[Emerging-updates] Daily Ruleset Update Summary 2017/05/05

Travis Green tgreen at emergingthreats.net
Fri May 5 17:03:47 EDT 2017


[***]            Summary:            [***]

3 new Open, 31 new Pro (3 + 28). Wordpress Host Header Injection, APT28
XAgent, IsmDoor DNS C2, Various Mobile.
Thanks: MS-ISAC (@CISecurity)

[+++]          Added rules:          [+++]

Open:

 2024277 - ET WEB_SPECIFIC_APPS Wordpress Host Header Injection
(CVE-2016-10033) M1 (web_specific_apps.rules)
 2024278 - ET WEB_SPECIFIC_APPS Wordpress Host Header Injection
(CVE-2016-10033) M2 (web_specific_apps.rules)
 2024279 - ET WEB_SPECIFIC_APPS Wordpress Host Header Injection
(CVE-2016-10033) M3 (web_specific_apps.rules)

Pro:

 2826254 - ETPRO TROJAN Custom Cobalt Strike Beacon UA (trojan.rules)
 2826255 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.pac CnC
Beacon (mobile_malware.rules)
 2826256 - ETPRO TROJAN Unknown Targeted PowerShell Retrieving Payload
(trojan.rules)
 2826257 - ETPRO TROJAN Unknown Targeted PowerShell CnC Beacon
(trojan.rules)
 2826258 - ETPRO TROJAN DNS Query to Sage Domain (xcvkjet . net)
(trojan.rules)
 2826259 - ETPRO TROJAN Likely APT28 XAgent or Uploader DNS Lookup
(trojan.rules)
 2826260 - ETPRO TROJAN DNS Query to Cerber Domain (1khwro . top)
(trojan.rules)
 2826261 - ETPRO TROJAN DNS Query to Cerber Domain (1pbfky . top)
(trojan.rules)
 2826262 - ETPRO TROJAN DNS Query to Cerber Domain (17gvad . top)
(trojan.rules)
 2826263 - ETPRO TROJAN DNS Query to Cerber Domain (19xvyd . top)
(trojan.rules)
 2826264 - ETPRO TROJAN DNS Query to Cerber Domain (15e8hv . top)
(trojan.rules)
 2826265 - ETPRO TROJAN DNS Query to Cerber Domain (1gvyo8 . top)
(trojan.rules)
 2826266 - ETPRO TROJAN DNS Query to Cerber Domain (1jzmjr . top)
(trojan.rules)
 2826267 - ETPRO TROJAN DNS Query to Cerber Domain (13bcem . top)
(trojan.rules)
 2826268 - ETPRO TROJAN DNS Query to Cerber Domain (1fzjn3 . top)
(trojan.rules)
 2826269 - ETPRO TROJAN DNS Query to Cerber Domain (12hxjv . top)
(trojan.rules)
 2826270 - ETPRO TROJAN DNS Query to Cerber Domain (1wmvk2 . top)
(trojan.rules)
 2826271 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
 2826272 - ETPRO TROJAN APT28 XTunnel DNS Lookup (trojan.rules)
 2826273 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
 2826274 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
 2826275 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
 2826276 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
 2826277 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.dj Reporting
via SMTP 3 (mobile_malware.rules)
 2826278 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.dj Reporting
via SMTP 4 (mobile_malware.rules)
 2826279 - ETPRO TROJAN ZLoader Malicious SSL Cert Observed (trojan.rules)
 2826280 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.EQ SMS Exfil via SMTP
(mobile_malware.rules)
 2826281 - ETPRO TROJAN IsmDoor DNS C2 Initial Checkin (trojan.rules)


[///]     Modified active rules:     [///]

 2808944 - ETPRO TROJAN Win32/Comame Checkin (trojan.rules)
 2810654 - ETPRO POLICY Possibly Suspicious example.com SSL Cert
(policy.rules)
 2824781 - ETPRO TROJAN Win32/Necurs Checkin 3 (trojan.rules)
 2825135 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ac SMS Exfil
via SMTP (mobile_malware.rules)
 2825226 - ETPRO TROJAN Helminth/Oilrig CnC Beacon 2 (trojan.rules)


[---]         Removed rules:         [---]

 2826212 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.dj SMS Exfil
via SMTP 5 (mobile_malware.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170505/8f0972ea/attachment.html>


More information about the Emerging-updates mailing list