[Emerging-updates] Daily Ruleset Update Summary 2017/07/19

Travis Green tgreen at emergingthreats.net
Wed Jul 19 17:06:31 EDT 2017


10 new Open, 46 new Pro (10 + 36). CDT Credphish/Netwire, MSIL/XBBX,
Various Phishing, Various Mobile.

Thanks: Erik Clark


[+++]          Added rules:          [+++]

Open:

 2024472 - ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup
(trojan.rules)
 2024473 - ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup
(trojan.rules)
 2024474 - ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup
(trojan.rules)
 2024475 - ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup
(trojan.rules)
 2024476 - ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup
(trojan.rules)
 2024477 - ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup
(trojan.rules)
 2024478 - ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup
(trojan.rules)
 2024479 - ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup
(trojan.rules)
 2024480 - ET CURRENT_EVENTS Tech Support Scam Landing Jul 19 2017
(current_events.rules)
 2024481 - ET TFTP Outbound TFTP Data Transfer With Cisco Config 2
(tftp.rules)

Pro:

 2827212 - ETPRO CURRENT_EVENTS Successful Apple Phish M1 Jul 19 2017
(current_events.rules)
 2827213 - ETPRO CURRENT_EVENTS Successful Apple Phish M2 Jul 19 2017
(current_events.rules)
 2827214 - ETPRO CURRENT_EVENTS Successful Apple Phish M3 Jul 19 2017
(current_events.rules)
 2827215 - ETPRO CURRENT_EVENTS Successful Apple Phish M4 Jul 19 2017
(current_events.rules)
 2827216 - ETPRO CURRENT_EVENTS Successful Apple Phish M5 Jul 19 2017
(current_events.rules)
 2827217 - ETPRO CURRENT_EVENTS Successful Etrade Phish M1 Jul 18 2017
(current_events.rules)
 2827218 - ETPRO CURRENT_EVENTS Successful Etrade Phish M2 Jul 18 2017
(current_events.rules)
 2827219 - ETPRO TROJAN Winnti Related PcClient CnC 1 (trojan.rules)
 2827220 - ETPRO TROJAN MSIL/XBBX CnC Activity (trojan.rules)
 2827221 - ETPRO CURRENT_EVENTS Successful Successful PHOEN!X Apple Phish
Jul 19 2017 (current_events.rules)
 2827222 - ETPRO CURRENT_EVENTS Successful Santander Phish Jul 19 2017
(current_events.rules)
 2827223 - ETPRO CURRENT_EVENTS Successful Docusign Phish Jul 19 2017
(current_events.rules)
 2827224 - ETPRO CURRENT_EVENTS Successful Account Verification Phish Jul
19 2017 (current_events.rules)
 2827225 - ETPRO CURRENT_EVENTS Successful University of Illinois at
Chicago Phish Jul 19 2017 (current_events.rules)
 2827226 - ETPRO TROJAN Win32/Reconyc.iddk CnC DNS Query (trojan.rules)
 2827227 - ETPRO TROJAN Observed Malicious SSL Cert (Upatre Downloader CnC
- maitikio . com) (trojan.rules)
 2827228 - ETPRO TROJAN Observed Malicious SSL Cert (Upatre Downloader CnC
- cry-havok . org) (trojan.rules)
 2827229 - ETPRO TROJAN Win32.Reconyc.iddk Retrieving Payload (trojan.rules)
 2827230 - ETPRO TROJAN Win32.Reconyc.iddk Receiving Payload (trojan.rules)
 2827231 - ETPRO TROJAN ELF.Shellbind.A Backdoor Access (trojan.rules)
 2827232 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-07-19 1) (trojan.rules)
 2827233 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-07-19 2) (trojan.rules)
 2827234 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-07-19 3) (trojan.rules)
 2827235 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-07-19 4) (trojan.rules)
 2827236 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-07-19 5) (trojan.rules)
 2827237 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-07-19 6) (trojan.rules)
 2827238 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(c25penphcmQucW16OjEyMzQ1Ng==) (trojan.rules)
 2827239 - ETPRO TROJAN MSIL/Unk.CoinMiner/PWS CnC Checkin (trojan.rules)
 2827240 - ETPRO TROJAN MSIL/Unk.CoinMiner/PWS Password Exfil (trojan.rules)
 2827241 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Hqwar.jck Contact
Exfil (mobile_malware.rules)
 2827242 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Hqwar.jck CnC
Beacon (mobile_malware.rules)
 2827243 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL)
(current_events.rules)
 2827244 - ETPRO TROJAN Observed Malicious SSL Cert (URLZone CnC)
(trojan.rules)
 2827245 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ic
SMS/Contact Exfil via SMTP 8 (mobile_malware.rules)
 2827246 - ETPRO TROJAN DNS Query matching Cerber Domain Format (.bid TLD)
(trojan.rules)
 2827247 - ETPRO TROJAN Imminent Monitor Style IP Check freegeoip.net
(trojan.rules)


[///]     Modified active rules:     [///]

 2015857 - ET TFTP Outbound TFTP Data Transfer with Cisco config
(tftp.rules)
 2018558 - ET TROJAN Win32/Ramnit Checkin (trojan.rules)
 2020746 - ET TROJAN Win32.Chroject.B Retrieving encoded payload
(trojan.rules)
 2021195 - ET POLICY Possible External IP Lookup whoer.net (policy.rules)
 2023472 - ET POLICY OpenDNS IP Lookup (policy.rules)
 2023553 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.a Checkin
(mobile_malware.rules)
 2024428 - ET TROJAN InstallCore Variant CnC Checkin (trojan.rules)
 2024429 - ET TROJAN Win32/Parite.B Checkin 3 (trojan.rules)
 2807826 - ETPRO TROJAN Win32/Parite.B Checkin 1 (trojan.rules)
 2809951 - ETPRO POLICY Possible External IP Lookup pijoto.net
(policy.rules)
 2812875 - ETPRO POLICY External IP Lookup - iplocation.com (policy.rules)
 2814489 - ETPRO POLICY External IP Lookup - ip.taobao.com (policy.rules)
 2814801 - ETPRO CURRENT_EVENTS Successful Amazon Phish Nov 6
(current_events.rules)
 2815503 - ETPRO CURRENT_EVENTS Successful PHOEN!X Apple Phish M2 Dec 28
2015 (current_events.rules)
 2820451 - ETPRO POLICY External IP Lookup freehostedscripts.net
(policy.rules)
 2820539 - ETPRO POLICY External IP Lookup whereisip.net (policy.rules)
 2821200 - ETPRO POLICY Observed External IP (wtfismyip) Lookup SSL Cert
(Server Hello) (policy.rules)
 2822665 - ETPRO CURRENT_EVENTS Successful Amazon (UK) Phish Oct 17 2016
(current_events.rules)
 2822941 - ETPRO CURRENT_EVENTS Successful Amazon Phish Oct 27 2016
(current_events.rules)
 2824684 - ETPRO POLICY External IP Lookup localize.pdfforge.org
(policy.rules)
 2826518 - ETPRO TROJAN DNS Query matching Cerber Domain Format (.top TLD)
(trojan.rules)
 2826600 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ar SMS Exfil
via SMTP 2 (mobile_malware.rules)
 2826694 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.lg SMS Exfil
via SMTP (mobile_malware.rules)


[---]         Disabled rules:        [---]

 2812795 - ETPRO CURRENT_EVENTS Successful Amazon Phish Aug 28
(current_events.rules)
 2814007 - ETPRO CURRENT_EVENTS Successful Amazon Phish Sept 21 M2
(current_events.rules)
 2814008 - ETPRO CURRENT_EVENTS Successful Amazon Phish Sept 21 M3
(current_events.rules)
 2814010 - ETPRO CURRENT_EVENTS Successful Amazon Phish Sept 21 M5
(current_events.rules)
 2814124 - ETPRO CURRENT_EVENTS Successful Ebay Phish Sept 28
(current_events.rules)
 2820878 - ETPRO CURRENT_EVENTS Successful Amazon.com Phish Jun 27 M2
(current_events.rules)


[---]         Removed rules:         [---]

 2808546 - ETPRO TROJAN ZeroAccess3 Checkin (trojan.rules)
 2821693 - ETPRO TROJAN W32/Ramnit Initial CnC Connection (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170719/ac4d1317/attachment.html>


More information about the Emerging-updates mailing list