[Emerging-updates] Daily Ruleset Update Summary 2017/03/28

Travis Green tgreen at emergingthreats.net
Tue Mar 28 17:45:32 EDT 2017


[***]            Summary:            [***]

3 new Open, 30 new Pro (3 + 27). Theresa Ransomware, CVE-2017-7269, Various
Phishing, Various Android
Thanks: @jonny55555


[+++]          Added rules:          [+++]

Open:

 2024105 - ET POLICY Win32/Teslacrypt Ransomware .onion domain (2kjb7.net)
(policy.rules)
 2024106 - ET TROJAN Win32/Teslacrypt Ransomware .onion domain
(7tno4hib47vlep5o) (trojan.rules)
 2024107 - ET WEB_SERVER Microsoft IIS Remote Code Execution
(CVE-2017-7269) (web_server.rules)

Pro:

 2825629 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish Mar 27 2017
(current_events.rules)
 2825630 - ETPRO CURRENT_EVENTS RBC Royal Bank Phishing Landing Mar 27 2017
(current_events.rules)
 2825631 - ETPRO TROJAN HAKOPS Keylogger SMTP Infection Report
(trojan.rules)
 2825632 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish Mar 27 2017
(current_events.rules)
 2825633 - ETPRO MOBILE_MALWARE PUP Android/Cooee.B Checkin
(mobile_malware.rules)
 2825634 - ETPRO MOBILE_MALWARE PUP Android/Cooee.B Checkin 2
(mobile_malware.rules)
 2825635 - ETPRO MOBILE_MALWARE Android.Trojan.Fotemain.B CnC Beacon
(mobile_malware.rules)
 2825636 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.g SMS Exfil
(mobile_malware.rules)
 2825641 - ETPRO MOBILE_MALWARE Android/SmForw.J CnC Beacon
(mobile_malware.rules)
 2825642 - ETPRO MOBILE_MALWARE Android/SmForw.J Contact Exfil
(mobile_malware.rules)
 2825643 - ETPRO MOBILE_MALWARE Android.Riskware.SMSSend.B Checkin
(mobile_malware.rules)
 2825644 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish Mar 28 2017
(current_events.rules)
 2825645 - ETPRO CURRENT_EVENTS Adobe Shared Document Phishing Landing Mar
28 2017 (current_events.rules)
 2825646 - ETPRO TROJAN Theresa Ransomware Initial CnC Checkin
(trojan.rules)
 2825647 - ETPRO TROJAN Theresa Ransomware Initial CnC Checkin Response
(trojan.rules)
 2825648 - ETPRO TROJAN Theresa Ransomware CnC File Encryption Status
(trojan.rules)
 2825649 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.fi)
(policy.rules)
 2825650 - ETPRO TROJAN Win32/Filecoder Ransomware Variant .onion Proxy
Domain - Clone (trojan.rules)
 2825651 - ETPRO TROJAN Win32/Remcos RAT Checkin 3 (trojan.rules)
 2825652 - ETPRO POLICY External IP Lookup ipapi.co (policy.rules)
 2825653 - ETPRO POLICY External IP Lookup ipof.in (policy.rules)
 2825654 - ETPRO TROJAN MSIL/Unknown CnC Checkin via MSSQL 1 (trojan.rules)
 2825655 - ETPRO TROJAN MSIL/Unknown CnC Checkin via MSSQL 2 (trojan.rules)
 2825656 - ETPRO TROJAN W32.Gotrat.de Checkin 2 (trojan.rules)
 2825657 - ETPRO TROJAN W32.Gotrat.de Checkin (trojan.rules)
 2825658 - ETPRO TROJAN Unknown KeyLogger CnC Checkin (trojan.rules)
 2825659 - ETPRO TROJAN Unknown KeyLogger CnC Checkin (trojan.rules)


[///]     Modified active rules:     [///]

 2001891 - ET USER_AGENTS Suspicious User Agent (agent) (user_agents.rules)
 2003492 - ET MALWARE Suspicious Mozilla User-Agent - Likely Fake
(Mozilla/4.0) (malware.rules)
 2007994 - ET MALWARE Suspicious User-Agent (1 space) (malware.rules)
 2018876 - ET POLICY  DNS Query to .onion proxy Domain (onion.cab)
(policy.rules)
 2020839 - ET POLICY Win32/Teslacrypt Ransomware .onion domain (
63ghdye17.com) (policy.rules)
 2020844 - ET POLICY Win32/Teslacrypt Ransomware .onion domain (
7hwr34n18.com) (policy.rules)
 2020869 - ET POLICY Win32/Teslacrypt Ransomware .onion domain (
wh47f2as19.com) (policy.rules)
 2021293 - ET CURRENT_EVENTS KaiXin Secondary Landing Page
(current_events.rules)
 2807390 - ETPRO TROJAN Trojan.Dimnie Checkin 2 (trojan.rules)
 2807391 - ETPRO TROJAN Trojan.Dimnie Checkin (trojan.rules)
 2824134 - ETPRO CURRENT_EVENTS Successful Generic Phish (Meta HTTP-Equiv
Refresh) Dec 29 2016 (current_events.rules)
 2825226 - ETPRO TROJAN Helminth/Oilrig CnC Beacon 2 (trojan.rules)


[---]         Removed rules:         [---]

 2809702 - ETPRO TROJAN Win32/Teslacrypt Ransomware .onion domain
(7tno4hib47vlep5o) (trojan.rules)
 2809867 - ETPRO POLICY DNS Query to .onion proxy Domain (2kjb7.net)
(policy.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170328/57a0ddff/attachment.html>


More information about the Emerging-updates mailing list