[Emerging-updates] Daily Ruleset Update Summary 2017/12/26

Travis Green tgreen at emergingthreats.net
Tue Dec 26 13:56:55 HST 2017


[***]            Summary:            [***]

1 new Open, 15 new Pro (1 + 14). MSIL/MinerLoader, Win32/Genasep.A,
MSIL/Elm0d RAT, Various Phishing.


[+++]          Added rules:          [+++]

Open:

 2025173 - ET CURRENT_EVENTS Paypal Phishing Landing 2017-12-26
(current_events.rules)

Pro:

 2829060 - ETPRO TROJAN Win32/Genasep.A CnC Activity (trojan.rules)
 2829061 - ETPRO CURRENT_EVENTS Successful Apple Phish 2017-12-22
(current_events.rules)
 2829062 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
 2829063 - ETPRO TROJAN MSIL/MinerLoader CnC Checkin (trojan.rules)
 2829064 - ETPRO TROJAN MSIL/MinerLoader CnC Keep-Alive (trojan.rules)
 2829065 - ETPRO TROJAN XtremeRAT Checkin (trojan.rules)
 2829066 - ETPRO TROJAN Observed Request for xmr.exe in - Coinminer
Download (trojan.rules)
 2829067 - ETPRO TROJAN XtremeRAT/Xtrat/Xrat CnC M1 (trojan.rules)
 2829068 - ETPRO TROJAN MSIL/Elm0d RAT CnC Activity (trojan.rules)
 2829069 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2017-12-26
(current_events.rules)
 2829070 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2017-12-26
(current_events.rules)
 2829071 - ETPRO CURRENT_EVENTS Apple Phishing Landing (Captcha Check)
2017-12-26 (current_events.rules)
 2829072 - ETPRO CURRENT_EVENTS Successful Apple Phish 2017-12-26
(current_events.rules)
 2829073 - ETPRO POLICY External IP Lookup Domain (iplogger .ru in DNS
lookup) (policy.rules)


[///]     Modified active rules:     [///]

 2809038 - ETPRO MALWARE PUP Win32/SpeedingUpMyPC Checkin (malware.rules)
 2829038 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(NDF5eWJUWEZnYk...) (trojan.rules)
Daily Ruleset Update Summary 2017/12/26

[***]            Summary:            [***]

1 new Open, 15 new Pro (1 + 14). MSIL/MinerLoader, Win32/Genasep.A,
MSIL/Elm0d RAT, Various Phishing.


[+++]          Added rules:          [+++]

Open:

 2025173 - ET CURRENT_EVENTS Paypal Phishing Landing 2017-12-26
(current_events.rules)

Pro:

 2829060 - ETPRO TROJAN Win32/Genasep.A CnC Activity (trojan.rules)
 2829061 - ETPRO CURRENT_EVENTS Successful Apple Phish 2017-12-22
(current_events.rules)
 2829062 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
 2829063 - ETPRO TROJAN MSIL/MinerLoader CnC Checkin (trojan.rules)
 2829064 - ETPRO TROJAN MSIL/MinerLoader CnC Keep-Alive (trojan.rules)
 2829065 - ETPRO TROJAN XtremeRAT Checkin (trojan.rules)
 2829066 - ETPRO TROJAN Observed Request for xmr.exe in - Coinminer
Download (trojan.rules)
 2829067 - ETPRO TROJAN XtremeRAT/Xtrat/Xrat CnC M1 (trojan.rules)
 2829068 - ETPRO TROJAN MSIL/Elm0d RAT CnC Activity (trojan.rules)
 2829069 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2017-12-26
(current_events.rules)
 2829070 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2017-12-26
(current_events.rules)
 2829071 - ETPRO CURRENT_EVENTS Apple Phishing Landing (Captcha Check)
2017-12-26 (current_events.rules)
 2829072 - ETPRO CURRENT_EVENTS Successful Apple Phish 2017-12-26
(current_events.rules)
 2829073 - ETPRO POLICY External IP Lookup Domain (iplogger .ru in DNS
lookup) (policy.rules)


[///]     Modified active rules:     [///]

 2809038 - ETPRO MALWARE PUP Win32/SpeedingUpMyPC Checkin (malware.rules)
 2829038 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(NDF5eWJUWEZnYk...) (trojan.rules)
Daily Ruleset Update Summary 2017/12/26

[***]            Summary:            [***]

1 new Open, 15 new Pro (1 + 14). MSIL/MinerLoader, Win32/Genasep.A,
MSIL/Elm0d RAT, Various Phishing.


[+++]          Added rules:          [+++]

Open:

 2025173 - ET CURRENT_EVENTS Paypal Phishing Landing 2017-12-26
(current_events.rules)

Pro:

 2829060 - ETPRO TROJAN Win32/Genasep.A CnC Activity (trojan.rules)
 2829061 - ETPRO CURRENT_EVENTS Successful Apple Phish 2017-12-22
(current_events.rules)
 2829062 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
 2829063 - ETPRO TROJAN MSIL/MinerLoader CnC Checkin (trojan.rules)
 2829064 - ETPRO TROJAN MSIL/MinerLoader CnC Keep-Alive (trojan.rules)
 2829065 - ETPRO TROJAN XtremeRAT Checkin (trojan.rules)
 2829066 - ETPRO TROJAN Observed Request for xmr.exe in - Coinminer
Download (trojan.rules)
 2829067 - ETPRO TROJAN XtremeRAT/Xtrat/Xrat CnC M1 (trojan.rules)
 2829068 - ETPRO TROJAN MSIL/Elm0d RAT CnC Activity (trojan.rules)
 2829069 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2017-12-26
(current_events.rules)
 2829070 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2017-12-26
(current_events.rules)
 2829071 - ETPRO CURRENT_EVENTS Apple Phishing Landing (Captcha Check)
2017-12-26 (current_events.rules)
 2829072 - ETPRO CURRENT_EVENTS Successful Apple Phish 2017-12-26
(current_events.rules)
 2829073 - ETPRO POLICY External IP Lookup Domain (iplogger .ru in DNS
lookup) (policy.rules)


[///]     Modified active rules:     [///]

 2809038 - ETPRO MALWARE PUP Win32/SpeedingUpMyPC Checkin (malware.rules)
 2829038 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(NDF5eWJUWEZnYk...) (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20171226/b8439f92/attachment.html>


More information about the Emerging-updates mailing list