[Emerging-updates] Daily Ruleset Update Summary 2017/07/13

Travis Green tgreen at emergingthreats.net
Thu Jul 13 17:35:43 EDT 2017


[***]            Summary:            [***]

5 new Open, 21 new Pro (5 + 16). Striked Ransomware, LockPOS SSL, APT28
Uploader DNS, Various Phishing, Various Mobile.


[+++]          Added rules:          [+++]

Open:

 2024462 - ET CURRENT_EVENTS Successful Netflix Payment Phish M1 Jan 04
2017 (current_events.rules)
 2024463 - ET CURRENT_EVENTS Successful Generic 107 Phish Jul 13 2017
(current_events.rules)
 2024464 - ET CURRENT_EVENTS DNS Query to Generic 107 Phishing Domain
(current_events.rules)
 2024465 - ET TROJAN Win32/Striked Ransomware CnC Checkin (trojan.rules)
 2024466 - ET TROJAN Win32/Striked Ransomware CnC Checkin (trojan.rules)

Pro:

 2827122 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
176 (mobile_malware.rules)
 2827123 - ETPRO TROJAN TrumpIsDaddy CN Stresser C2 M1 (trojan.rules)
 2827124 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
 2827125 - ETPRO TROJAN LockPOS SSL Cert Jul 13 2017 (trojan.rules)
 2827126 - ETPRO TROJAN LockPOS SSL Cert Jul 13 2017 (trojan.rules)
 2827127 - ETPRO TROJAN vjw0rm Exfiltration via User-Agent Header
(trojan.rules)
 2827128 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz SMS/Contact
Exfil via SMTP 5 (mobile_malware.rules)
 2827129 - ETPRO TROJAN Unknown CnC Beacon (trojan.rules)
 2827130 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact
Exfil via SMTP 7 (mobile_malware.rules)
 2827131 - ETPRO TROJAN AgentTesla Downloader Malicious Domain in SNI
Observed (trojan.rules)
 2827132 - ETPRO TROJAN MSIL/SkyNet CnC Activity (trojan.rules)
 2827133 - ETPRO POLICY Observed DNS Request to iplogger.com for External
IP Address Lookup (policy.rules)
 2827134 - ETPRO CURRENT_EVENTS SunDown-P EK Secondary Landing M1
(current_events.rules)
 2827135 - ETPRO CURRENT_EVENTS SunDown-P EK Exploit CVE-2016-1899
(current_events.rules)
 2827136 - ETPRO CURRENT_EVENTS SunDown-P EK Exploit CVE-2014-6332
(current_events.rules)
 2827137 - ETPRO CURRENT_EVENTS SunDown-P Exploit CVE-2015-0016
(current_events.rules)


[///]     Modified active rules:     [///]

 2017753 - ET CURRENT_EVENTS Possible Successful Remax Phish - Hotmail
Creds (current_events.rules)
 2021322 - ET CURRENT_EVENTS Possible Successful Remax Phish - AOL Creds
(current_events.rules)
 2021324 - ET CURRENT_EVENTS Possible Successful Remax Phish - Other Creds
(current_events.rules)
 2021890 - ET CURRENT_EVENTS Successful Phish Outlook Credentials Oct 1
(current_events.rules)
 2022967 - ET CURRENT_EVENTS Successful Google Drive/Dropbox Phish Nov 20
(current_events.rules)
 2022978 - ET CURRENT_EVENTS Successful Bank of Oklahoma Phish Jul 21 M1
(current_events.rules)
 2022979 - ET CURRENT_EVENTS Successful Bank of Oklahoma Phish Jul 21 M2
(current_events.rules)
 2023042 - ET CURRENT_EVENTS Successful Apple Suspended Account Phish Aug 9
M1 (current_events.rules)
 2023043 - ET CURRENT_EVENTS Successful Apple Suspended Account Phish Aug 9
M2 (current_events.rules)
 2023061 - ET CURRENT_EVENTS Successful Excel Phish Aug 15 2016
(current_events.rules)
 2023063 - ET CURRENT_EVENTS Successful Credit Agricole Phish Aug 15 2016
M1 (current_events.rules)
 2023064 - ET CURRENT_EVENTS Successful Credit Agricole Phish Aug 15 2016
M2 (current_events.rules)
 2023488 - ET CURRENT_EVENTS Successful Tesco Bank Phish M2 Nov 08 2016
(current_events.rules)
 2023698 - ET CURRENT_EVENTS Successful National Bank Phish Jan 05 2017
(current_events.rules)
 2023758 - ET CURRENT_EVENTS Successful Apple iCloud Phish Jan 23 2017
(current_events.rules)
 2023770 - ET CURRENT_EVENTS Successful RBC Royal Bank Phish Jan 30 2017
(current_events.rules)
 2023771 - ET CURRENT_EVENTS Successful Wells Fargo Phish Jan 30 2017
(current_events.rules)
 2023888 - ET CURRENT_EVENTS Successful Apple Phish Feb 09 2017
(current_events.rules)
 2024456 - ET TROJAN Possible Winnti-related DNS Lookup (vps2java
.securitytactics .com) (trojan.rules)
 2024457 - ET TROJAN Possible Winnti-related DNS Lookup (job .yoyakuweb
.technology) (trojan.rules)
 2024459 - ET TROJAN Possible Winnti-related DNS Lookup (macos .exoticlol
.com) (trojan.rules)
 2024461 - ET TROJAN LockPOS CnC (trojan.rules)
 2815162 - ETPRO CURRENT_EVENTS Comerica Bank Phishing Posting Creds 2 Dec
01 (current_events.rules)
 2815310 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Dec 10 M1
(current_events.rules)
 2823240 - ETPRO TROJAN EDA2 Ransomware Variants/Magic CnC Checkin
(trojan.rules)
 2827113 - ETPRO TROJAN Observed DNS Query to Ovidiy Stealer CnC Domain
(trojan.rules)


[---]         Disabled rules:        [---]

 2023072 - ET CURRENT_EVENTS Successful Netflix Phish Aug 17 2016
(current_events.rules)
 2023180 - ET CURRENT_EVENTS DNS Query to Ebay Phishing Domain
(current_events.rules)
 2023181 - ET CURRENT_EVENTS Successful Ebay Phish Sept 8 2016
(current_events.rules)
 2819660 - ETPRO CURRENT_EVENTS Successful Paypal Phish Apr 11 M1
(current_events.rules)
 2819661 - ETPRO CURRENT_EVENTS Successful Paypal Phish Apr 11 M2
(current_events.rules)
 2819704 - ETPRO CURRENT_EVENTS Successful American Express Phish Apr 13
(current_events.rules)


[---]         Removed rules:         [---]

 2824213 - ETPRO CURRENT_EVENTS Successful Netflix Payment Phish M1 Jan 04
2017 (current_events.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170713/2ba88421/attachment.html>


More information about the Emerging-updates mailing list