986 - ETPRO TROJAN SmokeLoader encrypted module (2) (trojan.rules)
 2828987 - ETPRO CURRENT_EVENTS MalDoc Retrieving Payload 2017-12-19
(current_events.rules)
 2828988 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
258 (mobile_malware.rules)
 2828989 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2017-12-19
(current_events.rules)
 2828990 - ETPRO CURRENT_EVENTS Successful Google Mail Account Update Phish
2017-12-19 (current_events.rules)
 2828991 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set)
2017-12-19 (current_events.rules)
 2828992 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz Contact/SMS
Exfil via SMTP 35 (mobile_malware.rules)
 2828993 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz Contact/SMS
Exfil via SMTP 36 (mobile_malware.rules)
 2828994 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2017-12-19
(current_events.rules)


[///]     Modified active rules:     [///]

 2827759 - ETPRO TROJAN Win32/Spy.Qukart Activity (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20171219/307b2c03/attachment.html>


More information about the Emerging-updates mailing list