[Emerging-updates] Daily Ruleset Update Summary 2017/03/31

Travis Green tgreen at emergingthreats.net
Fri Mar 31 18:29:09 EDT 2017


[***]            Summary:            [***]

44 new Open, 51 new Pro (44 + 7). Let's Encrypt Certs, Decimal Redirect,
CopyKitten, Various Phishing, Various Android

Thanks: Kevin Ross


[+++]          Added rules:          [+++]

Open:

 2024123 - ET MOBILE_MALWARE Android.C2P.Qd!c Ransomware CnC Beacon
(mobile_malware.rules)
 2024124 - ET CURRENT_EVENTS Lets Encrypt Free SSL Cert Observed in Tech
Support Scams M1 (current_events.rules)
 2024125 - ET CURRENT_EVENTS Lets Encrypt Free SSL Cert Observed in Tech
Support Scams M2 (current_events.rules)
 2024126 - ET CURRENT_EVENTS Lets Encrypt Free SSL Cert Observed in Tech
Support Scams M3 (current_events.rules)
 2024127 - ET CURRENT_EVENTS Lets Encrypt Free SSL Cert Observed in Tech
Support Scams M4 (current_events.rules)
 2024128 - ET CURRENT_EVENTS Lets Encrypt Free SSL Cert Observed in Tech
Support Scams M5 (current_events.rules)
 2024129 - ET CURRENT_EVENTS Lets Encrypt Free SSL Cert Observed in Tech
Support Scams M6 (current_events.rules)
 2024130 - ET CURRENT_EVENTS Lets Encrypt Free SSL Cert Observed in Tech
Support Scams M7 (current_events.rules)
 2024131 - ET CURRENT_EVENTS Lets Encrypt Free SSL Cert Observed in Tech
Support Scams M8 (current_events.rules)
 2024132 - ET CURRENT_EVENTS Lets Encrypt Free SSL Cert Observed in Tech
Support Scams M9 (current_events.rules)
 2024133 - ET CURRENT_EVENTS Suspicious Decimal IP Redirect - Observed in
RIG EK Redirects M1 (current_events.rules)
 2024134 - ET CURRENT_EVENTS Suspicious Decimal IP Redirect - Observed in
RIG EK Redirects M2 (current_events.rules)
 2024135 - ET CURRENT_EVENTS Suspicious Decimal IP Redirect - Observed in
RIG EK Redirects M3 (current_events.rules)
 2024136 - ET CURRENT_EVENTS Suspicious Decimal IP Redirect - Observed in
RIG EK Redirects M4 (current_events.rules)
 2024137 - ET CURRENT_EVENTS Suspicious Decimal IP Redirect - Observed in
RIG EK Redirects M5 (current_events.rules)
 2024138 - ET CURRENT_EVENTS Suspicious Decimal IP Redirect - Observed in
RIG EK Redirects M6 (current_events.rules)
 2024139 - ET CURRENT_EVENTS Suspicious Decimal IP Redirect - Observed in
RIG EK Redirects M7 (current_events.rules)
 2024140 - ET CURRENT_EVENTS Suspicious Decimal IP Redirect - Observed in
RIG EK Redirects M8 (current_events.rules)
 2024141 - ET CURRENT_EVENTS Suspicious Decimal IP Redirect - Observed in
RIG EK Redirects M9 (current_events.rules)
 2024142 - ET CURRENT_EVENTS Suspicious Decimal IP Redirect - Observed in
RIG EK Redirects M10 (current_events.rules)
 2024143 - ET TROJAN Possible CopyKitten DNS Lookup (1e100 .tech)
(trojan.rules)
 2024144 - ET TROJAN Possible CopyKitten DNS Lookup (1m100 .tech)
(trojan.rules)
 2024145 - ET TROJAN Possible CopyKitten DNS Lookup (ads-youtube .online)
(trojan.rules)
 2024146 - ET TROJAN Possible CopyKitten DNS Lookup (akamaitechnology .com)
(trojan.rules)
 2024147 - ET TROJAN Possible CopyKitten DNS Lookup (alkamaihd .net)
(trojan.rules)
 2024148 - ET TROJAN Possible CopyKitten DNS Lookup (azurewebsites .tech)
(trojan.rules)
 2024149 - ET TROJAN Possible CopyKitten DNS Lookup (broadcast-microsoft
.tech) (trojan.rules)
 2024150 - ET TROJAN Possible CopyKitten DNS Lookup (chromeupdates .online)
(trojan.rules)
 2024151 - ET TROJAN Possible CopyKitten DNS Lookup (cloudmicrosoft .net)
(trojan.rules)
 2024152 - ET TROJAN Possible CopyKitten DNS Lookup (dnsserv .host)
(trojan.rules)
 2024153 - ET TROJAN Possible CopyKitten DNS Lookup (elasticbeanstalk
.tech) (trojan.rules)
 2024154 - ET TROJAN Possible CopyKitten DNS Lookup (fdgdsg .xyz)
(trojan.rules)
 2024155 - ET TROJAN Possible CopyKitten DNS Lookup (jguery .net)
(trojan.rules)
 2024156 - ET TROJAN Possible CopyKitten DNS Lookup (jguery .online)
(trojan.rules)
 2024157 - ET TROJAN Possible CopyKitten DNS Lookup (microsoft-ds .com)
(trojan.rules)
 2024158 - ET TROJAN Possible CopyKitten DNS Lookup (microsoft-security
.host) (trojan.rules)
 2024159 - ET TROJAN Possible CopyKitten DNS Lookup (nameserver .win)
(trojan.rules)
 2024160 - ET TROJAN Possible CopyKitten DNS Lookup (newsfeeds-microsoft
.press) (trojan.rules)
 2024161 - ET TROJAN Possible CopyKitten DNS Lookup (owa-microsoft .online)
(trojan.rules)
 2024162 - ET TROJAN Possible CopyKitten DNS Lookup
(primeminister-goverment-techcenter .tech) (trojan.rules)
 2024163 - ET TROJAN Possible CopyKitten DNS Lookup (qoldenlines .net)
(trojan.rules)
 2024164 - ET TROJAN Possible CopyKitten DNS Lookup (sharepoint-microsoft
.co) (trojan.rules)
 2024165 - ET TROJAN Possible CopyKitten DNS Lookup (ssl-gstatic .online)
(trojan.rules)
 2024166 - ET TROJAN Possible CopyKitten DNS Lookup (trendmicro .tech)
(trojan.rules)

Pro:

 2825692 - ETPRO CURRENT_EVENTS Successful Tmobile (DE) Phish Mar 31 2017
(current_events.rules)
 2825693 - ETPRO CURRENT_EVENTS Successful Paypal Phish (IT) Mar 31 2017
(current_events.rules)
 2825694 - ETPRO CURRENT_EVENTS Successful Office 365 Phish Mar 31 2017
(current_events.rules)
 2825695 - ETPRO CURRENT_EVENTS Successful Blizzard Phish Mar 31 2017
(current_events.rules)
 2825696 - ETPRO TROJAN W32/Unknown Coinminer Module DL (trojan.rules)
 2825697 - ETPRO CURRENT_EVENTS Successful Caf.fr Phish Mar 31 2017
(current_events.rules)
 2825698 - ETPRO TROJAN MSIL/Downloader Downloading NetwireRAT
(trojan.rules)


[///]     Modified active rules:     [///]

 2024121 - ET EXPLOIT NETGEAR WNR2000v5 hidden_lang_avi Stack Overflow
(CVE-2016-10174) (exploit.rules)
 2807086 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Obad.a Checkin 2
(mobile_malware.rules)
 2808271 - ETPRO TROJAN BackDoor.Yebot Checkin (trojan.rules)
 2820838 - ETPRO MOBILE_MALWARE ANDROIDOS_ROOTNIK.CBTCT / Godless Checkin
(mobile_malware.rules)
 2825618 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.aw Checkin 3
(mobile_malware.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170331/32e27aa0/attachment.html>


More information about the Emerging-updates mailing list