[Emerging-updates] Daily Ruleset Update Summary 2017/05/16

Travis Green tgreen at emergingthreats.net
Tue May 16 19:39:36 EDT 2017


[***]            Summary:            [***]

10 new Open, 20 new Pro (10 + 10). WannaCry, Various Mobile

Thanks: Kevin Ross, @MalwrHunterTeam

[+++]          Added rules:          [+++]

Open:

 2024295 - ET TROJAN Possible WannaCry DNS Lookup (trojan.rules)
 2024296 - ET TROJAN Possible WannaCry DNS Lookup (trojan.rules)
 2024297 - ET CURRENT_EVENTS ETERNALBLUE Exploit M2 MS17-010
(current_events.rules)
 2024298 - ET TROJAN W32/WannaCry.Ransomware Killswitch Domain HTTP Request
1 (trojan.rules)
 2024299 - ET TROJAN W32/WannaCry.Ransomware Killswitch Domain HTTP Request
2 (trojan.rules)
 2024300 - ET TROJAN W32/WannaCry.Ransomware Killswitch Domain HTTP Request
3 (trojan.rules)
 2024301 - ET TROJAN W32/WannaCry.Ransomware Killswitch Domain HTTP Request
4 (trojan.rules)
 2024302 - ET TROJAN W32/WannaCry.Ransomware Killswitch Domain HTTP Request
5 (trojan.rules)
 2024303 - ET WEB_CLIENT Malicious SCF File Inbound (web_client.rules)
 2024304 - ET TROJAN MSIL/May Ransomware SSL Cert Observed (trojan.rules)

Pro:

 2826400 - ETPRO MOBILE_MALWARE Android/Fadeb.P Checkin
(mobile_malware.rules)
 2826401 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
114 (mobile_malware.rules)
 2826402 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
115 (mobile_malware.rules)
 2826403 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
116 (mobile_malware.rules)
 2826404 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Hqwar.jck Checkin
(mobile_malware.rules)
 2826405 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Hqwar.jck Response
(mobile_malware.rules)
 2826406 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Hqwar.jck Response
2 (mobile_malware.rules)
 2826407 - ETPRO TROJAN Hidden-Tear Ransomware Variant Malicious SSL Cert
Observed (trojan.rules)
 2826408 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz Contact
Exfil via SMTP 3 (mobile_malware.rules)
 2826409 - ETPRO TROJAN Hidden-Tear Ransomware Variant CnC Beacon
(trojan.rules)


[///]     Modified active rules:     [///]


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170516/eb1ee489/attachment.html>


More information about the Emerging-updates mailing list