[Emerging-updates] Daily Ruleset Update Summary 2017/05/25

Travis Green tgreen at emergingthreats.net
Thu May 25 18:43:13 EDT 2017


[***]            Summary:            [***]

9 new Open, 33 new Pro (9 + 24). APT32 Komprogo, APT32 Win32/Agent.YFL,
Mole Ransomware Payment Domain, Samba (CVE-2017-7494), Win32/Adonis,
Various Mobile, Various Phishing.
Thanks: Noah Dunker

[+++]          Added rules:          [+++]

Open:

 2024328 - ET CURRENT_EVENTS Successful Banco do Brasil Phish Mar 30 2017
(current_events.rules)
 2024329 - ET CURRENT_EVENTS Successful Banco do Brasil Phish May 25 2017
(current_events.rules)
 2024330 - ET TROJAN APT32 Komprogo DNS Lookup (trojan.rules)
 2024331 - ET TROJAN APT32 Komprogo DNS Lookup (trojan.rules)
 2024332 - ET TROJAN APT32 Komprogo DNS Lookup (trojan.rules)
 2024333 - ET TROJAN APT32 Komprogo DNS Lookup (trojan.rules)
 2024334 - ET TROJAN APT32 Komprogo DNS Lookup (trojan.rules)
 2024335 - ET EXPLOIT Samba Arbitrary Module Loading Vulnerability (.so
file write to share) (CVE-2017-7494) (exploit.rules)
 2024336 - ET EXPLOIT Samba Arbitrary Module Loading Vulnerability (NT
Create AndX .so) (CVE-2017-7494) (exploit.rules)

Pro:

 2826510 - ETPRO TROJAN MSIL/Unk Reporting Infection via FTP (trojan.rules)
 2826511 - ETPRO MOBILE_MALWARE Unknown Android Loader Checkin
(mobile_malware.rules)
 2826512 - ETPRO TROJAN BigKlim CnC Beacon (trojan.rules)
 2826513 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
132 (mobile_malware.rules)
 2826514 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.ft CnC Beacon
(mobile_malware.rules)
 2826515 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.PP CnC Beacon
(mobile_malware.rules)
 2826517 - ETPRO CURRENT_EVENTS Successful Generic Phish - Observed in
OneDrive Phishing May 25 2017 (current_events.rules)
 2826518 - ETPRO TROJAN Possible DNS Query matching Cerber Domain Format
(trojan.rules)
 2826519 - ETPRO TROJAN Win32/Adonis/Other Screenlocker CnC Checkin
(trojan.rules)
 2826520 - ETPRO CURRENT_EVENTS Successful Generic Phish - Common Multiple
JS Unescape May 25 2017 (current_events.rules)
 2826521 - ETPRO CURRENT_EVENTS Successful Adobe PDF Phish May 25 2017
(current_events.rules)
 2826522 - ETPRO CURRENT_EVENTS Successful Discover Phish M1 May 25 2017
(current_events.rules)
 2826523 - ETPRO CURRENT_EVENTS Successful Discover Phish M2 May 25 2017
(current_events.rules)
 2826524 - ETPRO TROJAN Observed DNS Request for Mole Ransomware Payment
Domain (trojan.rules)
 2826525 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) May
25 2017 (current_events.rules)
 2826526 - ETPRO CURRENT_EVENTS Successful Paypal Phish May 25 2017
(current_events.rules)
 2826527 - ETPRO CURRENT_EVENTS Successful Bank of America Phish May 25
2017 (current_events.rules)
 2826528 - ETPRO MOBILE_MALWARE Android/Agent.LK CnC Beacon
(mobile_malware.rules)
 2826529 - ETPRO MOBILE_MALWARE Android/Agent.LK CnC Beacon 2
(mobile_malware.rules)
 2826530 - ETPRO TROJAN APT32 Win32/Agent.YFL Checkin (trojan.rules)
 2826531 - ETPRO TROJAN APT32 Win32/Agent.YFL Fake User-Agent (trojan.rules)
 2826532 - ETPRO TROJAN APT32 Win32/Agent.YFL CnC Beacon (trojan.rules)
 2826533 - ETPRO TROJAN APT32 Win32/Agent.YFL DNS TXT CnC Beacon
(trojan.rules)
 2826534 - ETPRO TROJAN Win32/Ibashade CnC Beacon (trojan.rules)


[///]     Modified active rules:     [///]

 2010595 - ET MALWARE User-Agent (???) (malware.rules)
 2019750 - ET WEB_CLIENT Samsung Galaxy Knox Android Browser RCE smdm
attempt (web_client.rules)
 2801787 - ETPRO SCADA IGSS SCADA System Directory Traversal and Download
(scada.rules)
 2801788 - ETPRO SCADA IGSS SCADA system Directory Traversal Upload and
Overwrite (scada.rules)
 2804426 - ETPRO WEB_CLIENT Microsoft Windows midiOutPlayNextPolyEvent Heap
Overflow 1 (web_client.rules)
 2804427 - ETPRO WEB_CLIENT Microsoft Windows midiOutPlayNextPolyEvent Heap
Overflow 2 (web_client.rules)
 2804428 - ETPRO WEB_CLIENT Microsoft Windows midiOutPlayNextPolyEvent Heap
Overflow 3 (web_client.rules)
 2804641 - ETPRO SCADA MOXA Device Manager Tool 2.1 Buffer Overflow
(scada.rules)
 2804645 - ETPRO SCADA ScadaTEC ScadaPhone <= v5.3.11.1230 Stack Buffer
Overflow (scada.rules)
 2804886 - ETPRO ACTIVEX VLC MMS Stream Handling access to vulnerable
function potential Buffer Overflow attempt (activex.rules)
 2807370 - ETPRO TROJAN Backdoor.Win32.Agent.dbtl (Likely APT32 WINDSHIELD)
Checkin (trojan.rules)
 2825296 - ETPRO TROJAN APT32 Win32/Denis CnC Initial Request DNS Beacon
(trojan.rules)


[---]         Disabled rules:        [---]

 2824431 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Jan 13 2017
(current_events.rules)
 2826097 - ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Apr 24 2017
(current_events.rules)


[---]         Removed rules:         [---]

 2821335 - ETPRO CURRENT_EVENTS Windows Settings Phishing Landing Jul 22
(current_events.rules)
 2821995 - ETPRO CURRENT_EVENTS iCloud Phishing Landing Sept 2 2016
(current_events.rules)
 2825690 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish Mar 30
2017 (current_events.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170525/da985b81/attachment.html>


More information about the Emerging-updates mailing list