[Emerging-updates] Daily Ruleset Update Summary 2017/07/06

Travis Green tgreen at emergingthreats.net
Thu Jul 6 18:41:32 EDT 2017


[***]            Summary:            [***]

2 new Open, 33 new Pro (2 + 31). Dukey PUA, Various Phishing, Various
Mobile.

Thanks: @MalwrHunterTeam

[+++]          Added rules:          [+++]

Open:

 2024297 - ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010 (exploit.rules)
 2024430 - ET EXPLOIT Possible ETERNALBLUE Exploit M3 MS17-010
(exploit.rules)

Pro:

 2827005 - ETPRO TROJAN W32.DriverPack PUP Checkin (trojan.rules)
 2827006 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
169 (mobile_malware.rules)
 2827007 - ETPRO MALWARE Dukey PUA Checkin (malware.rules)
 2827008 - ETPRO TROJAN MSIL/TeleBot.Backdoor Beacon To CnC (trojan.rules)
 2827009 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ey SMS Exfil
via SMTP 3 (mobile_malware.rules)
 2827010 - ETPRO TROJAN Win32/Filecoder.FF Ransomware Domain in SNI
(trojan.rules)
 2827011 - ETPRO TROJAN DNS Query to Cerber Domain (1ewuh5 . top)
(trojan.rules)
 2827012 - ETPRO TROJAN DNS Query to Cerber Domain (1ltyev . top)
(trojan.rules)
 2827013 - ETPRO TROJAN DNS Query to Cerber Domain (18dwag . top)
(trojan.rules)
 2827014 - ETPRO TROJAN DNS Query to Cerber Domain (1jyrty . top)
(trojan.rules)
 2827015 - ETPRO TROJAN DNS Query to Cerber Domain (1t2jhk . top)
(trojan.rules)
 2827016 - ETPRO TROJAN DNS Query to Cerber Domain (18ggbf . top)
(trojan.rules)
 2827017 - ETPRO TROJAN DNS Query to Cerber Domain (16umxg . top)
(trojan.rules)
 2827018 - ETPRO TROJAN DNS Query to Cerber Domain (17ipn9 . top)
(trojan.rules)
 2827019 - ETPRO TROJAN DNS Query to Cerber Domain (1cgbcv . top)
(trojan.rules)
 2827020 - ETPRO TROJAN DNS Query to Cerber Domain (1gyvrz . top)
(trojan.rules)
 2827021 - ETPRO TROJAN DNS Query to Cerber Domain (1e47tj . top)
(trojan.rules)
 2827022 - ETPRO TROJAN DNS Query to Cerber Domain (1e1y8p . top)
(trojan.rules)
 2827023 - ETPRO TROJAN DNS Query to Cerber Domain (1blery . top)
(trojan.rules)
 2827024 - ETPRO TROJAN DNS Query to Cerber Domain (1kjhhf . top)
(trojan.rules)
 2827025 - ETPRO TROJAN DNS Query to Cerber Domain (15ezkm . top)
(trojan.rules)
 2827026 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ey
SMS/Contact Exfil via SMTP (mobile_malware.rules)
 2827027 - ETPRO TROJAN Unknown CnC Beacon (trojan.rules)
 2827028 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic Contact
Exfil via SMTP 5 (mobile_malware.rules)
 2827029 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS Exfil
via SMTP 4 (mobile_malware.rules)
 2827030 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz SMS/Contact
Exfil via SMTP 2 (mobile_malware.rules)
 2827031 - ETPRO CURRENT_EVENTS Successful Chase Phish Jul 06 2017
(current_events.rules)
 2827032 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jul 06 2017
(current_events.rules)
 2827033 - ETPRO CURRENT_EVENTS Successful ING Phish Jul 06 2017
(current_events.rules)
 2827034 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jul
06 2017 (current_events.rules)
 2827035 - ETPRO CURRENT_EVENTS Successful CenturyLink Phish Jul 06 2017
(current_events.rules)


[///]     Modified active rules:     [///]

 2826866 - ETPRO TROJAN W32.Unknown Checkin (trojan.rules)
 2826880 - ETPRO MALWARE Win32/Packed.FlyStudio.AA CnC Beacon
(malware.rules)


[---]         Removed rules:         [---]

 2024297 - ET CURRENT_EVENTS ETERNALBLUE Exploit M2 MS17-010
(current_events.rules)
 2024430 - ET CURRENT_EVENTS Possible ETERNALBLUE Exploit M3 MS17-010
(current_events.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170706/80ac060f/attachment.html>


More information about the Emerging-updates mailing list