[Emerging-updates] Daily Ruleset Update Summary 2017/03/21

Travis Green tgreen at emergingthreats.net
Tue Mar 21 18:20:58 EDT 2017


[***]            Summary:            [***]

 1 new Open signatures, 27 new Pro (1 + 26). Various Phishing, Various
Android

 Thanks: @malwrhunterteam, Jeff H


[+++]          Added rules:          [+++]

Open:

 2024098 - ET CURRENT_EVENTS Windows Settings Phishing Landing Jul 22
(current_events.rules)

Pro:

 2825526 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Keitaro TDS
Mar 17 2017 (current_events.rules)
 2825527 - ETPRO TROJAN Hiloti Checkin (trojan.rules)
 2825528 - ETPRO CURRENT_EVENTS Successful Gmail Phish M1 Mar 20 2017
(current_events.rules)
 2825529 - ETPRO CURRENT_EVENTS Successful Gmail Phish M2 Mar 20 2017
(current_events.rules)
 2825530 - ETPRO CURRENT_EVENTS Successful Gmail Phish M3 Mar 20 2017
(current_events.rules)
 2825531 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Wahom.a CnC Beacon
(mobile_malware.rules)
 2825532 - ETPRO CURRENT_EVENTS Successful VBV Phish Mar 20 2017
(current_events.rules)
 2825533 - ETPRO CURRENT_EVENTS Successful Steam Phish Mar 20 2017
(current_events.rules)
 2825534 - ETPRO CURRENT_EVENTS Successful Discover Phish Mar 20 2017
(current_events.rules)
 2825535 - ETPRO CURRENT_EVENTS Successful Microsoft Verify Email Phish Mar
20 2017 (current_events.rules)
 2825536 - ETPRO TROJAN TorrentLocker C2 Domain (trojan.rules)
 2825537 - ETPRO TROJAN TorrentLocker C2 Domain (trojan.rules)
 2825538 - ETPRO TROJAN TorrentLocker C2 Domain (trojan.rules)
 2825539 - ETPRO TROJAN TorrentLocker C2 Domain (trojan.rules)
 2825540 - ETPRO TROJAN TorrentLocker C2 Domain (trojan.rules)
 2825541 - ETPRO TROJAN TorrentLocker C2 Domain (trojan.rules)
 2825542 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.ol Checkin
(mobile_malware.rules)
 2825543 - ETPRO TROJAN MSIL/LLTP Locker Ransomware CnC Activity
(trojan.rules)
 2825544 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.bh Checkin
(mobile_malware.rules)
 2825545 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.bh Checkin 2
(mobile_malware.rules)
 2825546 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Agent.jb CnC Beacon
(mobile_malware.rules)
 2825547 - ETPRO TROJAN DustySky SSL Certificate Detected (trojan.rules)
 2825548 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.v Checkin
(mobile_malware.rules)
 2825549 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.v Checkin 2
(mobile_malware.rules)
 2825550 - ETPRO TROJAN DustySky Downeks/Quasar/other DNS Lookup (space
.support-reg.space) (trojan.rules)
 2825551 - ETPRO TROJAN DustySky Downeks/Quasar/other DNS Lookup (news .
net-freaks.com) (trojan.rules)


[///]     Modified active rules:     [///]

 2011338 - ET TROJAN Sality Variant Downloader Activity (3) (trojan.rules)
 2013942 - ET WEB_SERVER Weevely PHP backdoor detected (python_eval()
function used) (web_server.rules)
 2013943 - ET WEB_SERVER Weevely PHP backdoor detected (pcntl_exec()
function used) (web_server.rules)
 2023748 - ET CURRENT_EVENTS Evil Redirector Leading to EK EITest Inject
Oct 17 2016 M4 (current_events.rules)
 2024096 - ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression
Injection (CVE-2017-5638) (Content-Disposition) M1 (web_specific_apps.rules)
 2811967 - ETPRO TROJAN ReactorBot CnC Beacon (trojan.rules)
 2819864 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Batmob.b Checkin
(mobile_malware.rules)
 2821725 - ETPRO TROJAN Win32/Agent.WTE HTTP CnC Beacon (trojan.rules)
 2824934 - ETPRO WEB_CLIENT Possible Adobe Flash MP4 parsing OOB Memory
Access M2 (CVE-2017-2984) (web_client.rules)
 2824935 - ETPRO WEB_CLIENT Possible Adobe Flash MP4 parsing OOB Memory
Access M3 (CVE-2017-2984) (web_client.rules)
 2825131 - ETPRO POLICY PUP/MiPony HTTP Request (policy.rules)
 2825511 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.bd Checkin
(mobile_malware.rules)


[---]         Removed rules:         [---]

 2021918 - ET TROJAN DustySky Checkin (trojan.rules)
 2024094 - ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression
Injection (CVE-2017-5638) (Content-Length) M1 (web_specific_apps.rules)
 2024095 - ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression
Injection (CVE-2017-5638) (Content-Length) M2 (web_specific_apps.rules)
 2024097 - ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression
Injection (CVE-2017-5638) (Content-Disposition) M2 (web_specific_apps.rules)
 2815336 - ETPRO TROJAN Unknown CnC Upload (trojan.rules)
 2821335 - ETPRO CURRENT_EVENTS Windows Settings Phishing Landing Jul 22
(current_events.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170321/e4535abd/attachment.html>


More information about the Emerging-updates mailing list