[Emerging-updates] Daily Ruleset Update Summary 2017/03/17

Francis Trudeau ftrudeau at emergingthreats.net
Fri Mar 17 17:44:10 EDT 2017


 [***] Summary: [***]

 2 new Open signatures, 22 new Pro (2 + 20).  VARIOUS PHISHING, Hidden
Tear, Sage, Cerber.

 Thanks:  Jeff H, @jonny55555 & Kevin Ross.

 [+++]          Added rules:          [+++]

 Open:

  2024092 - ET CURRENT_EVENTS Evil Redirector Leading to EK March 15 2017
(current_events.rules)
  2024093 - ET CURRENT_EVENTS Evil Redirector Leading to EK March 15 2017
M2 (current_events.rules)

 Pro:

  2825485 - ETPRO CURRENT_EVENTS Microsoft Live Email Account Phishing
Landing Mar 16 2017 (current_events.rules)
  2825486 - ETPRO CURRENT_EVENTS Successful Google Drive / Dropbox Phish M1
Mar 17 2017 (current_events.rules)
  2825487 - ETPRO CURRENT_EVENTS Successful Google Drive / Dropbox Phish M2
Mar 17 2017 (current_events.rules)
  2825488 - ETPRO CURRENT_EVENTS Successful Excel Phish Mar 16 2017
(current_events.rules)
  2825489 - ETPRO CURRENT_EVENTS Successful Banque Populaire Phish Mar 17
2017 (current_events.rules)
  2825490 - ETPRO CURRENT_EVENTS Surveybrother Webmail Upgrade Phishing
Landing Mar 17 2017 (current_events.rules)
  2825491 - ETPRO CURRENT_EVENTS My Verizon Phishing Landing Mar 17 2017
(current_events.rules)
  2825492 - ETPRO CURRENT_EVENTS Successful Verizon Phish Mar 17 2017
(current_events.rules)
  2825493 - ETPRO CURRENT_EVENTS Successful Match.com Mobile Phish Mar 17
2017 (current_events.rules)
  2825494 - ETPRO TROJAN Hidden Tear .onion Proxy Domain (trojan.rules)
  2825495 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-03-17 1) (trojan.rules)
  2825496 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-03-17 2) (trojan.rules)
  2825497 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-03-17 3) (trojan.rules)
  2825498 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-03-17 4) (trojan.rules)
  2825499 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-03-17 5) (trojan.rules)
  2825500 - ETPRO TROJAN DNS Query to Sage Domain (jktew0 . com)
(trojan.rules)
  2825501 - ETPRO TROJAN DNS Query to Sage Domain (jpo2z1 . net)
(trojan.rules)
  2825502 - ETPRO TROJAN DNS Query to Cerber Domain (16bwhs . top)
(trojan.rules)
  2825503 - ETPRO TROJAN DNS Query to Cerber Domain (1ajohk . top)
(trojan.rules)
  2825504 - ETPRO TROJAN DNS Query to Cerber Domain (1apkjn . top)
(trojan.rules)


 [///]     Modified active rules:     [///]

  2022566 - ET CURRENT_EVENTS Possible Malicious Macro EXE DL AlphaNumL
(current_events.rules)
  2023638 - ET CURRENT_EVENTS Common Phishing Redirect Dec 13 2016
(current_events.rules)
  2024035 - ET TROJAN WS/JS Downloader Mar 07 2017 M1 (trojan.rules)
  2024036 - ET TROJAN WS/JS Downloader Mar 07 2017 M2 (trojan.rules)
  2024056 - ET TROJAN Win32/CryptFile2 / Revenge Ransomware Checkin M3
(trojan.rules)
  2821163 - ETPRO CURRENT_EVENTS Successful Docusign/O365 Phish Jul 15
(current_events.rules)


 [---]         Removed rules:         [---]

  2822403 - ETPRO CURRENT_EVENTS Successful Yadkin Bank Phish Oct 04 2016
(current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170317/10b00f87/attachment.html>


More information about the Emerging-updates mailing list