[Emerging-updates] Daily Ruleset Update Summary 2017/07/24

Travis Green tgreen at emergingthreats.net
Mon Jul 24 17:54:48 EDT 2017


[***]            Summary:            [***]

12 new Pro (5 + 6). W32/Emotet.v4, Ursniff TOR Module DL, Various Mobile.


[+++]          Added rules:          [+++]

Pro:

 2827268 - ETPRO TROJAN Donoff .onion Proxy Domain (trojan.rules)
 2827269 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
185 (mobile_malware.rules)
 2827270 - ETPRO TROJAN Genome K2T IP Check (trojan.rules)
 2827271 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
186 (mobile_malware.rules)
 2827272 - ETPRO CURRENT_EVENTS Possible Ursniff TOR Module DL 32-bit
(current_events.rules)
 2827273 - ETPRO CURRENT_EVENTS Possible Ursniff TOR Module DL 64-bit
(current_events.rules)
 2827274 - ETPRO TROJAN DNS Query to Cerber Domain (1n5mod . top)
(trojan.rules)
 2827275 - ETPRO TROJAN DNS Query to Cerber Domain (1mpsnr . top)
(trojan.rules)
 2827276 - ETPRO TROJAN DNS Query to Cerber Domain (1eiuce . top)
(trojan.rules)
 2827277 - ETPRO TROJAN DNS Query to Cerber Domain (1j9jad . top)
(trojan.rules)
 2827278 - ETPRO TROJAN Imminent Monitor MainInformation Command
(trojan.rules)
 2827279 - ETPRO TROJAN W32/Emotet.v4 Checkin (trojan.rules)


[///]     Modified active rules:     [///]

 2024470 - ET INFO HTTP POST to Free Webhost - Possible Successful Phish
(site40 . net) Jul 18 2017 (info.rules)
 2024486 - ET TROJAN Shifr Ransomware Malicious Domain in SNI Observed
(trojan.rules)
 2814281 - ETPRO CURRENT_EVENTS Successful Amex Account Phish Oct 8 2015
(current_events.rules)
 2815172 - ETPRO CURRENT_EVENTS Successful Apple Phish M1 Dec 2 2015
(current_events.rules)
 2815173 - ETPRO CURRENT_EVENTS Successful Apple Phish M2 Dec 2 2015
(current_events.rules)
 2815245 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Dec 8 2015
(current_events.rules)
 2815497 - ETPRO CURRENT_EVENTS Successful Anonisma Paypal Phish Dec 28
2015 (current_events.rules)
 2816612 - ETPRO CURRENT_EVENTS Successful American Express Phish Mar 10
2016 (current_events.rules)
 2821138 - ETPRO CURRENT_EVENTS Successful AOL Phish M1 Jul 14 2016
(current_events.rules)
 2821139 - ETPRO CURRENT_EVENTS Successful AOL Phish M1 Jul 14 2016
(current_events.rules)
 2821140 - ETPRO CURRENT_EVENTS Successful AOL Phish M3 Jul 14 20116
(current_events.rules)
 2824193 - ETPRO TROJAN Donoff .onion Proxy Domain (trojan.rules)
 2827261 - ETPRO TROJAN  PoshC2 SSL Cert Observed (trojan.rules)
 2827265 - ETPRO TROJAN MSIL/Unk.Stealer Exfil via FTP (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170724/a52ebed3/attachment.html>


More information about the Emerging-updates mailing list