[Emerging-updates] Daily Ruleset Update Summary 2017/03/06

Francis Trudeau ftrudeau at emergingthreats.net
Mon Mar 6 17:38:10 EST 2017


 [***] Summary: [***]

 4 new Open signatures, 19 new Pro (4 + 15).  PHISHING.

 Thanks:  @damonrouse

 [+++]          Added rules:          [+++]

 Open:

  2024030 - ET WEB_CLIENT SUSPICIOUS Microsoft-Edge protocol in use
(Observed in Magnitude EK) (web_client.rules)
  2024031 - ET WEB_CLIENT SUSPICIOUS Local file read using read protocol
(web_client.rules)
  2024032 - ET CURRENT_EVENTS Successful Vanguard Phish Mar 06 2017
(current_events.rules)
  2024033 - ET CURRENT_EVENTS Android Fake AV Download Landing Mar 06 2017
(current_events.rules)

 Pro:

  2825236 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Mar 03
2017 (current_events.rules)
  2825237 - ETPRO CURRENT_EVENTS Successful Twitter Verification Phish Mar
03 2017 (current_events.rules)
  2825238 - ETPRO MOBILE_MALWARE Android/SMSreg.FR CnC Beacon
(mobile_malware.rules)
  2825239 - ETPRO TROJAN Lets Encrypt Free SSL Cert Observed in Possible
Apple Phishing (trojan.rules)
  2825240 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CI Checkin
(mobile_malware.rules)
  2825241 - ETPRO MOBILE_MALWARE Monitoring-Tool Android/MobileSpy.C SMS
Exfil (mobile_malware.rules)
  2825242 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M1 Mar 06
2017 (current_events.rules)
  2825243 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M2 Mar 06
2017 (current_events.rules)
  2825244 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M3 Mar 06
2017 (current_events.rules)
  2825245 - ETPRO POLICY Free Proxy Tool HTTP Request (policy.rules)
  2825246 - ETPRO MALWARE Win32/ZvuZona CnC Beacon (malware.rules)
  2825247 - ETPRO MOBILE_MALWARE Monitoring-Tool Android/MobileSpy.C
Checkin (mobile_malware.rules)
  2825248 - ETPRO CURRENT_EVENTS Successful Credential Phish JS RePOST Mar
06 2017 (current_events.rules)
  2825249 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Mar 06 2017
(current_events.rules)
  2825250 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Mar 06 2017
(current_events.rules)


 [///]     Modified active rules:     [///]

  2019628 - ET TROJAN AnubisNetworks Sinkhole SSL Cert lolcat - specific
IPs (trojan.rules)
  2810159 - ETPRO TROJAN Win32/Hyteod Initial CnC Beacon Response
(trojan.rules)
  2810290 - ETPRO TROJAN NanoCore RAT Keepalive Response 1 (trojan.rules)
  2816766 - ETPRO TROJAN NanoCore RAT CnC 7 (trojan.rules)
  2825118 - ETPRO CURRENT_EVENTS Possible Apple Phishing Landing Feb 24
2017 (current_events.rules)


 [---]  Disabled and modified rules:  [---]

  2822326 - ETPRO TROJAN NanoCore RAT CnC 19 (trojan.rules)


 [---]         Removed rules:         [---]

  2822989 - ETPRO TROJAN Malicious SSL Certificate Detected (Qadars CnC)
(trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170306/fff71c5c/attachment.html>


More information about the Emerging-updates mailing list