[Emerging-updates] Daily Ruleset Update Summary 2017/07/31

Travis Green tgreen at emergingthreats.net
Mon Jul 31 17:31:04 EDT 2017


[***]            Summary:            [***]

14 new Pro. Cerber Domains, Various Mobile, Various Phishing.

Thanks: Seth Elo, @protectwise


[+++]          Added rules:          [+++]

 2827350 - ETPRO CURRENT_EVENTS Successful Google Doc Multiple Email Phish
Jul 31 2017 (current_events.rules)
 2827351 - ETPRO MOBILE_MALWARE Android/Triada.EG DNS Lookup
(mobile_malware.rules)
 2827352 - ETPRO TROJAN DNS Query to Cerber Domain (1jrkyn . top)
(trojan.rules)
 2827353 - ETPRO TROJAN DNS Query to Cerber Domain (1fnhyq . top)
(trojan.rules)
 2827354 - ETPRO TROJAN DNS Query to Cerber Domain (1jfjhb . top)
(trojan.rules)
 2827355 - ETPRO TROJAN DNS Query to Cerber Domain (14o2wp . top)
(trojan.rules)
 2827356 - ETPRO TROJAN DNS Query to Cerber Domain (1jmu65 . top)
(trojan.rules)
 2827357 - ETPRO TROJAN DNS Query to Cerber Domain (12ct4c . top)
(trojan.rules)
 2827358 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.Yoga.a CnC Beacon
(mobile_malware.rules)
 2827359 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.fl CnC Beacon
(mobile_malware.rules)
 2827360 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-07-31 1) (trojan.rules)
 2827361 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-07-31 2) (trojan.rules)
 2827362 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-07-31 3) (trojan.rules)
 2827363 - ETPRO CURRENT_EVENTS Unknown Downloader EXE DL
(current_events.rules)


[///]     Modified active rules:     [///]

 2013208 - ET MOBILE_MALWARE Mobile Device Posting Phone Number
(mobile_malware.rules)
 2024285 - ET TROJAN OSX/Proton.B Domain in SNI (trojan.rules)
 2024502 - ET TROJAN ISMAgent CnC Checkin 1 (trojan.rules)
 2024503 - ET TROJAN ISMAgent Receiving Commands from CnC Server
 (trojan.rules)
 2024504 - ET TROJAN ISMAgent DNS Tunneling (microsoft-publisher . com)
(trojan.rules)
 2816718 - ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (trojan.rules)
 2821692 - ETPRO TROJAN ZeusPOS Payload M2 (trojan.rules)
 2824274 - ETPRO TROJAN Zeus Panda Injects Domain in SNI (trojan.rules)
 2825163 - ETPRO CURRENT_EVENTS Successful Generic Phish (Redirect to
Download PDF) Feb 28 2017 (current_events.rules)
 2825248 - ETPRO CURRENT_EVENTS Successful Credential Phish JS RePOST Mar
06 2017 (current_events.rules)


[---]         Removed rules:         [---]

 2827139 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-07-14 1)  (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170731/6728640a/attachment.html>


More information about the Emerging-updates mailing list