[Emerging-updates] Daily Ruleset Update Summary 2017/03/07

Travis Green tgreen at emergingthreats.net
Wed Mar 8 09:47:06 EST 2017


 [***] Summary: [***]

43 new Pro. Phishing, Injects, Sage domains

Thanks:  @malwrhunterteam Kevin Branch


 [+++]          Added rules:          [+++]

 Pro:

  2825251 - ETPRO TROJAN Zeus Panda Injects Domain in SNI (trojan.rules)
  2825252 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Mar 07 2017
(current_events.rules)
  2825253 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Mar 07 2017
(current_events.rules)
  2825254 - ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Mar 07 2017
(current_events.rules)
  2825255 - ETPRO TROJAN Gootkit Domain in SNI (trojan.rules)
  2825256 - ETPRO TROJAN Gootkit Domain in SNI (trojan.rules)
  2825257 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.AZ Checkin
(mobile_malware.rules)
  2825258 - ETPRO TROJAN Gootkit Domain in SNI (trojan.rules)
  2825259 - ETPRO TROJAN Gootkit Domain in SNI (trojan.rules)
  2825260 - ETPRO TROJAN Gootkit Domain in SNI (trojan.rules)
  2825261 - ETPRO TROJAN Gootkit Domain in SNI (trojan.rules)
  2825262 - ETPRO TROJAN DNS Query to Cerber Domain (1lcteo . top)
(trojan.rules)
  2825263 - ETPRO TROJAN DNS Query to Cerber Domain (195heb . top)
(trojan.rules)
  2825264 - ETPRO TROJAN DNS Query to Cerber Domain (1cvmb4 . top)
(trojan.rules)
  2825265 - ETPRO TROJAN DNS Query to Cerber Domain (1ps36s . top)
(trojan.rules)
  2825266 - ETPRO TROJAN DNS Query to Cerber Domain (13wm9b . top)
(trojan.rules)
  2825267 - ETPRO TROJAN DNS Query to Cerber Domain (12vpkc . top)
(trojan.rules)
  2825268 - ETPRO TROJAN DNS Query to Cerber Domain (12a63k . top)
(trojan.rules)
  2825269 - ETPRO TROJAN DNS Query to Cerber Domain (15oqwp . top)
(trojan.rules)
  2825270 - ETPRO TROJAN DNS Query to Cerber Domain (173w9w . top)
(trojan.rules)
  2825271 - ETPRO TROJAN DNS Query to Cerber Domain (1cw65b . top)
(trojan.rules)
  2825272 - ETPRO CURRENT_EVENTS Successful Linkedin Phish Mar 07 2017
(current_events.rules)
  2825273 - ETPRO TROJAN MSIL/Enjey Crypter Ransomware CnC Checkin
(trojan.rules)
  2825274 - ETPRO TROJAN MSIL.EngWUltimate Stealer Checkin (trojan.rules)
  2825275 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-03-07 1) (trojan.rules)
  2825276 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-03-07 2) (trojan.rules)
  2825277 - ETPRO CURRENT_EVENTS Successful Apple Phish Mar 07 2017
(current_events.rules)
  2825278 - ETPRO CURRENT_EVENTS Successful Nationwide Internet Banking
Phish M1 Mar 07 2017 (current_events.rules)
  2825279 - ETPRO CURRENT_EVENTS Successful Nationwide Internet Banking
Phish M2 Mar 07 2017 (current_events.rules)
  2825280 - ETPRO TROJAN DNS Query to Sage Domain (k5hjej9 . com)
(trojan.rules)
  2825281 - ETPRO TROJAN DNS Query to Sage Domain (io23zc . com)
(trojan.rules)
  2825282 - ETPRO TROJAN DNS Query to Sage Domain (p0alj2 . com)
(trojan.rules)
  2825283 - ETPRO TROJAN DNS Query to Sage Domain (2kzm0f . com)
(trojan.rules)
  2825284 - ETPRO TROJAN DNS Query to Sage Domain (3io74zx . com)
(trojan.rules)
  2825285 - ETPRO TROJAN DNS Query to Sage Domain (er29sl . in)
(trojan.rules)
  2825286 - ETPRO CURRENT_EVENTS Successful AXA Bank Europe Phish Mar 07
2017 (current_events.rules)
  2825287 - ETPRO TROJAN DNS Query to Sage Domain (rzunt3u2 . com)
(trojan.rules)
  2825288 - ETPRO CURRENT_EVENTS Successful USC Phish Mar 07 2017
(current_events.rules)
  2825289 - ETPRO CURRENT_EVENTS USC Phishing Landing Mar 07 2017
(current_events.rules)
  2825290 - ETPRO TROJAN Tofu Backdoor Checkin (trojan.rules)
  2825291 - ETPRO CURRENT_EVENTS Successful 163 Phish Mar 07 2017
(current_events.rules)
  2825292 - ETPRO CURRENT_EVENTS Successful Western Union Phish Mar 07 2017
(current_events.rules)


 [///]     Modified active rules:     [///]

  2003492 - ET MALWARE Suspicious Mozilla User-Agent - Likely Fake
(Mozilla/4.0) (malware.rules)
  2021252 - ET TROJAN TorrentLocker .onion Proxy Domain (zbqxpjfvltb6d62m)
(trojan.rules)
  2023476 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex) (trojan.rules)
  2808510 - ETPRO TROJAN StoneDrill Wiper Checkin 2 (trojan.rules)
  2812436 - ETPRO TROJAN TorrentLocker .onion Proxy Domain
(4nzchpngrtdhn27u) (trojan.rules)
  2812761 - ETPRO CURRENT_EVENTS Successful Blackboard Phish Aug 27
(current_events.rules)
  2819866 - ETPRO MOBILE_MALWARE Android.Trojan.Downloader.CI Checkin
(mobile_malware.rules)
  2825118 - ETPRO CURRENT_EVENTS Possible Apple Phishing Landing Feb 24
2017 (current_events.rules)
  2825239 - ETPRO TROJAN Lets Encrypt Free SSL Cert Observed in Possible
Apple Phishing (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170308/2bd6631a/attachment.html>


More information about the Emerging-updates mailing list