[Emerging-updates] Daily Ruleset Update Summary 2017/05/17

Travis Green tgreen at emergingthreats.net
Wed May 17 17:58:17 EDT 2017


[***]            Summary:            [***]

15 new Open, 36 new Pro (15 + 21). NetBackup RCE, MWI Maldoc, Loki Bot,
Adylkuzz CnC, Various Mobile.

Thanks: MS-iSAC (@CISecurity), @R3MRUM

[+++]          Added rules:          [+++]

Open:

 2024305 - ET CURRENT_EVENTS Multibrowser Resource Exhaustion observed in
Tech Support Scam (current_events.rules)
 2024306 - ET TROJAN MWI Maldoc Load Payload (trojan.rules)
 2024307 - ET TROJAN MWI Maldoc Posting Host Data (trojan.rules)
 2024308 - ET EXPLOIT NB8-01 - Unauthed RCE via bprd (exploit.rules)
 2024309 - ET EXPLOIT NB8-02 - Possible Unauthed RCE via nbbsdtar
(exploit.rules)
 2024310 - ET EXPLOIT NB8-04 - Possible Unauthed RCE via whitelist bypass
(exploit.rules)
 2024311 - ET TROJAN Loki Bot Cryptocurrency Wallet Exfiltration Detected
(trojan.rules)
 2024312 - ET TROJAN Loki Bot Application/Credential Data Exfiltration
Detected M1 (trojan.rules)
 2024313 - ET TROJAN Loki Bot Request for C2 Commands Detected M1
(trojan.rules)
 2024314 - ET TROJAN Loki Bot File Exfiltration Detected (trojan.rules)
 2024315 - ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M1
(trojan.rules)
 2024316 - ET TROJAN Loki Bot Screenshot Exfiltration Detected
(trojan.rules)
 2024317 - ET TROJAN Loki Bot Application/Credential Data Exfiltration
Detected M2 (trojan.rules)
 2024318 - ET TROJAN Loki Bot Request for C2 Commands Detected M2
(trojan.rules)
 2024319 - ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M2
(trojan.rules)

Pro:

 2826410 - ETPRO TROJAN Maktub Ransomware XOR'd Binary Downloaded
(trojan.rules)
 2826411 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
 (2017-05-17 1) (trojan.rules)
 2826412 - ETPRO TROJAN DNS Query to Cerber Domain (15mwt4 . top)
(trojan.rules)
 2826413 - ETPRO TROJAN DNS Query to Cerber Domain (1lqrja . top)
(trojan.rules)
 2826414 - ETPRO TROJAN DNS Query to Cerber Domain (1kw51p . top)
(trojan.rules)
 2826415 - ETPRO TROJAN MSIL/Unk.RAT CnC Checkin (l/i) (trojan.rules)
 2826416 - ETPRO TROJAN DNS Query to Cerber Domain (1eetmp . top)
(trojan.rules)
 2826417 - ETPRO TROJAN DNS Query to Cerber Domain (13ydzv . top)
(trojan.rules)
 2826418 - ETPRO TROJAN DNS Query to Cerber Domain (1mfakx . top)
(trojan.rules)
 2826419 - ETPRO TROJAN DNS Query to Cerber Domain (17kc8y . top)
(trojan.rules)
 2826420 - ETPRO TROJAN MSIL/Unk.RAT CnC Sending Screenshot (cp)
(trojan.rules)
 2826421 - ETPRO TROJAN MSIL/Unk.RAT CnC Command (ac) (trojan.rules)
 2826422 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
117 (mobile_malware.rules)
 2826423 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
118 (mobile_malware.rules)
 2826424 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
119 (mobile_malware.rules)
 2826425 - ETPRO TROJAN Sinkhole.tech Sinkhole Reply (trojan.rules)
 2826426 - ETPRO TROJAN inThreat/Sekoia Sinkhole Reply (trojan.rules)
 2826427 - ETPRO TROJAN Adylkuzz CnC Beacon 1 (trojan.rules)
 2826428 - ETPRO TROJAN Adylkuzz CnC Beacon 2 (trojan.rules)
 2826429 - ETPRO TROJAN Adylkuzz CnC Beacon 3 (trojan.rules)
 2826430 - ETPRO TROJAN Adylkuzz CnC Beacon 4 (trojan.rules)


[///]     Modified active rules:     [///]

 2019891 - ET TROJAN W32/Dridex POST CnC Beacon (trojan.rules)
 2825280 - ETPRO TROJAN DNS Query to Sage Domain (k5hjej9 . com)
(trojan.rules)
 2825281 - ETPRO TROJAN DNS Query to Sage Domain (io23zc . com)
(trojan.rules)
 2825282 - ETPRO TROJAN DNS Query to Sage Domain (p0alj2 . com)
(trojan.rules)
 2825283 - ETPRO TROJAN DNS Query to Sage Domain (2kzm0f . com)
(trojan.rules)
 2825284 - ETPRO TROJAN DNS Query to Sage Domain (3io74zx . com)
(trojan.rules)
 2825285 - ETPRO TROJAN DNS Query to Sage Domain (er29sl . in)
(trojan.rules)
 2825287 - ETPRO TROJAN DNS Query to Sage Domain (rzunt3u2 . com)
(trojan.rules)
 2825500 - ETPRO TROJAN DNS Query to Sage Domain (jktew0 . com)
(trojan.rules)
 2825501 - ETPRO TROJAN DNS Query to Sage Domain (jpo2z1 . net)
(trojan.rules)
 2825592 - ETPRO TROJAN DNS Query to Sage Domain (we0sgd . com)
(trojan.rules)
 2825593 - ETPRO TROJAN DNS Query to Sage Domain (lfsjkad . net)
(trojan.rules)
 2825594 - ETPRO TROJAN DNS Query to Sage Domain (yio3lvx . com)
(trojan.rules)
 2825749 - ETPRO TROJAN DNS Query to Sage Domain (y8lkjg5 . net)
(trojan.rules)
 2826120 - ETPRO TROJAN DNS Query to Sage Domain (qlkrwn . com)
(trojan.rules)
 2826169 - ETPRO TROJAN DNS Query to Sage Domain (xcvkjet . com)
(trojan.rules)
 2826258 - ETPRO TROJAN DNS Query to Sage Domain (xcvkjet . net)
(trojan.rules)
 2826375 - ETPRO TROJAN DNS Query to Sage Domain (eho23d . net)
(trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170517/ababa35f/attachment.html>


More information about the Emerging-updates mailing list