[Emerging-updates] Daily Ruleset Update Summary 2017/05/08

Travis Green tgreen at emergingthreats.net
Mon May 8 17:26:17 EDT 2017


[***]            Summary:            [***]

3 new Open, 19 new Pro (3 + 16). NewHT Ransomware, IsmDoor, Intel AMT,
Various Mobile.
Thanks: @esentire

[+++]          Added rules:          [+++]

Open:

  2024280 - ET TROJAN MSIL/NewHT Ransomware CnC Checkin (trojan.rules)
  2024281 - ET TROJAN Known Hostile Domain ant.trenz .pl Lookup
(trojan.rules)
  2024282 - ET EXPLOIT Intel AMT Login Attempt Detected (CVE 2017-5689)
(exploit.rules)

Pro:

  2826282 - ETPRO TROJAN IsmDoor DNS C2 Domain Name (trojan.rules)
  2826283 - ETPRO TROJAN IsmDoor DNS C2 Domain Name (trojan.rules)
  2826284 - ETPRO TROJAN IsmDoor DNS C2 Initial Data Sent (trojan.rules)
  2826285 - ETPRO TROJAN IsmDoor DNS C2 Checkin Stage 3 (trojan.rules)
  2826286 - ETPRO TROJAN IsmDoor DNS C2 Checkin Stage 4 (trojan.rules)
  2826287 - ETPRO TROJAN IsmDoor DNS C2 Checkin Stage 5 (trojan.rules)
  2826288 - ETPRO TROJAN IsmDoor DNS C2 Domain Name (trojan.rules)
  2826289 - ETPRO TROJAN IsmDoor DNS C2 Domain Name (trojan.rules)
  2826290 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.mk Reporting
via SMTP 4 (mobile_malware.rules)
  2826291 - ETPRO CURRENT_EVENTS Successful Dropbox Phish May 08 2017
(current_events.rules)
  2826292 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ac Contact
Exfil via SMTP 3 (mobile_malware.rules)
  2826293 - ETPRO TROJAN Win32/Bondnet Checkin (trojan.rules)
  2826294 - ETPRO MOBILE_MALWARE Android.Trojan.Lotus.A GPS Location Exfil
via SMTP (mobile_malware.rules)
  2826295 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.dj
SMS/Contact Exfil via SMTP (mobile_malware.rules)
  2826296 - ETPRO TROJAN PowerShell/TrojanDownloader.Agent.AP Checkin
 (trojan.rules)
  2826297 - ETPRO TROJAN PowerShell/TrojanDownloader.Agent.AP Checkin
 (trojan.rules)


 [///]     Modified active rules:     [///]

  2001622 - ET ACTIVEX winhlp32 ActiveX control attack - phase 1
(activex.rules)
  2001623 - ET ACTIVEX winhlp32 ActiveX control attack - phase 2
(activex.rules)
  2001624 - ET ACTIVEX winhlp32 ActiveX control attack - phase 3
(activex.rules)
  2012730 - ET TROJAN Known Hostile Domain ilo.brenz .pl Lookup
(trojan.rules)
  2015559 - ET CURRENT_EVENTS Cridex Self Signed SSL Certificate (TR
Some-State Internet Widgits) (current_events.rules)
  2826233 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz Contact
Exfil via SMTP 2 (mobile_malware.rules)
  2826281 - ETPRO TROJAN IsmDoor DNS C2 Initial Checkin (trojan.rules)


 [---]         Disabled rules:        [---]

  2024277 - ET WEB_SPECIFIC_APPS Wordpress Host Header Injection
(CVE-2016-10033) M1 (web_specific_apps.rules)


 [---]         Removed rules:         [---]

  2826235 - ETPRO SCAN Possible Intel AMT Login Attempt Detected
(scan.rules)
  2826250 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.mk Reporting
via SMTP 2 (mobile_malware.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170508/9f82cf5e/attachment.html>


More information about the Emerging-updates mailing list