[Emerging-updates] Daily Ruleset Update Summary 2017/07/25

Travis Green tgreen at emergingthreats.net
Tue Jul 25 18:32:22 EDT 2017


[***]            Summary:            [***]

8 new Open, 20 new Pro (8 + 12). CopyKittens, TDTESS Backdoor, Chthonic
Update, Various Mobile.

Thanks: @patpoopy

[+++]          Added rules:          [+++]

Open:

 2024491 - ET TROJAN Shifr Ransomware CnC DNS Query (v5t5z6a55ksmt3oh)
(trojan.rules)
 2024492 - ET TROJAN Shifr Ransomware CnC DNS Query (ojdue4474qghybjb)
(trojan.rules)
 2024493 - ET CURRENT_EVENTS EITest Inject July 25 2017
(current_events.rules)
 2024494 - ET CURRENT_EVENTS EITest Keitaro Evil Redirect Leading to SocENG
July 25 2017 (current_events.rules)
 2024495 - ET TROJAN CopyKittens Matryoshka DNS Lookup 1 (winupdate64 .
com) (trojan.rules)
 2024496 - ET TROJAN CopyKittens Matryoshka DNS Lookup 2 (twiter-statics .
info) (trojan.rules)
 2024497 - ET TROJAN CopyKittens Cobalt Strike DNS Lookup
(cloudflare-analyse . com) (trojan.rules)
 2024498 - ET TROJAN TDTESS Backdoor User-Agent (trojan.rules)

Pro:

 2827280 - ETPRO TROJAN JS/Cryxos.B Dropper Requesting EXE (trojan.rules)
 2827281 - ETPRO TROJAN Noobcrypt Ransomware Domain in SNI (trojan.rules)
 2827282 - ETPRO TROJAN Chthonic CnC Beacon 9 (trojan.rules)
 2827283 - ETPRO TROJAN W32/Banpol.A Joining IRC Channel (trojan.rules)
 2827284 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
187 (mobile_malware.rules)
 2827285 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
188 (mobile_malware.rules)
 2827286 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK (Known Evil
Keitaro TDS) Jul 25 2017 (current_events.rules)
 2827287 - ETPRO TROJAN Win32/Trojan.Downloader.CSB Checkin 1 (trojan.rules)
 2827288 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
189 (mobile_malware.rules)
 2827289 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
190 (mobile_malware.rules)
 2827290 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Hqwar.z SMS Exfil
(mobile_malware.rules)
 2827291 - ETPRO MOBILE_MALWARE Android Unknown Trojan CnC Beacon
(mobile_malware.rules)


[///]     Modified active rules:     [///]

 2820983 - ETPRO TROJAN XXMM2/Minzen CnC Beacon (trojan.rules)
 2821023 - ETPRO TROJAN Win32/Neutrino Bot Malicious SSL Certificate
Detected (trojan.rules)
 2825239 - ETPRO TROJAN Lets Encrypt Free SSL Cert Observed in Possible
Apple Phishing (trojan.rules)
 2827253 - ETPRO TROJAN Shifr Ransomware Malicious Domain in SNI Observed
(trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170725/7c1e0c32/attachment.html>


More information about the Emerging-updates mailing list