[Emerging-updates] Daily Ruleset Update Summary 2017/02/01

Francis Trudeau ftrudeau at emergingthreats.net
Wed Feb 1 18:38:46 EST 2017


 [***] Summary: [***]

 1 new Open signature, 19 new Pro (1 + 18).  Unk Keylogger, Satan
Ransomware, Retefe Banker.

 [+++]          Added rules:          [+++]

  2023818 - ET INFO Windows Update/Microsoft FP Flowbit (info.rules)

 Pro:

  2824723 - ETPRO CURRENT_EVENTS Successful Discover Phish M1 Jan 31
2017 (current_events.rules)
  2824724 - ETPRO CURRENT_EVENTS Successful Discover Phish M2 Jan 31
2017 (current_events.rules)
  2824725 - ETPRO CURRENT_EVENTS Successful Discover Phish M3 Jan 31
2017 (current_events.rules)
  2824726 - ETPRO CURRENT_EVENTS Successful Generic Mailbox Update
Phish Jan 31 2017 (current_events.rules)
  2824727 - ETPRO CURRENT_EVENTS Successful Santander Phish M1 Jan 31
2017 (current_events.rules)
  2824728 - ETPRO CURRENT_EVENTS Successful Santander Phish M2 Jan 31
2017 (current_events.rules)
  2824729 - ETPRO TROJAN MSIL/Unk.Keylogger Checkin via SMTP (trojan.rules)
  2824730 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.NE Checkin
(mobile_malware.rules)
  2824731 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.NE DNS Lookup
(mobile_malware.rules)
  2824734 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
  2824735 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
  2824736 - ETPRO TROJAN Retefe Banker .onion Domain (trojan.rules)
  2824737 - ETPRO TROJAN W32.Dorma Variant Downloader Checkin (trojan.rules)
  2824738 - ETPRO TROJAN W32.Dorma Variant Executable Request (trojan.rules)
  2824739 - ETPRO TROJAN W32.Dorma Variant Downloaded (trojan.rules)
  2824740 - ETPRO WEB_SERVER Possible WP REST API Type Juggling Vuln
Exploit Attempt (web_server.rules)
  2824741 - ETPRO MOBILE_MALWARE Android/Locker.Q DNS Lookup
(mobile_malware.rules)
  2824742 - ETPRO MOBILE_MALWARE Android/Locker.Q DNS Lookup
(mobile_malware.rules)


 [///]     Modified active rules:     [///]

  2018959 - ET POLICY PE EXE or DLL Windows file download HTTP (policy.rules)
  2019378 - ET TROJAN Gozi Checkin (trojan.rules)
  2815781 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Jan
14 (current_events.rules)
  2820364 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish May
26 (current_events.rules)
  2820803 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Jun
22 (current_events.rules)
  2821753 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Aug
16 2016 (current_events.rules)
  2822483 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Oct
07 2016 (current_events.rules)
  2823782 - ETPRO CURRENT_EVENTS Successful Chase Phishing Dec 12 2016
(current_events.rules)
  2824722 - ETPRO CURRENT_EVENTS EITest SocEng Successful Inject HTTP
Request Jan 15 2017 M1 (current_events.rules)


 [///]    Modified inactive rules:    [///]

  2001979 - ET POLICY SSH Server Banner Detected on Unusual Port (policy.rules)
  2800694 - ETPRO EXPLOIT Microsoft Excel Embedded Shockwave Flash
Object Code Execution (exploit.rules)


 [---]  Disabled and modified rules:  [---]

  2019343 - ET CURRENT_EVENTS FAKEIE 11.0 Minimal Headers (flowbit
set) (current_events.rules)
  2019344 - ET CURRENT_EVENTS FAKEIE Minimal Headers (flowbit set)
(current_events.rules)
  2023197 - ET USER_AGENTS Microsoft Edge on Windows 10 SET (user_agents.rules)


 [---]         Removed rules:         [---]

  2819896 - ETPRO CURRENT_EVENTS Successful Zoom Phish Apr 21
(current_events.rules)
  2820612 - ETPRO CURRENT_EVENTS Successful Webmail Credential Phish
Jun 14 M1 (current_events.rules)


More information about the Emerging-updates mailing list