[Emerging-updates] Daily Ruleset Update Summary 2017/11/03

Travis Green tgreen at emergingthreats.net
Fri Nov 3 16:43:20 EDT 2017


[***]            Summary:            [***]

11 new Open, 36 new Pro (11 + 25). Android Marcher, Koadic Backdoor,
Win32/SniperTgr, Various Phishing, Various Mobile.


[+++]          Added rules:          [+++]

Open:

 2024943 - ET CURRENT_EVENTS Raiffeisen Phishing Domain Nov 03 2017
(current_events.rules)
 2024944 - ET CURRENT_EVENTS Sparkasse Phishing Domain Nov 03 2017
(current_events.rules)
 2024945 - ET CURRENT_EVENTS SOCENG Fake Update/Installer ForceDL Template
Nov 03 2017 (current_events.rules)
 2024946 - ET CURRENT_EVENTS BankAustria Phishing Domain Nov 03 2017
(current_events.rules)
 2024947 - ET CURRENT_EVENTS Successful Raiffeisen Phish Nov 03 2017
(current_events.rules)
 2024948 - ET CURRENT_EVENTS Successful Sparkasse Phish Nov 03 2017
(current_events.rules)
 2024949 - ET CURRENT_EVENTS Successful BankAustria Phish Nov 03 2017
(current_events.rules)
 2024950 - ET MOBILE_MALWARE Android Marcher Trojan Download - Raiffeisen
Bank Targeting (set) (mobile_malware.rules)
 2024951 - ET MOBILE_MALWARE Android Marcher Trojan Download - Sparkasse
Bank Targeting (set) (mobile_malware.rules)
 2024952 - ET MOBILE_MALWARE Android Marcher Trojan Download - BankAustria
Targeting (set) (mobile_malware.rules)
 2024953 - ET MOBILE_MALWARE Android Marcher Trojan Download - Austrian
Bank Targeting (mobile_malware.rules)

Pro:

 2828508 - ETPRO TROJAN Observed Malicious SSL Cert (Keybase Keylogger CnC)
(trojan.rules)
 2828509 - ETPRO TROJAN Koadic Backdoor CnC Beacon (trojan.rules)
 2828510 - ETPRO TROJAN Koadic Backdoor Receiving Payload (trojan.rules)
 2828511 - ETPRO TROJAN Win32/SniperTgr Requesting Payload (trojan.rules)
 2828512 - ETPRO TROJAN Reuqst.JS Sending System Information (trojan.rules)
 2828513 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher Domain
Request in SNI (mobile_malware.rules)
 2828514 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher Domain
Request in SNI 2 (mobile_malware.rules)
 2828515 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher Domain
Request in SNI 3 (mobile_malware.rules)
 2828516 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher Domain
Request in SNI 4 (mobile_malware.rules)
 2828517 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher Domain
Request in SNI 5 (mobile_malware.rules)
 2828518 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher Domain
Request in SNI 6 (mobile_malware.rules)
 2828519 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher Domain
Request in SNI 7 (mobile_malware.rules)
 2828520 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher Domain
Request in SNI 8 (mobile_malware.rules)
 2828522 - ETPRO TROJAN Ovidiy/Reborn Stealer CnC Domain (rebornstealer .ru
in DNS Query) (trojan.rules)
 2828523 - ETPRO TROJAN Ovidiy/Reborn Stealer CnC Domain (rebornstealer
.info in DNS Query) (trojan.rules)
 2828524 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z DNS
Lookup 1 (mobile_malware.rules)
 2828525 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z DNS
Lookup 2 (mobile_malware.rules)
 2828526 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z DNS
Lookup 3 (mobile_malware.rules)
 2828527 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z DNS
Lookup 4 (mobile_malware.rules)
 2828528 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z DNS
Lookup 5 (mobile_malware.rules)
 2828529 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z DNS
Lookup 6 (mobile_malware.rules)
 2828530 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z DNS
Lookup 7 (mobile_malware.rules)
 2828531 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z DNS
Lookup 8 (mobile_malware.rules)
 2828532 - ETPRO TROJAN MSIL/VB-RAT CnC Checkin (trojan.rules)
 2828533 - ETPRO TROJAN W32.Gorno Stealer Checkin (trojan.rules)


[///]     Modified active rules:     [///]

 2010515 - ET WEB_SERVER Possible HTTP 403 XSS Attempt (Local Source)
(web_server.rules)
 2017925 - ET POLICY External IP Lookup / Tor Checker Domain
(bridges.torproject .org in DNS lookup) (policy.rules)
 2017926 - ET POLICY External IP Lookup / Tor Checker Domain
(check.torproject .org in DNS lookup) (policy.rules)
 2023472 - ET POLICY External IP Lookup Domain (myip.opendns .com in DNS
lookup) (policy.rules)
 2024527 - ET POLICY External IP Lookup Domain (ipapi .co in DNS lookup)
(policy.rules)
 2825352 - ETPRO POLICY External IP Lookup Domain (freegeiop .net in DNS
lookup) (policy.rules)
 2827133 - ETPRO POLICY External IP Lookup Domain (iplogger .com in DNS
lookup) (policy.rules)
 2828090 - ETPRO POLICY External IP Lookup Domain (ip.anysrc .net in DNS
lookup) (policy.rules)
 2828091 - ETPRO POLICY External IP Lookup Domain (whatsmyip .website in
DNS lookup) (policy.rules)


[---]  Disabled and modified rules:  [---]

 2827962 - ETPRO TROJAN Malicious Domain in SNI (Backconnet RAT PWStealer
Module DL) (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20171103/88b466b4/attachment.html>


More information about the Emerging-updates mailing list