[Emerging-updates] Daily Ruleset Update Summary 2017/05/01

Travis Green tgreen at emergingthreats.net
Mon May 1 18:14:00 EDT 2017


[***]            Summary:            [***]

1 new Open, 21 new Pro (1 + 20). APT10 DNS, Jorgee Scan, Various Phishing

Thanks: Nathan Fowler, @MS_ISAC


[+++]          Added rules:          [+++]

Open:

  2024265 - ET WEB_SERVER Jorgee Scan (web_server.rules)

Pro:

  2826183 - ETPRO TROJAN APT.ChChes CnC Beacon 3 (trojan.rules)
  2826184 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(app.lehigtapp .com) (trojan.rules)
  2826185 - ETPRO TROJAN ABUSE.CH TorrentLocker Payment Page
(2ymh2gnnbg6pgq2r) (trojan.rules)
  2826186 - ETPRO TROJAN ABUSE.CH TorrentLocker Payment Domain (micronit .
tw) (trojan.rules)
  2826187 - ETPRO TROJAN ABUSE.CH TorrentLocker Payment Domain (winregion .
tw) (trojan.rules)
  2826188 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(area.wthelpdesk .com) (trojan.rules)
  2826189 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(dick.ccfchrist .com) (trojan.rules)
  2826190 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(fukuoka.cloud-maste .com) (trojan.rules)
  2826191 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(inspgon.re26 .com) (trojan.rules)
  2826192 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(jepsen.r3u8 .com) (trojan.rules)
  2826193 - ETPRO TROJAN ABUSE.CH TorrentLocker Payment Domain (flackbon .
tw) (trojan.rules)
  2826194 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(jimin.jimindaddy .com) (trojan.rules)
  2826195 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(kawasaki.unhamj .com) (trojan.rules)
  2826196 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(nttdata.otzo .com) (trojan.rules)
  2826197 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(sakai.unhamj .com) (trojan.rules)
  2826198 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(scorpion.poulsenv .com) (trojan.rules)
  2826199 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(trout.belowto .com) (trojan.rules)
  2826200 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(zebra.wthelpdesk .com) (trojan.rules)
  2826201 - ETPRO TROJAN Carbanak VBS/GGLDR v2 CnC Beacon 2 (trojan.rules)
  2826202 - ETPRO MALWARE Wizzcaster Adware/PUP Checkin M2 (malware.rules)


 [///]     Modified active rules:     [///]

  2009949 - ET WEB_SERVER Tilde in URI - potential .pl source disclosure
vulnerability (web_server.rules)
  2009950 - ET WEB_SERVER Tilde in URI - potential .inc source disclosure
vulnerability (web_server.rules)
  2009951 - ET WEB_SERVER Tilde in URI - potential .conf source disclosure
vulnerability (web_server.rules)
  2009952 - ET WEB_SERVER Tilde in URI - potential .asp source disclosure
vulnerability (web_server.rules)
  2009953 - ET WEB_SERVER Tilde in URI - potential .aspx source disclosure
vulnerability (web_server.rules)
  2009955 - ET WEB_SERVER Tilde in URI - potential .php~ source disclosure
vulnerability (web_server.rules)
  2010820 - ET WEB_SERVER Tilde in URI - potential .cgi source disclosure
vulnerability (web_server.rules)
  2014934 - ET CURRENT_EVENTS FoxxySoftware - Landing Page
(current_events.rules)
  2019714 - ET CURRENT_EVENTS Terse alphanumeric executable downloader high
likelihood of being hostile (current_events.rules)
  2023765 - ET TROJAN Betabot Checkin 5 (trojan.rules)
  2024173 - ET TROJAN Red Leaves magic packet detected (APT10 implant)
(trojan.rules)
  2024174 - ET TROJAN Red Leaves magic packet response detected (APT10
implant) (trojan.rules)


 [---]         Removed rules:         [---]

  2008492 - ET TROJAN Win32.Downloader.pgp Checkin (trojan.rules)
  2811710 - ETPRO WEB_SERVER Jorgee Scan (web_server.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170501/17203bd5/attachment.html>


More information about the Emerging-updates mailing list