[Emerging-updates] Daily Ruleset Update Summary 2017/03/09

Francis Trudeau ftrudeau at emergingthreats.net
Thu Mar 9 17:22:32 EST 2017


 [***] Summary: [***]

 3 new Open signatures, 35 new Pro (3 + 32).
 (?:Spora|PadCrypt|Satan|Vortex|TorrentLocker) Ransomware, WIFICAM Camera
vulns.

 Thanks:  @malware_traffic.

 [+++]          Added rules:          [+++]

 Open:

  2024040 - ET CURRENT_EVENTS EITest SocEng Fake Font DL March 09 2017
(current_events.rules)
  2024041 - ET TROJAN Spora Ransomware Checkin (trojan.rules)
  2024042 - ET CURRENT_EVENTS Fake Virus Phone Scam Landing Mar 09 2017
(current_events.rules)

 Pro:

  2822915 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set)
Oct 26 (current_events.rules)
  2825314 - ETPRO CURRENT_EVENTS Successful Office 365 Encrypted Mail Phish
Mar 09 2017 (current_events.rules)
  2825315 - ETPRO CURRENT_EVENTS Successful Generic Email Revalidation
Phish M1 Mar 09 2017 (current_events.rules)
  2825316 - ETPRO CURRENT_EVENTS Successful Generic Email Revalidation
Phish M2 Mar 09 2017 (current_events.rules)
  2825317 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish Mar 09
2017 (current_events.rules)
  2825318 - ETPRO CURRENT_EVENTS Successful Google Docs Phish Mar 09 2017
(current_events.rules)
  2825319 - ETPRO MOBILE_MALWARE Android.Trojan.Downloader.N CnC Beacon
(mobile_malware.rules)
  2825320 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Cova.d Checkin
(mobile_malware.rules)
  2825321 - ETPRO TROJAN PadCrypt Ransomware CnC Checkin 5 (trojan.rules)
  2825322 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
  2825323 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
  2825324 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
  2825325 - ETPRO TROJAN Satan Ransomware Domain (onion . pw) (trojan.rules)
  2825326 - ETPRO TROJAN DNS Query to TorrentLocker Domain (frontmain . pl)
(trojan.rules)
  2825327 - ETPRO TROJAN DNS Query to TorrentLocker Domain (joygo . pl)
(trojan.rules)
  2825328 - ETPRO TROJAN DNS Query to TorrentLocker Domain (questpul . pl)
(trojan.rules)
  2825329 - ETPRO TROJAN DNS Query to TorrentLocker Domain (homewind . pl)
(trojan.rules)
  2825330 - ETPRO TROJAN Zeus Panda Injects Domain in SNI (trojan.rules)
  2825331 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.FS CnC Beacon
(mobile_malware.rules)
  2825332 - ETPRO TROJAN Zeus Panda Injects Domain in SNI (trojan.rules)
  2825333 - ETPRO TROJAN Spora Ransomware SSL Certificate Detected
(trojan.rules)
  2825334 - ETPRO TROJAN MSIL/njRAT/Bladabindi CnC Checkin (Sudden Attack)
(trojan.rules)
  2825335 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.BH Checkin
(mobile_malware.rules)
  2825336 - ETPRO MOBILE_MALWARE Android.Trojan.Downloader.AN CnC Beacon
(mobile_malware.rules)
  2825337 - ETPRO TROJAN Vortex Ransomware CnC Checkin (trojan.rules)
  2825338 - ETPRO CURRENT_EVENTS Successful Santander Phish M1 Mar 09 2017
(current_events.rules)
  2825339 - ETPRO TROJAN Downloader/Stengol CnC Beacon (trojan.rules)
  2825340 - ETPRO CURRENT_EVENTS Successful Santander Phish M2 Mar 09 2017
(current_events.rules)
  2825341 - ETPRO TROJAN Bancos Variant CnC Beacon (trojan.rules)
  2825342 - ETPRO EXPLOIT WIFICAM Cameras Authenticated set_ftp.cgi Command
Injection Attempt (exploit.rules)
  2825343 - ETPRO EXPLOIT WIFICAM Cameras .ini Unauthenticated Access
Attempt (exploit.rules)
  2825344 - ETPRO CURRENT_EVENTS Successful iCloud Payment Verification
Phish Mar 09 2017 (current_events.rules)


 [///]     Modified active rules:     [///]

  2018630 - ET MOBILE_MALWARE Android/Comll.Banker RAT CnC Beacon
(mobile_malware.rules)
  2820920 - ETPRO INFO Data Submitted to ukit domain - Possible Phishing M1
(info.rules)
  2820921 - ETPRO INFO Data Submitted to ukit domain - Possible Phishing M2
(info.rules)
  2822666 - ETPRO CURRENT_EVENTS Successful Visa Online Phish Oct 17 2016
(current_events.rules)
  2824777 - ETPRO CURRENT_EVENTS EITest SocEng Chrome Fonts DL Feb 06 M1
(current_events.rules)
  2825096 - ETPRO TROJAN Bladabindi/njRAT Variant CnC Checkin (Mr.motaz)
(trojan.rules)
  2825239 - ETPRO TROJAN Lets Encrypt Free SSL Cert Observed in Possible
Apple Phishing (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170309/ceeb1894/attachment.html>


More information about the Emerging-updates mailing list