[Emerging-updates] Daily Ruleset Update Summary 2017/07/26

Travis Green tgreen at emergingthreats.net
Wed Jul 26 17:23:20 EDT 2017


[***]            Summary:            [***]

1 new Open, 23 new Pro (1 + 22). BanloadDownloader.XZY, Misc Ticks, Various
Mobile.


[+++]          Added rules:          [+++]

Open:

 2024499 - ET TROJAN Win32/BanloadDownloader.XZY Retrieving Payload
(trojan.rules)

Pro:

 2825239 - ETPRO INFO Lets Encrypt Free SSL Cert Observed in Possible Apple
Phishing (info.rules)
 2827292 - ETPRO TROJAN Hidden-Tear Ransomware Variant (wannafly) CnC
Beacon (trojan.rules)
 2827293 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
191 (mobile_malware.rules)
 2827294 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
192 (mobile_malware.rules)
 2827295 - ETPRO TROJAN Tick Related W32/Datper (trojan.rules)
 2827296 - ETPRO MOBILE_MALWARE Android.Trojan.SmsSpy.GI CnC Beacon
(mobile_malware.rules)
 2827297 - ETPRO TROJAN Tick Related W32/HomamDownloader  (trojan.rules)
 2827298 - ETPRO TROJAN Tick Related DNS Lookup (trojan.rules)
 2827299 - ETPRO TROJAN Tick Related DNS Lookup (trojan.rules)
 2827300 - ETPRO TROJAN Tick Related DNS Lookup (trojan.rules)
 2827301 - ETPRO TROJAN Tick Related DNS Lookup (trojan.rules)
 2827302 - ETPRO TROJAN Tick Related DNS Lookup (trojan.rules)
 2827303 - ETPRO MOBILE_MALWARE Android.Trojan.Downloader.JP CnC Beacon
(mobile_malware.rules)
 2827304 - ETPRO MOBILE_MALWARE Android.Trojan.Downloader.JP DNS Lookup
(mobile_malware.rules)
 2827305 - ETPRO TROJAN DNS Query to Cerber Domain (18ey8e . top)
(trojan.rules)
 2827306 - ETPRO TROJAN DNS Query to Cerber Domain (1ns1hx . top)
(trojan.rules)
 2827307 - ETPRO TROJAN DNS Query to Cerber Domain (18rkju . top)
(trojan.rules)
 2827308 - ETPRO TROJAN DNS Query to Cerber Domain (gkfit9 . top)
(trojan.rules)
 2827309 - ETPRO TROJAN DNS Query to Cerber Domain (1csesc . top)
(trojan.rules)
 2827310 - ETPRO TROJAN DNS Query to Cerber Domain (1a2jzy . top)
(trojan.rules)
 2827311 - ETPRO TROJAN DNS Query to Cerber Domain (18lmhb . top)
(trojan.rules)
 2827312 - ETPRO TROJAN DNS Query to Cerber Domain (1mfmkz . top)
(trojan.rules)


[///]     Modified active rules:     [///]

 2024495 - ET TROJAN CopyKittens Matryoshka DNS Lookup 1 (winupdate64 .
com) (trojan.rules)
 2024496 - ET TROJAN CopyKittens Matryoshka DNS Lookup 2 (twiter-statics .
info) (trojan.rules)
 2024497 - ET TROJAN CopyKittens Cobalt Strike DNS Lookup
(cloudflare-analyse . com) (trojan.rules)
 2827253 - ETPRO TROJAN Shifr Ransomware Malicious Domain in SNI Observed
(trojan.rules)


[---]         Removed rules:         [---]

 2825239 - ETPRO TROJAN Lets Encrypt Free SSL Cert Observed in Possible
Apple Phishing (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170726/3a87289b/attachment.html>


More information about the Emerging-updates mailing list