[Emerging-updates] Daily Ruleset Update Summary 2017/303

Francis Trudeau ftrudeau at emergingthreats.net
Fri Mar 3 18:16:30 EST 2017


 [***] Summary: [***]

 26 new Pro signatures.  Phishing, Helminth/Oilrig, Win32/Unk.

 [+++]          Added rules:          [+++]

  2825210 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-03-02 1) (trojan.rules)
  2825211 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-03-02 2) (trojan.rules)
  2825212 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-03-02 3) (trojan.rules)
  2825213 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-03-02 4) (trojan.rules)
  2825214 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-03-02 5) (trojan.rules)
  2825215 - ETPRO CURRENT_EVENTS Successful Amazon Phish M1 Mar 02 2017
(current_events.rules)
  2825216 - ETPRO CURRENT_EVENTS Successful Amazon Phish M2 Mar 02 2017
(current_events.rules)
  2825217 - ETPRO CURRENT_EVENTS Successful Generic Webmail Signin Phish
Mar 02 2017 (current_events.rules)
  2825218 - ETPRO CURRENT_EVENTS Successful Natwest Phish M1 Mar 02 2017
(current_events.rules)
  2825219 - ETPRO CURRENT_EVENTS Successful Natwest Phish M2 Mar 02 2017
(current_events.rules)
  2825220 - ETPRO CURRENT_EVENTS Successful Natwest Phish M3 Mar 02 2017
(current_events.rules)
  2825221 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish Mar 02
2017 (current_events.rules)
  2825222 - ETPRO MOBILE_MALWARE AndroidOS/Agent.UG Checkin
(mobile_malware.rules)
  2825223 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.eo
SMS/Contacts Exfil via SMTP (mobile_malware.rules)
  2825224 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.eo
SMS/Contacts Exfil via SMTP 2 (mobile_malware.rules)
  2825225 - ETPRO MOBILE_MALWARE Android/SMSreg.RA Checkin 2
(mobile_malware.rules)
  2825226 - ETPRO TROJAN Helminth/Oilrig CnC Beacon 2 (trojan.rules)
  2825227 - ETPRO TROJAN Helminth/Oilrig CnC Beacon POST (trojan.rules)
  2825228 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.em CnC Beacon
(mobile_malware.rules)
  2825229 - ETPRO TROJAN MalDoc Downloader .onion Proxy Domain
(trojan.rules)
  2825230 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Shedun.E CnC Beacon
(mobile_malware.rules)
  2825231 - ETPRO CURRENT_EVENTS Successful Google Spain Phish Mar 03 2017
(current_events.rules)
  2825232 - ETPRO CURRENT_EVENTS Successful Chase Phish Mar 03 2017
(current_events.rules)
  2825233 - ETPRO CURRENT_EVENTS Successful Banco Itau (BR) Phish M1 Mar 03
2017 (current_events.rules)
  2825234 - ETPRO CURRENT_EVENTS Successful Banco Itau (BR) Phish M2 Mar 03
2017 (current_events.rules)
  2825235 - ETPRO CURRENT_EVENTS Win32/Unk.Downloader Retrieving Payload
Mar 3 2017 (current_events.rules)


 [///]     Modified active rules:     [///]

  2020826 - ET CURRENT_EVENTS Potential Dridex.Maldoc Minimal Executable
Request (current_events.rules)


 [///]    Modified inactive rules:    [///]

  2023997 - ET INFO Potentially unsafe SMBv1 protocol in use (info.rules)


 [---]  Disabled and modified rules:  [---]

  2011891 - ET WEB_CLIENT Possible Microsoft Internet Explorer CSS Tags
Remote Code Execution Attempt (web_client.rules)
  2822536 - ETPRO WEB_CLIENT Possible Microsoft Edge Memory Corruption
Vulnerability M2 (CVE-2016-7190) (web_client.rules)
  2824933 - ETPRO WEB_CLIENT Possible Adobe Flash MP4 parsing OOB Memory
Access M1 (CVE-2017-2984) (web_client.rules)
  2824939 - ETPRO EXPLOIT Flash Player Heap Overflow (CVE-2017-2992)
(exploit.rules)


 [---]         Removed rules:         [---]

  2816352 - ETPRO CURRENT_EVENTS Possible Angler EK Landing Feb 23 M3
(current_events.rules)
  2822983 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 Oct 28
2016 (current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170303/799d2f98/attachment.html>


More information about the Emerging-updates mailing list