[Emerging-updates] Daily Ruleset Update Summary 2017/02/02

Francis Trudeau ftrudeau at emergingthreats.net
Thu Feb 2 17:59:24 EST 2017


 [***] Summary: [***]

 12 new Open signatures, 31 new Pro (12 + 19).  VARIOUS PHISHING,
Cerber, GearInformer Keylogger.

 Thanks:  @rmkml and @MalwareKiwi

 [+++]          Added rules:          [+++]

 Open:

  2023819 - ET CURRENT_EVENTS Possible Discover Phishing Domain Feb 02
2017 (current_events.rules)
  2023820 - ET CURRENT_EVENTS Possible Successful Chase Phish Feb 02
2017 (current_events.rules)
  2023821 - ET CURRENT_EVENTS Possible Successful Apple Phishing
Domain Feb 02 2017 (current_events.rules)
  2023822 - ET CURRENT_EVENTS Possible Successful USAA Phishing Domain
Feb 02 2017 (current_events.rules)
  2023823 - ET CURRENT_EVENTS Possible Successful Paypal Phishing
Domain Feb 02 2017 (current_events.rules)
  2023824 - ET CURRENT_EVENTS Possible Successful Bank of America
Phishing Domain Feb 02 2017 (current_events.rules)
  2023825 - ET CURRENT_EVENTS Possible Successful Google Drive
Phishing Domain Feb 02 2017 (current_events.rules)
  2023826 - ET CURRENT_EVENTS Possible Successful Cartasi Phishing
Domain Feb 02 2017 (current_events.rules)
  2023827 - ET CURRENT_EVENTS Possible Successful Linkedin Phishing
Domain Feb 02 2017 (current_events.rules)
  2023828 - ET CURRENT_EVENTS Possible Successful Ebay Phishing Domain
Feb 02 2017 (current_events.rules)
  2023829 - ET CURRENT_EVENTS Possible Successful Discover Phish Feb
02 2017 (current_events.rules)
  2023830 - ET WEB_SPECIFIC_APPS Netgear WNR2000v5 Possible Serial
Number Leak (web_specific_apps.rules)

 Pro:

  2824744 - ETPRO MOBILE_MALWARE Android.Trojan.AndroRAT.G Checkin
(mobile_malware.rules)
  2824745 - ETPRO MOBILE_MALWARE
Trojan-Spy.AndroidOS.SmForw/SlemBunk/SLocker Checkin
(mobile_malware.rules)
  2824746 - ETPRO TROJAN GearInformer Keylogger CnC Checkin (trojan.rules)
  2824747 - ETPRO CURRENT_EVENTS Successful Orange (FR) Phish Feb 02
2017 (current_events.rules)
  2824748 - ETPRO CURRENT_EVENTS Successful Apple iCloud Phish M1 Feb
02 2017 (current_events.rules)
  2824749 - ETPRO CURRENT_EVENTS Successful Apple iCloud Phish M2 Feb
02 2017 (current_events.rules)
  2824750 - ETPRO CURRENT_EVENTS Successful Discover Phish Feb 02 2017
(current_events.rules)
  2824751 - ETPRO TROJAN DNS Query to Cerber Domain (13gmvm . top)
(trojan.rules)
  2824752 - ETPRO TROJAN DNS Query to Cerber Domain (bd7tlu . top)
(trojan.rules)
  2824753 - ETPRO TROJAN DNS Query to Cerber Domain (gcwggs . top)
(trojan.rules)
  2824754 - ETPRO TROJAN DNS Query to Cerber Domain (bxsn3z . top)
(trojan.rules)
  2824755 - ETPRO TROJAN DNS Query to Cerber Domain (h82on2 . top)
(trojan.rules)
  2824756 - ETPRO TROJAN DNS Query to Cerber Domain (kecz2c . top)
(trojan.rules)
  2824757 - ETPRO TROJAN DNS Query to Cerber Domain (zk95b8 . bid)
(trojan.rules)
  2824758 - ETPRO TROJAN DNS Query to Cerber Domain (ibar8s . top)
(trojan.rules)
  2824759 - ETPRO TROJAN DNS Query to Cerber Domain (g0lpn5 . bid)
(trojan.rules)
  2824760 - ETPRO TROJAN DNS Query to Cerber Domain (twyjdx . bid)
(trojan.rules)
  2824761 - ETPRO TROJAN Unknown CoinMiner CnC Activity (trojan.rules)
  2824763 - ETPRO POLICY LabTech Remote Control Session Activity (policy.rules)


 [///]     Modified active rules:     [///]

  2022271 - ET INFO SUSPICIOUS Possible Evil Download wsf Double Ext
No Referer (info.rules)
  2808044 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.ao /
Cardbuyer Checkin 2 (mobile_malware.rules)
  2823334 - ETPRO TROJAN Nanocore Checkin Pattern (set) 1 (trojan.rules)


 [---]  Disabled and modified rules:  [---]

  2802993 - ETPRO WEB_CLIENT Microsoft Excel Excel Improper Record
Parsing Vulnerability Flowbit SET (web_client.rules)
  2815804 - ETPRO CURRENT_EVENTS Possible Nuclear EK Landing URI
Struct Jan 14 M1 (current_events.rules)
  2815805 - ETPRO CURRENT_EVENTS Possible Nuclear EK Landing URI
Struct Jan 14 M2 (current_events.rules)
  2815806 - ETPRO CURRENT_EVENTS Possible Nuclear EK Landing URI
Struct Jan 14 M3 (current_events.rules)
  2816337 - ETPRO CURRENT_EVENTS Angler EK Slight Feb 19 Primer M1
(current_events.rules)


More information about the Emerging-updates mailing list