[Emerging-updates] Daily Ruleset Update Summary 2017/07/17

Travis Green tgreen at emergingthreats.net
Mon Jul 17 18:22:13 EDT 2017


[***]            Summary:            [***]

1 new Open, 37 new Pro (1 + 36). Reyptson|Erebus Ransomware, AlinaPOS,
Various Phishing, Various Mobile.


[+++]          Added rules:          [+++]

Open:

 2024469 - ET TROJAN Observed Malicious DNS Query (Reyptson Ransomware CnC)
(trojan.rules)

Pro:

 2827147 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Jul 17
2017 (current_events.rules)
 2827148 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jul 17 2017
(current_events.rules)
 2827149 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-07-14 2) (trojan.rules)
 2827150 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-07-14 3) (trojan.rules)
 2827151 - ETPRO TROJAN Erebus Ransomware Onion Domain (gbe0 . top)
(trojan.rules)
 2827152 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-07-14 4) (trojan.rules)
 2827153 - ETPRO CURRENT_EVENTS Successful Generic Phish Jul 17 2017
(current_events.rules)
 2827154 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Keitaro TDS
July 16 2017 (current_events.rules)
 2827155 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
177 (mobile_malware.rules)
 2827156 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
178 (mobile_malware.rules)
 2827157 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Keitaro TDS
July 16 2017 2 (current_events.rules)
 2827158 - ETPRO TROJAN Win32/Banload.VXC CnC Activity (trojan.rules)
 2827159 - ETPRO MALWARE Win32/Catalina PUA Downloader Checkin
(malware.rules)
 2827160 - ETPRO MALWARE Win32/Catalina PUA Downloader Retrieving Payload
(Citrio) (malware.rules)
 2827161 - ETPRO TROJAN Win32/FileCoder.Philadelphia DNS Query
(trojan.rules)
 2827162 - ETPRO POLICY DNS Query to .onion proxy Domain (grams . site)
(policy.rules)
 2827163 - ETPRO POLICY DNS Query to .onion proxy Domain (onion . dog)
(policy.rules)
 2827164 - ETPRO TROJAN DNS Query to TorrentLocker Domain (jhfuhkg . pl)
(trojan.rules)
 2827165 - ETPRO TROJAN Erebus Ransomware Onion Domain (trojan.rules)
 2827166 - ETPRO TROJAN Erebus Ransomware Onion Domain (trojan.rules)
 2827167 - ETPRO TROJAN AlinaPOS Checkin 1 (trojan.rules)
 2827168 - ETPRO TROJAN AlinaPOS Checkin 2 (trojan.rules)
 2827169 - ETPRO TROJAN AlinaPOS IP Check (whatismyipaddress .com)
(trojan.rules)
 2827170 - ETPRO CURRENT_EVENTS Erebus Infected Site (current_events.rules)
 2827171 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.BDG Checkin
(mobile_malware.rules)
 2827172 - ETPRO TROJAN Win32.Snojan.bojb Version Check (trojan.rules)
 2827173 - ETPRO TROJAN Zyklon Malicious Domain in SNI Observed
(trojan.rules)
 2827174 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-07-17 1) (trojan.rules)
 2827175 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-07-17 2) (trojan.rules)
 2827176 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-07-17 3) (trojan.rules)
 2827177 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-07-17 4) (trojan.rules)
 2827178 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-07-17 5) (trojan.rules)
 2827179 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-07-17 6) (trojan.rules)
 2827180 - ETPRO CURRENT_EVENTS Successful Tesco Bank Phish (set) Jul 17
2017 (current_events.rules)
 2827181 - ETPRO CURRENT_EVENTS Successful Tesco Bank Phish Jul 17 2017
(current_events.rules)
 2827182 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh CnC Beacon 4
(mobile_malware.rules)


[///]     Modified active rules:     [///]

 2013508 - ET TROJAN Downloader User-Agent HTTPGET (trojan.rules)
 2024392 - ET CURRENT_EVENTS Possible Excel Online Phishing Landing - Title
over non SSL (current_events.rules)
 2024442 - ET TROJAN Tinba Banker CnC Response (trojan.rules)
 2024454 - ET TROJAN CoinMiner Known Malicious Stratum Authline (2017-07-11
1) (trojan.rules)
 2814241 - ETPRO CURRENT_EVENTS Successful Alibaba Credential Phish Oct 5
2015 (current_events.rules)
 2815781 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Jan 14
2016 (current_events.rules)
 2820061 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish May
4 (current_events.rules)
 2822286 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Sept 28 2016
(current_events.rules)
 2822292 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Sept
29 2016 (current_events.rules)
 2822310 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Sept 29 2016
(current_events.rules)
 2822347 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Oct
3 2016 (current_events.rules)
 2822713 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Oct 18 2016
(current_events.rules)
 2822891 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Oct 26 2016
(current_events.rules)
 2822982 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Oct 28 2016
(current_events.rules)
 2823272 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Nov
15 2016 (current_events.rules)
 2823639 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Dec 05 2016
(current_events.rules)
 2823904 - ETPRO CURRENT_EVENTS Successful Amazon (FR) Phish Dec 15 2016
(current_events.rules)
 2823969 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Dec 20 2016
(current_events.rules)
 2825120 - ETPRO POLICY DNS Query to .onion proxy Domain (onion . casa)
(policy.rules)
 2825649 - ETPRO POLICY DNS Query to .onion proxy Domain (onion . fi)
(policy.rules)
 2827010 - ETPRO TROJAN Win32/Vortex Ransomware Domain in SNI (trojan.rules)
 2827139 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-07-14 1)  (trojan.rules)


[---]  Disabled and modified rules:  [---]

 2823482 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Nov 28 2016
(current_events.rules)


[---]         Disabled rules:        [---]

 2023487 - ET CURRENT_EVENTS Successful Tesco Bank Phish M1 Nov 08 2016
(current_events.rules)
 2814663 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Oct
29 (current_events.rules)
 2814899 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Nov
12 (current_events.rules)
 2821631 - ETPRO CURRENT_EVENTS Successful Adobe/Excel Phish Aug 12 2016
(current_events.rules)
 2822661 - ETPRO CURRENT_EVENTS Successful Alibaba Phish M1 Oct 17 2016
(current_events.rules)
 2822667 - ETPRO CURRENT_EVENTS Successful Alibaba Phish M2 Oct 17 2016
(current_events.rules)
 2822811 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Oct 21 2016
(current_events.rules)
 2822843 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Oct 24 2016
(current_events.rules)
 2823434 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Nov 22 2016
(current_events.rules)
 2823909 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Dec 15 2016
(current_events.rules)
 2826462 - ETPRO CURRENT_EVENTS Successful Google Drive Phish May 22 2017
(current_events.rules)


[---]         Removed rules:         [---]


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170717/48211da4/attachment.html>


More information about the Emerging-updates mailing list