[Emerging-updates] Daily Ruleset Update Summary 2017/05/03

Travis Green tgreen at emergingthreats.net
Wed May 3 20:51:26 EDT 2017


[***]            Summary:            [***]

4 new Open, 33 new Pro (4 + 29). Casper/LEAD DNS Lookup, KONNI, Google App
Oauth Phish, Various Mobile
Thanks: @_k4b00m_, MS-ISAC (@CISecurity)

[+++]          Added rules:          [+++]

 Open:

  2024266 - ET CURRENT_EVENTS Successful Google App Oauth Phish M1 Mar 3
2017 (current_events.rules)
  2024267 - ET CURRENT_EVENTS Successful Google App Oauth Phish M2 Mar 3
2017 (current_events.rules)
  2024268 - ET CURRENT_EVENTS Successful Google App Oauth Phish M3 Mar 3
2017 (current_events.rules)
  2024269 - ET CURRENT_EVENTS Successful Google App Oauth Phish M4 Mar 3
2017 (current_events.rules)

 Pro:

  2826215 - ETPRO TROJAN Win32/TrojanDownloader.Delf.BQI Checkin
(trojan.rules)
  2826216 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
  2826217 - ETPRO TROJAN MSIL/Hidden-Tear Variant Ransomware (Lockify) CnC
Checkin (trojan.rules)
  2826218 - ETPRO TROJAN MSIL/Hidden-Tear Variant CnC Checkin (trojan.rules)
  2826219 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
  2826220 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
  2826221 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
  2826222 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
  2826223 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
  2826224 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
  2826225 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
  2826226 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
  2826227 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
  2826228 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
  2826229 - ETPRO TROJAN Possible TorrentLocker Connectivity Check 1
(trojan.rules)
  2826230 - ETPRO TROJAN Possible TorrentLocker Connectivity Check 2
(trojan.rules)
  2826231 - ETPRO TROJAN Possible TorrentLocker Connectivity Check 3
(trojan.rules)
  2826232 - ETPRO TROJAN Unknown Stealer Checkin 2 (trojan.rules)
  2826233 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz Contact
Exfil via SMTP 2 (mobile_malware.rules)
  2826234 - ETPRO POLICY Known Vulnerable Intel AMT Version Detected
Outbound (policy.rules)
  2826235 - ETPRO SCAN Possible Intel AMT Login Attempt Detected
(scan.rules)
  2826236 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ey Contact
Exfil via SMTP (mobile_malware.rules)
  2826237 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ey SMS Exfil
via SMTP (mobile_malware.rules)
  2826238 - ETPRO MALWARE MSIL/PipOffers Adware/PUP Activity (malware.rules)
  2826239 - ETPRO MALWARE Observed Adware/PUP User-Agent (OfferCast)
(malware.rules)
  2826240 - ETPRO TROJAN KONNI Checkin (trojan.rules)
  2826241 - ETPRO TROJAN KONNI Retrieving Payload (trojan.rules)
  2826242 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.dj SMS Exfil
via SMTP 5 (mobile_malware.rules)
  2826243 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.dj SMS Exfil
via SMTP 6 (mobile_malware.rules)


 [///]     Modified active rules:     [///]

  Addition of "former_category" metadata modified > 2000 rules. Full list
here:
https://rules.emergingthreats.net/changelogs/suricata-1.3-enhanced.etpro.2017-05-03T21:19:44.txt


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170503/6cd48304/attachment.html>


More information about the Emerging-updates mailing list