[Emerging-updates] Daily Ruleset Update Summary 2017/07/21

Travis Green tgreen at emergingthreats.net
Fri Jul 21 16:46:56 EDT 2017


[***]            Summary:            [***]

5 new Open, 11 new Pro (5 + 6). Shifr Ransomware, MSIL/InstagramAccount
Bot, Various Phishing, Various Mobile.

Thanks: Jake Warren, @MalwrHunterTeam


[+++]          Added rules:          [+++]

Open:

 2024486 - ET TROJAN Shifr Ransomware Malicious Domain in SNI Observed
(trojan.rules)
 2024487 - ET TROJAN Possible NotPetya Related DNS query (trojan.rules)
 2024488 - ET TROJAN Possible NotPetya Related DNS query (trojan.rules)
 2024489 - ET TROJAN Win32/Bitshifter Ransomware CnC Checkin (trojan.rules)
 2024490 - ET TROJAN HTTP Request with suspicious filename - myguy
(trojan.rules)

Pro:

 2827262 - ETPRO TROJAN Observed Malicious SSL Cert (Evil CoinMiner)
(trojan.rules)
 2827263 - ETPRO MOBILE_MALWARE Android.Trojan.SmsSpy.TF SMS/Contact Exfil
(mobile_malware.rules)
 2827264 - ETPRO TROJAN MSIL/Unk.Stealer CnC Checkin (trojan.rules)
 2827265 - ETPRO TROJAN MSIL/Unk.Stealer Exfil via FTP (trojan.rules)
 2827266 - ETPRO TROJAN MSIL/InstagramAccount Bot CnC Checkin (trojan.rules)
 2827267 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
184 (mobile_malware.rules)


[///]     Modified active rules:     [///]

 2024470 - ET INFO HTTP POST to Free Webhost - Possible Successful Phish
(site40 . net) Jul 18 2017 (info.rules)
 2814281 - ETPRO CURRENT_EVENTS Successful Amex Account Phish Oct 8 2015
(current_events.rules)
 2814801 - ETPRO CURRENT_EVENTS Successful Amazon Phish Nov 6 2015
(current_events.rules)
 2815172 - ETPRO CURRENT_EVENTS Successful Apple Phish M1 Dec 2 2015
(current_events.rules)
 2815173 - ETPRO CURRENT_EVENTS Successful Apple Phish M2 Dec 2 2015
(current_events.rules)
 2815245 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Dec 8 2015
(current_events.rules)
 2815497 - ETPRO CURRENT_EVENTS Successful Anonisma Paypal Phish Dec 28
2015 (current_events.rules)
 2816612 - ETPRO CURRENT_EVENTS Successful American Express Phish Mar 10
2016 (current_events.rules)
 2821138 - ETPRO CURRENT_EVENTS Successful AOL Phish M1 Jul 14 2016
(current_events.rules)
 2821139 - ETPRO CURRENT_EVENTS Successful AOL Phish M1 Jul 14 2016
(current_events.rules)
 2821140 - ETPRO CURRENT_EVENTS Successful AOL Phish M3 Jul 14 20116
(current_events.rules)
 2822313 - ETPRO CURRENT_EVENTS Successful Apple Phish M3 Sept 29 2016
(current_events.rules)
 2822376 - ETPRO CURRENT_EVENTS Successful Apple ID Phish M1 Oct 04 2016
(current_events.rules)
 2822401 - ETPRO CURRENT_EVENTS Successful Apple Phish Oct 04 2016
(current_events.rules)
 2822903 - ETPRO CURRENT_EVENTS Successful Ameli.fr Phish M1 Oct 26 2016
(current_events.rules)
 2822904 - ETPRO CURRENT_EVENTS Successful Ameli.fr Phish M2 Oct 26 2016
(current_events.rules)
 2822941 - ETPRO CURRENT_EVENTS Successful Amazon Phish Oct 27 2016
(current_events.rules)
 2824158 - ETPRO CURRENT_EVENTS Successful American Express Phish M1 Dec 30
2016 (current_events.rules)
 2824403 - ETPRO CURRENT_EVENTS Successful Apple (CA) Phish Jan 12 2017
(current_events.rules)
 2824531 - ETPRO CURRENT_EVENTS Successful AOL Phish Jan 19 2017
(current_events.rules)
 2824661 - ETPRO CURRENT_EVENTS Successful Apple Find My iPhone Phish Jan
26 2017 (current_events.rules)
 2827255 - ETPRO TROJAN W32/DarkVNC Checkin (trojan.rules)
 2827261 - ETPRO TROJAN  PoshC2 SSL Cert Observed (trojan.rules)


[---]  Disabled and modified rules:  [---]

 2814311 - ETPRO CURRENT_EVENTS Successful AOL Phish Oct 9 2015
(current_events.rules)


[---]         Disabled rules:        [---]

 2812508 - ETPRO CURRENT_EVENTS Successful Apple ID Phish Aug 18
(current_events.rules)
 2812509 - ETPRO CURRENT_EVENTS Successful Apple ID Phish Aug 18
(current_events.rules)
 2812826 - ETPRO CURRENT_EVENTS Successful ANZ Bank Phish Aug 31 1
(current_events.rules)
 2812827 - ETPRO CURRENT_EVENTS Successful ANZ Bank Phish Aug 31 2
(current_events.rules)
 2812872 - ETPRO CURRENT_EVENTS Successful Apple Account Phish Sept 2
(current_events.rules)
 2814043 - ETPRO CURRENT_EVENTS Successful Apple Connect Phish Sept 22
(current_events.rules)
 2815294 - ETPRO CURRENT_EVENTS Successful Apple Phish Dec 9 M1
(current_events.rules)
 2821030 - ETPRO CURRENT_EVENTS Successful Apple Connect Phish Jul 11
(current_events.rules)
 2822379 - ETPRO CURRENT_EVENTS Successful Amazon Phish Oct 04 2016
(current_events.rules)
 2822709 - ETPRO CURRENT_EVENTS Successful Amazon Phish Oct 18 2016
(current_events.rules)
 2822725 - ETPRO CURRENT_EVENTS Successful Amazon Phish Oct 18 2016
(current_events.rules)
 2822940 - ETPRO CURRENT_EVENTS Successful Apple Global Service Exchange
Phish Oct 27 2016 (current_events.rules)
 2823575 - ETPRO CURRENT_EVENTS Successful Apple Connect Phish Dec 02 2016
(current_events.rules)
 2824133 - ETPRO CURRENT_EVENTS Successful Apple Phish Dec 29 2016
(current_events.rules)


[---]         Removed rules:         [---]

 2827252 - ETPRO TROJAN Shifr Ransomware Malicious Domain in SNI Observed
(trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170721/61f4e1d6/attachment.html>


More information about the Emerging-updates mailing list