[Emerging-updates] Daily Ruleset Update Summary 2017/07/18

Travis Green tgreen at emergingthreats.net
Tue Jul 18 17:16:15 EDT 2017


[***]            Summary:            [***]

2 new Open, 31 new Pro (2 + 29). ClipBanker.BX, TeslaWare Ransomware,
Various Phishing, Various Mobile.

Thanks: @rmkml, @ProtectWise

[+++]          Added rules:          [+++]

Open:

 2024470 - ET INFO HTTP POST to Free Webhost - Possible Successful Phish
(site40 .net) Jul 18 2017 (info.rules)
 2024471 - ET TROJAN CoinMiner Known Malicious Stratum Authline (2017-07-17
7) (trojan.rules)

Pro:

 2827183 - ETPRO CURRENT_EVENTS Successful Tesco Phish (set) M1 Jul 18 2017
(current_events.rules)
 2827184 - ETPRO CURRENT_EVENTS Successful Tesco Phish (set) M2 Jul 18 2017
(current_events.rules)
 2827185 - ETPRO CURRENT_EVENTS Successful Tesco Phish (set) M3 Jul 18 2017
(current_events.rules)
 2827186 - ETPRO CURRENT_EVENTS Successful Tesco Phish (set) M4 Jul 18 2017
(current_events.rules)
 2827187 - ETPRO TROJAN MSIL/ClipBanker.BX CnC Checkin M2 (trojan.rules)
 2827188 - ETPRO POLICY External IP Address Lookup (utrace .de)
(policy.rules)
 2827189 - ETPRO TROJAN MSIL/TeslaWare Ransomware Requesting Image
(trojan.rules)
 2827190 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
 2827191 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
 2827192 - ETPRO MOBILE_MALWARE ANDROIDOS_GHOSTCTRL Activity 1
(mobile_malware.rules)
 2827193 - ETPRO MOBILE_MALWARE ANDROIDOS_GHOSTCTRL Activity 2
(mobile_malware.rules)
 2827194 - ETPRO MOBILE_MALWARE ANDROIDOS_GHOSTCTRL Activity 3
(mobile_malware.rules)
 2827195 - ETPRO MOBILE_MALWARE ANDROIDOS_GHOSTCTRL Activity 4
(mobile_malware.rules)
 2827196 - ETPRO MOBILE_MALWARE ANDROIDOS_GHOSTCTRL Activity 5
(mobile_malware.rules)
 2827197 - ETPRO CURRENT_EVENTS Successful Postepay Phish Jul 18 2017
(current_events.rules)
 2827198 - ETPRO CURRENT_EVENTS Successful Generic Phish - Redirect to
Google Jul 18 2017 (current_events.rules)
 2827199 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
179 (mobile_malware.rules)
 2827200 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M1 Jul 18 2017
(current_events.rules)
 2827201 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M2 Jul 18 2017
(current_events.rules)
 2827202 - ETPRO TROJAN Lets Encrypt Free SSL Cert Observed in Possible
Proofpoint Phishing (trojan.rules)
 2827203 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
180 (mobile_malware.rules)
 2827204 - ETPRO TROJAN Observed DNS Query to Known Win32/Ardamax Keylogger
CnC Domain (trojan.rules)
 2827205 - ETPRO MALWARE AdWare.InstallerWrapper CnC Checkin (malware.rules)
 2827206 - ETPRO TROJAN Win32/Godzilla.Downloader CnC DNS Query (perefacki
. eu) (trojan.rules)
 2827207 - ETPRO TROJAN Win32/Godzilla.Downloader CnC DNS Query (morefitggr
. eu) (trojan.rules)
 2827208 - ETPRO TROJAN Win32/Godzilla.Downloader CnC DNS Query
(salemalertoy . eu) (trojan.rules)
 2827209 - ETPRO TROJAN Win32/Godzilla.Downloader CnC DNS Query (kuseyambar
. eu) (trojan.rules)
 2827210 - ETPRO TROJAN Win32/Godzilla.Downloader CnC DNS Query (bokergrop
. eu) (trojan.rules)
 2827211 - ETPRO TROJAN Win32/Harmony.A Checkin (trojan.rules)


[///]     Modified active rules:     [///]

 2021195 - ET POLICY Possible External IP Lookup whoer.net (policy.rules)
 2023472 - ET POLICY OpenDNS IP Lookup (policy.rules)
 2024429 - ET TROJAN Win32/Parite.B Checkin 3 (trojan.rules)
 2807826 - ETPRO TROJAN Win32/Parite.B Checkin 1 (trojan.rules)
 2809951 - ETPRO POLICY Possible External IP Lookup pijoto.net
(policy.rules)
 2812875 - ETPRO POLICY External IP Lookup - iplocation.com (policy.rules)
 2814489 - ETPRO POLICY External IP Lookup - ip.taobao.com (policy.rules)
 2816531 - ETPRO POLICY External IP Lookup www.trackip.net (policy.rules)
 2816532 - ETPRO POLICY External IP Lookup www.ip-tracker.org (policy.rules)
 2820451 - ETPRO POLICY External IP Lookup freehostedscripts.net
(policy.rules)
 2820539 - ETPRO POLICY External IP Lookup whereisip.net (policy.rules)
 2824684 - ETPRO POLICY External IP Lookup localize.pdfforge.org
(policy.rules)
 2825882 - ETPRO CURRENT_EVENTS Successful Email Shutdown/Verification
Phish Apr 11 2017 (current_events.rules)
 2826669 - ETPRO CURRENT_EVENTS Successful Netlix Phish Jun 08 2017
(current_events.rules)


[---]         Removed rules:         [---]

 2024466 - ET TROJAN Win32/Striked Ransomware CnC Checkin (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170718/bebf26bb/attachment.html>


More information about the Emerging-updates mailing list