[Emerging-updates] Daily Ruleset Update Summary 2017/03/10

Travis Green tgreen at emergingthreats.net
Fri Mar 10 18:06:54 EST 2017


 [***]            Summary:            [***]

 2 new Open signatures, 20 new Pro (2 + 18). Druixey, Phonespy, Revenge
RAT, Various Phishing

Thanks: @malwrhunterteam

 [+++]          Added rules:          [+++]

  2024043 - ET TROJAN Spora Ransomware SSL Certificate Detected
(trojan.rules)
  2024044 - ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression
Injection (CVE-2017-5638) M2 (web_specific_apps.rules)
  2825345 - ETPRO CURRENT_EVENTS Successful iCloud Phish M1 Mar 10 2017
(current_events.rules)
  2825346 - ETPRO CURRENT_EVENTS Successful iCloud Phish M2 Mar 10 2017
(current_events.rules)
  2825347 - ETPRO CURRENT_EVENTS Successful iCloud Phish M3 Mar 10 2017
(current_events.rules)
  2825348 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Mar 10 2017
(current_events.rules)
  2825349 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Mar 10 2017
(current_events.rules)
  2825350 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.PhoneSpy.b Checkin
(mobile_malware.rules)
  2825351 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.PhoneSpy.b Test
Connection (mobile_malware.rules)
  2825352 - ETPRO POLICY IP Check freegeoip.net DNS Lookup (policy.rules)
  2825353 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate
Detected (trojan.rules)
  2825354 - ETPRO TROJAN Zeus Panda Injects Domain in SNI (trojan.rules)
  2825355 - ETPRO TROJAN MSIL/Revenge-RAT CnC Checkin M2 (trojan.rules)
  2825356 - ETPRO TROJAN Bladabindi/njRat Variant CnC Checkin (CrezyMan)
(trojan.rules)
  2825357 - ETPRO TROJAN DroppingElephant MSIL/Druixey CnC Beacon 1
(trojan.rules)
  2825358 - ETPRO TROJAN DroppingElephant MSIL/Druixey CnC Beacon 2
(trojan.rules)
  2825359 - ETPRO TROJAN DroppingElephant MSIL/Druixey CnC Beacon 3
(trojan.rules)
  2825360 - ETPRO TROJAN DroppingElephant MSIL/Lobac Document Stealer CnC
Beacon 1 (trojan.rules)
  2825361 - ETPRO TROJAN DroppingElephant MSIL/Lobac Document Stealer CnC
Beacon 2 (trojan.rules)
  2825362 - ETPRO TROJAN Bancos Variant CnC Beacon (trojan.rules)


 [///]     Modified active rules:     [///]

  2023612 - ET TROJAN Ransomware/Cerber Checkin M3 (1) (trojan.rules)
  2023613 - ET TROJAN Ransomware/Cerber Checkin M3 (2) (trojan.rules)
  2023614 - ET TROJAN Ransomware/Cerber Checkin M3 (3) (trojan.rules)
  2023615 - ET TROJAN Ransomware/Cerber Checkin M3 (4) (trojan.rules)
  2023616 - ET TROJAN Ransomware/Cerber Checkin M3 (5) (trojan.rules)
  2023617 - ET TROJAN Ransomware/Cerber Checkin M3 (6) (trojan.rules)
  2023618 - ET TROJAN Ransomware/Cerber Checkin M3 (7) (trojan.rules)
  2023619 - ET TROJAN Ransomware/Cerber Checkin M3 (8) (trojan.rules)
  2023620 - ET TROJAN Ransomware/Cerber Checkin M3 (9) (trojan.rules)
  2023621 - ET TROJAN Ransomware/Cerber Checkin M3 (10) (trojan.rules)
  2023622 - ET TROJAN Ransomware/Cerber Checkin M3 (11) (trojan.rules)
  2023623 - ET TROJAN Ransomware/Cerber Checkin M3 (12) (trojan.rules)
  2023624 - ET TROJAN Ransomware/Cerber Checkin M3 (13) (trojan.rules)
  2023625 - ET TROJAN Ransomware/Cerber Checkin M3 (14) (trojan.rules)
  2023626 - ET TROJAN Ransomware/Cerber Checkin M3 (15) (trojan.rules)
  2023627 - ET TROJAN Ransomware/Cerber Checkin M3 (16) (trojan.rules)
  2825179 - ETPRO TROJAN Carbanak PowerShell DNS TXT CnC Beacon 2
(trojan.rules)


 [---]         Removed rules:         [---]

  2807294 - ETPRO TROJAN Trojan/Cosmu.ldj Install (trojan.rules)
  2825333 - ETPRO TROJAN Spora Ransomware SSL Certificate Detected
(trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170310/6e4c4aa6/attachment.html>


More information about the Emerging-updates mailing list