[Emerging-updates] Daily Ruleset Update Summary 2017/03/27

Travis Green tgreen at emergingthreats.net
Mon Mar 27 18:45:30 EDT 2017


[***]            Summary:            [***]

4 new Open, 26 new Pro (4 + 22). Astrum EK, Python Ransomware, Various
Phishing, Various Android


 [+++]          Added rules:          [+++]

  Open:

  2024101 - ET CURRENT_EVENTS Successful RBC Royal Bank Phish Mar 27 2017
(current_events.rules)
  2024102 - ET CURRENT_EVENTS Successful Tangerine Bank Phish M1 Mar 27
2017 (current_events.rules)
  2024103 - ET CURRENT_EVENTS Successful Tangerine Bank Phish M2 Mar 27
2017 (current_events.rules)
  2024104 - ET TROJAN ABUSE.CH Ransomware/Cerber Onion Domain Lookup -
Clone (trojan.rules)

  Pro:

  2825607 - ETPRO CURRENT_EVENTS Astrum EK Infoleak Prefilter Mar 25 2017
(current_events.rules)
  2825608 - ETPRO CURRENT_EVENTS Astrum EK Infoleak Prefilter M2 25 2017
(current_events.rules)
  2825609 - ETPRO TROJAN Possible Apple Phishing SNI (trojan.rules)
  2825610 - ETPRO TROJAN Lets Encrypt Free SSL Cert Observed in Possible
Apple Phishing (trojan.rules)
  2825611 - ETPRO CURRENT_EVENTS Adobe Online Document Phishing Landing Mar
25 M1 (current_events.rules)
  2825612 - ETPRO MALWARE Win32/Adware.Kraddare.MB Dropping PUP
(malware.rules)
  2825613 - ETPRO TROJAN MSIL/Unk.PWS Reporting Infection via SMTP
(trojan.rules)
  2825614 - ETPRO CURRENT_EVENTS Successful Apple Phish Mar 27 2017
(current_events.rules)
  2825615 - ETPRO TROJAN DNS Query to TorrentLocker Domain (flackbon . tw)
(trojan.rules)
  2825616 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Agent.ay CnC
Beacon (mobile_malware.rules)
  2825617 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.aw Checkin 2
(mobile_malware.rules)
  2825618 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.aw Checkin 3
(mobile_malware.rules)
  2825619 - ETPRO TROJAN Undefined Python Ransomware CnC Checkin
(trojan.rules)
  2825620 - ETPRO TROJAN Undefined Python Ransomware CnC Activity
(trojan.rules)
  2825621 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.bz Checkin
(mobile_malware.rules)
  2825622 - ETPRO WEB_SERVER JexBoss Common URI struct Observed 3 (INBOUND)
(web_server.rules)
  2825623 - ETPRO WEB_SERVER JexBoss Common URI struct Observed 4 (INBOUND)
(web_server.rules)
  2825624 - ETPRO WEB_SERVER Successful WebShell Access (web_server.rules)
  2825625 - ETPRO TROJAN Undefined Python Ransomware CnC Activity M2
(trojan.rules)
  2825626 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.aw Checkin 4
(mobile_malware.rules)
  2825627 - ETPRO TROJAN Undefined Python Ransomware CnC Activity
(trojan.rules)
  2825628 - ETPRO TROJAN DNS Query to TorrentLocker Domain (ifixidea . com)
(trojan.rules)


 [///]     Modified active rules:     [///]

  2810934 - ETPRO TROJAN Win32.Metfok Downloader CnC Beacon (trojan.rules)
  2821474 - ETPRO MOBILE_MALWARE Android/Secapk.F Checkin 4
(mobile_malware.rules)
  2825326 - ETPRO TROJAN DNS Query to TorrentLocker Domain (frontmain . pl)
(trojan.rules)
  2825327 - ETPRO TROJAN DNS Query to TorrentLocker Domain (joygo . pl)
(trojan.rules)
  2825328 - ETPRO TROJAN DNS Query to TorrentLocker Domain (questpul . pl)
(trojan.rules)
  2825329 - ETPRO TROJAN DNS Query to TorrentLocker Domain (homewind . pl)
(trojan.rules)
  2825581 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.aw Checkin
(mobile_malware.rules)
  2825599 - ETPRO TROJAN DNS Query to TorrentLocker Domain (hoptrop . pl)
(trojan.rules)
  2825600 - ETPRO TROJAN DNS Query to TorrentLocker Domain (mailteam . pl)
(trojan.rules)
  2825601 - ETPRO TROJAN DNS Query to TorrentLocker Domain (frontymen . pl)
(trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170327/8099951b/attachment.html>


More information about the Emerging-updates mailing list