[Emerging-updates] Daily Ruleset Update Summary 2017/03/20

Travis Green tgreen at emergingthreats.net
Mon Mar 20 20:36:36 EDT 2017


[***]            Summary:            [***]

 4 new Open signatures, 22 new Pro (4 + 18). Struts2 Vuln, Snow RAT,
Various Phishing, Various Android


[+++]          Added rules:          [+++]

Open:

  2024094 - ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression
Injection (CVE-2017-5638) (Content-Length) M1 (web_specific_apps.rules)
  2024095 - ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression
Injection (CVE-2017-5638) (Content-Length) M2 (web_specific_apps.rules)
  2024096 - ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression
Injection (CVE-2017-5638) (Content-Disposition) M1 (web_specific_apps.rules)
  2024097 - ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression
Injection (CVE-2017-5638) (Content-Disposition) M2 (web_specific_apps.rules)

Pro:

  2825506 - ETPRO CURRENT_EVENTS GreenFlash SunDown EK Payload Mar 19 2017
(current_events.rules)
  2825507 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi ISFB/Dreambot)
(trojan.rules)
  2825508 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.e CnC Beacon
(mobile_malware.rules)
  2825509 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.e CnC Beacon 2
(mobile_malware.rules)
  2825510 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.e CnC Beacon 3
(mobile_malware.rules)
  2825511 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.bd Checkin
(mobile_malware.rules)
  2825512 - ETPRO TROJAN Ursnif Module Download (trojan.rules)
  2825513 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.bz CnC Beacon
(mobile_malware.rules)
  2825514 - ETPRO MOBILE_MALWARE Android.Trojan.Triada.J Checkin
(mobile_malware.rules)
  2825515 - ETPRO TROJAN MSIL/Snow RAT CnC (Update) (trojan.rules)
  2825516 - ETPRO TROJAN MSIL/Snow RAT CnC (ID) (trojan.rules)
  2825517 - ETPRO TROJAN MSIL/Snow RAT CnC (LS) (trojan.rules)
  2825520 - ETPRO TROJAN MSIL/TrojanDownloader.Agent.PLJ Download
(trojan.rules)
  2825521 - ETPRO TROJAN Win32/TrojanDownloader.Perkesh.J CnC Beacon
(trojan.rules)
  2825522 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.SO Checkin
(mobile_malware.rules)
  2825523 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.SO Checkin 2
(mobile_malware.rules)
  2825524 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.SO Checkin 3
(mobile_malware.rules)
  2825525 - ETPRO MOBILE_MALWARE Android.Trojan.Triada.J Checkin 2
(mobile_malware.rules)


[///]     Modified active rules:     [///]

  2016932 - ET TROJAN Spy/Infostealer.Win32.Embed.A Client Traffic
(trojan.rules)
  2821479 - ETPRO MOBILE_MALWARE Android/Agent.YF Checkin
(mobile_malware.rules)
  2824449 - ETPRO CURRENT_EVENTS GreenFlash SunDown EK Flash Exploit Jan 17
(current_events.rules)
  2825458 - ETPRO TROJAN Banload Variant Checkin (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170320/481c187e/attachment.html>


More information about the Emerging-updates mailing list