[Emerging-updates] Daily Ruleset Update Summary 2017/03/22

Travis Green tgreen at emergingthreats.net
Wed Mar 22 18:12:13 EDT 2017


[***]            Summary:            [***]

2 new Open signatures, 19 new Pro (2 + 17). Spy.Banker.ACUT, Various
Phishing, Various Android

Thanks: @JAMESWT_MHT


[+++]          Added rules:          [+++]

Open:

2024099 - ET TROJAN Win32/Spy.Banker.ACUT CnC Checkin (trojan.rules)
2024100 - ET CURRENT_EVENTS Successful Paypal Phish Mar 22 2017
(current_events.rules)

Pro:

2825552 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Mar 22 2017
(current_events.rules)
2825553 - ETPRO CURRENT_EVENTS Successful Facebook Phish Mar 22 2017
(current_events.rules)
2825554 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish Mar 22 2017
(current_events.rules)
2825555 - ETPRO CURRENT_EVENTS Successful Gmail Phish Mar 22 2017
(current_events.rules)
2825556 - ETPRO CURRENT_EVENTS Successful Impots.gouv.fr Phish Mar 22 2017
(current_events.rules)
2825557 - ETPRO TROJAN Gozi/Ursnif/Papras Connectivity Check (php.net)
(trojan.rules)
2825558 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif Injects)
(trojan.rules)
2825559 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi ISFB/Dreambot)
(trojan.rules)
2825560 - ETPRO TROJAN TorrentLocker C2 Domain (trojan.rules)
2825561 - ETPRO TROJAN Possible Gozi ISFB/Dreambot DGA Domain in SNI
(trojan.rules)
2825562 - ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (ll)
(trojan.rules)
2825563 - ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)
(trojan.rules)
2825564 - ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)
(trojan.rules)
2825565 - ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity Sending
Screenshot (CAP) (trojan.rules)
2825566 - ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (CAP)
(trojan.rules)
2825567 - ETPRO TROJAN Possible Panda Banker DGA Lets Encrypt SSL Cert
(trojan.rules)
2825568 - ETPRO TROJAN Powershell Downloader Domain in SNI (trojan.rules)


[///]     Modified active rules:     [///]

2018789 - ET POLICY TLS possible TOR SSL traffic (policy.rules)
2024096 - ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression
Injection (CVE-2017-5638) (Content-Disposition) M1 (web_specific_apps.rules)
2815245 - ETPRO CURRENT_EVENTS Successful Paypal Phish Dec 8 M1
(current_events.rules)
2821693 - ETPRO TROJAN W32/Ramnit Initial CnC Connection (trojan.rules)
2825353 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected
(trojan.rules)


[---]         Removed rules:         [---]

2012300 - ET TROJAN Win32.Banker.AAD CnC Communication (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170322/d77f2ef3/attachment.html>


More information about the Emerging-updates mailing list