[Emerging-updates] Daily Ruleset Update Summary 2017/03/13

Travis Green tgreen at emergingthreats.net
Mon Mar 13 18:35:14 EDT 2017


 [***]            Summary:            [***]

 5 new Open signatures, 16 new Pro (5 + 11). Rig updates, APT.ZeroT update,
Various Phishing

Thanks: @illegalFawn

[+++]          Added rules:          [+++]

  2024045 - ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression
Injection (CVE-2017-5638) M3 (web_specific_apps.rules)
  2024046 - ET CURRENT_EVENTS Successful Paypal Phish Mar 13 2017
(current_events.rules)
  2024047 - ET CURRENT_EVENTS Successful National Bank Phish Mar 13 2017
(current_events.rules)
  2024048 - ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017
(current_events.rules)
  2024049 - ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2
(current_events.rules)
  2825363 - ETPRO CURRENT_EVENTS Successful Banco Bradesco Phish Mar 13
2017 (current_events.rules)
  2825364 - ETPRO CURRENT_EVENTS Successful Banco Itau (BR) Phish Mar 13
2017 (current_events.rules)
  2825365 - ETPRO TROJAN APT.ZeroT CnC Beacon Fake User-Agent (trojan.rules)
  2825366 - ETPRO CURRENT_EVENTS Adobe Shared Document Phishing Landing Mar
13 2017 (current_events.rules)
  2825367 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Mar
13 2017 (current_events.rules)
  2825368 - ETPRO CURRENT_EVENTS Successful Instagram Phish Mar 13 2017
(current_events.rules)
  2825369 - ETPRO CURRENT_EVENTS Successful Amazon Phish Mar 13 2017
(current_events.rules)
  2825370 - ETPRO CURRENT_EVENTS Successful American Express Phish Mar 13
2017 (current_events.rules)
  2825371 - ETPRO MOBILE_MALWARE Android.Adware.Adwo.A CNC Beacon
(mobile_malware.rules)
  2825372 - ETPRO MOBILE_MALWARE Android.KorBanker CnC Beacon 2
(mobile_malware.rules)
  2825373 - ETPRO MOBILE_MALWARE Android.KorBanker CnC Beacon 3
(mobile_malware.rules)


 [///]     Modified active rules:     [///]

  2023476 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex) (trojan.rules)
  2023697 - ET CURRENT_EVENTS Successful Bradesco Bank Phish M2 Jan 05 2017
(current_events.rules)
  2023740 - ET TROJAN Possible Pony Payload DL (trojan.rules)
  2024044 - ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression
Injection (CVE-2017-5638) M2 (web_specific_apps.rules)
  2821028 - ETPRO TROJAN APT.ZeroT CnC Beacon HTTP POST (trojan.rules)
  2825339 - ETPRO TROJAN Downloader/Stengol CnC Beacon (trojan.rules)
  2825357 - ETPRO TROJAN DroppingElephant MSIL/Druixey CnC Beacon 1
(trojan.rules)


 [---]         Removed rules:         [---]


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170313/8b7b0ae9/attachment.html>


More information about the Emerging-updates mailing list