[Emerging-updates] Daily Ruleset Update Summary 2017/07/20

Travis Green tgreen at emergingthreats.net
Thu Jul 20 17:39:00 EDT 2017


[***]            Summary:            [***]

4 new Open, 18 new Pro (4 + 14). DarkHotel Downloader, Shifr Ransomware,
Various Phishing, Various Mobile.

Thanks: @MalwrHunterTeam


[+++]          Added rules:          [+++]

Open:

 2024482 - ET TROJAN DarkHotel Downloader CnC Beacon 1 (trojan.rules)
 2024483 - ET TROJAN DarkHotel Downloader CnC Beacon 2 (trojan.rules)
 2024484 - ET MALWARE ProxyGearPro Proxy Tool PUA (malware.rules)
 2024485 - ET TROJAN Observed Malicious Domain SSL Cert in SNI (Unknown
Stealer CnC) (trojan.rules)

Pro:

 2827248 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Jul 20 2017
(current_events.rules)
 2827249 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Jul 20 2017
(current_events.rules)
 2827250 - ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Jul 20 2017
(current_events.rules)
 2827251 - ETPRO CURRENT_EVENTS Successful Paypal Phish M4 Jul 20 2017
(current_events.rules)
 2827252 - ETPRO TROJAN Shifr Ransomware Malicious Domain in SNI Observed
(trojan.rules)
 2827253 - ETPRO TROJAN Shifr Ransomware Payment Domain Observed in SNI
(trojan.rules)
 2827254 - ETPRO MOBILE_MALWARE Android Unknown Trojan CnC Beacon
(mobile_malware.rules)
 2827255 - ETPRO TROJAN W32/DarkVNC Checkin (trojan.rules)
 2827256 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
181 (mobile_malware.rules)
 2827257 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
182 (mobile_malware.rules)
 2827258 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
183 (mobile_malware.rules)
 2827259 - ETPRO CURRENT_EVENTS MalDoc Retrieving Payload July 20 2017 M1
(current_events.rules)
 2827260 - ETPRO CURRENT_EVENTS MalDoc Retrieving Payload July 20 2017 M2
(current_events.rules)
 2827261 - ETPRO TROJAN Win32/Unknown.PowerShell SSL Cert Observed
(trojan.rules)


[///]     Modified active rules:     [///]

 2812546 - ETPRO CURRENT_EVENTS Successful Amazon Account Phish M1 Aug 20
2015 (current_events.rules)
 2812547 - ETPRO CURRENT_EVENTS Successful Amazon Account Phish M2 Aug 20
2015 (current_events.rules)
 2814801 - ETPRO CURRENT_EVENTS Successful Amazon Phish Nov 6 2015
(current_events.rules)
 2822419 - ETPRO CURRENT_EVENTS Successful Amazon Phish M2 Oct 05 2016
(current_events.rules)


[---]  Disabled and modified rules:  [---]

 2815240 - ETPRO CURRENT_EVENTS Successful Amazon Phish M1 Dec 8 2015
(current_events.rules)


[---]         Disabled rules:        [---]

 2812763 - ETPRO CURRENT_EVENTS Successful Amazon Phish Aug 27 2
(current_events.rules)
 2812764 - ETPRO CURRENT_EVENTS Successful Amazon Phish Aug 27 3
(current_events.rules)
 2814891 - ETPRO CURRENT_EVENTS Successful Amazon Phish Nov 11 M1
(current_events.rules)
 2814892 - ETPRO CURRENT_EVENTS Successful Amazon Phish Nov 11 M2
(current_events.rules)
 2814893 - ETPRO CURRENT_EVENTS Successful Amazon Phish Nov 11 M3
(current_events.rules)
 2815241 - ETPRO CURRENT_EVENTS Successful Amazon Phish Dec 8 M2
(current_events.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170720/f8183732/attachment.html>


More information about the Emerging-updates mailing list