[Emerging-updates] Daily Ruleset Update Summary 2017/02/21

Francis Trudeau ftrudeau at emergingthreats.net
Tue Feb 21 19:46:47 EST 2017


 [***] Summary: [***]

 1 new Open signature, 31 new Pro (1 + 30).  Gootkit, Magnitude EK,
JobCrypter, VARIOUS PHISHING.

 [+++]          Added rules:          [+++]

 Open:

  2024005 - ET TROJAN FakeM SSL DNS Lookup (islamhood .net) (trojan.rules)

 Pro:

  2825033 - ETPRO TROJAN Contopee-related CnC Beacon M1 (trojan.rules)
  2825034 - ETPRO TROJAN Contopee-related CnC Beacon M2 (trojan.rules)
  2825035 - ETPRO TROJAN Contopee-related CnC Beacon M3 (trojan.rules)
  2825036 - ETPRO CURRENT_EVENTS Successful Apple Phish Feb 17 2017
(current_events.rules)
  2825037 - ETPRO CURRENT_EVENTS Successful BNP Paribas (FR) Phish Feb
17 2017 (current_events.rules)
  2825038 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Mobile
Phish Feb 17 2017 (current_events.rules)
  2825039 - ETPRO CURRENT_EVENTS Successful Credential Phish JS RePOST
Feb 17 2017 (current_events.rules)
  2825040 - ETPRO TROJAN Malicious SSL Certificate Detected (Gootkit
C2) (trojan.rules)
  2825041 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate
Detected (trojan.rules)
  2825042 - ETPRO TROJAN Malicious JScript SSL Certificate Detected
(trojan.rules)
  2825043 - ETPRO CURRENT_EVENTS Magnitude EK Landing Feb 21 2017 M1
(current_events.rules)
  2825044 - ETPRO CURRENT_EVENTS Magnitude EK Landing Feb 21 2017 M2
(current_events.rules)
  2825045 - ETPRO MOBILE_MALWARE Android/SmsSpy.AS CnC Beacon 2
(mobile_malware.rules)
  2825046 - ETPRO MOBILE_MALWARE Android.Trojan.Iop.F Checkin
(mobile_malware.rules)
  2825047 - ETPRO MOBILE_MALWARE Android.Trojan.HiddenAds.BK Checkin
(mobile_malware.rules)
  2825048 - ETPRO TROJAN FakeM Variant CnC Beacon (trojan.rules)
  2825049 - ETPRO CURRENT_EVENTS Successful Commerzbank (DE) Phish Feb
21 2017 (current_events.rules)
  2825050 - ETPRO CURRENT_EVENTS Successful Suncorp Bank Phish Feb 21
2017 (current_events.rules)
  2825051 - ETPRO CURRENT_EVENTS Successful Diamond Online Bank Phish
Feb 21 2017 (current_events.rules)
  2825052 - ETPRO CURRENT_EVENTS Successful GMX (DE) Phish Feb 21 2017
(current_events.rules)
  2825053 - ETPRO CURRENT_EVENTS Successful Gmail Account Upgrade
Phish Feb 21 2017 (current_events.rules)
  2825054 - ETPRO CURRENT_EVENTS Dropbox Shared Document Phishing
Landing Feb 21 2017 (current_events.rules)
  2825055 - ETPRO CURRENT_EVENTS Successful Ebay Phish Feb 21 2017
(current_events.rules)
  2825056 - ETPRO CURRENT_EVENTS Successful Netflix (BR) Phish Feb 21
2017 (current_events.rules)
  2825057 - ETPRO CURRENT_EVENTS Successful Capital One Phish Feb 21
2017 (current_events.rules)
  2825058 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Feb
21 2017 (current_events.rules)
  2825059 - ETPRO CURRENT_EVENTS Successful US Bank Phish Feb 21 2017
(current_events.rules)
  2825060 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.san SMS
Exfil via SMTP 2 (mobile_malware.rules)
  2825061 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.san SMS
Exfil via SMTP 3 (mobile_malware.rules)
  2825062 - ETPRO TROJAN W32/JobCrypter V3.x Reporting Infection via
SMTP (trojan.rules)


 [///]     Modified active rules:     [///]

  2007994 - ET MALWARE Suspicious User-Agent (1 space) (malware.rules)
  2815142 - ETPRO TROJAN Bergard Checkin 1 (trojan.rules)
  2816221 - ETPRO TROJAN W32/JobCrypter v1.x Reporting Infection via
SMTP (trojan.rules)
  2823788 - ETPRO TROJAN DNSChanger Rogue DNS Server (A Lookup) (trojan.rules)


 [---]  Disabled and modified rules:  [---]

  2023997 - ET INFO Potentially unsafe SMBv1 protocol in use (info.rules)


More information about the Emerging-updates mailing list