[Emerging-updates] Daily Ruleset Update Summary 2017/05/18

Travis Green tgreen at emergingthreats.net
Thu May 18 17:12:57 EDT 2017


[***]            Summary:            [***]

3 new Open, 16 new Pro (3 + 13). ASPC Bot, EasyLocker, Loki Bot, Adylkuzz
CnC, ASPC Bot, Various Mobile.
Thanks: Kevin Ross


[+++]          Added rules:          [+++]

Open:

  2024320 - ET TROJAN MSIL/EasyLocker Ransomware CnC Activity (trojan.rules)
  2024321 - ET TROJAN Win32/ASPC Bot CnC Checkin M2 (trojan.rules)
  2024322 - ET TROJAN Win32/ASPC Bot CnC Checkin M1 (trojan.rules)

Pro:

  2826431 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ay SMS Exfil
3 (mobile_malware.rules)
  2826432 - ETPRO TROJAN Unknown Backdoor Request May 17 2017 (trojan.rules)
  2826433 - ETPRO TROJAN GhostAdmin/KeyTrap/BlakStar Requesting Config M1
(trojan.rules)
  2826434 - ETPRO TROJAN GhostAdmin/KeyTrap/BlakStar Requesting Config M2
(trojan.rules)
  2826435 - ETPRO TROJAN APT.Enfal SSL Cert - Downloaded by Cmstar
(trojan.rules)
  2826436 - ETPRO TROJAN Steam PWS CnC Checkin (trojan.rules)
  2826437 - ETPRO TROJAN Observed Malicious SSL Cert (Orcus RAT)
(trojan.rules)
  2826438 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
120 (mobile_malware.rules)
  2826439 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.dj
SMS/Contact Exfil via SMTP 2 (mobile_malware.rules)
  2826440 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ar SMS Exfil
via SMTP (mobile_malware.rules)
  2826441 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz Contact
Exfil via SMTP 4 (mobile_malware.rules)
  2826443 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz Contact
Exfil via SMTP 5 (mobile_malware.rules)
  2826444 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz Contact
Exfil via SMTP 6 (mobile_malware.rules)


 [///]     Modified active rules:     [///]

  2022006 - ET TROJAN Agent Tesla Keylogger Report SMTP (trojan.rules)
  2024291 - ET TROJAN Possible WannaCry DNS Lookup 1 (trojan.rules)
  2024293 - ET TROJAN Possible WannaCry DNS Lookup 2 (trojan.rules)
  2024294 - ET TROJAN Possible WannaCry DNS Lookup 3 (trojan.rules)
  2024295 - ET TROJAN Possible WannaCry DNS Lookup (trojan.rules)
  2024296 - ET TROJAN Possible WannaCry DNS Lookup (trojan.rules)


 [---]         Removed rules:         [---]
-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170518/ebdd0227/attachment.html>


More information about the Emerging-updates mailing list