[Emerging-updates] Daily Ruleset Update Summary 2017/11/06

Travis Green tgreen at emergingthreats.net
Mon Nov 6 17:44:34 EST 2017


[***]            Summary:            [***]

16 new Open, 34 new Pro (16 + 18). SAD Ransomware, OceanLotus JavaScript,
Win32/Randrew!rfn, Lena/BKDR_ANEL, Various Mobile, Various Phishing.

Thanks: @Volexity, @AttackDetection

[+++]          Added rules:          [+++]

Open:

 2024779 - ET POLICY DNS Query For Browser Cryptocurrency Mining Domain
(policy.rules)
 2024954 - ET TROJAN SAD Ransomware CnC Activity (trojan.rules)
 2024955 - ET TROJAN [PTsecurity] Win32/Randrew!rfn CnC Activity
(trojan.rules)
 2024956 - ET TROJAN RouteX CnC Domain (cba4a6e5d3c956548a337c52388473f1
.com in DNS Lookup) (trojan.rules)
 2024957 - ET TROJAN RouteX CnC Domain (0a0074066c49886a39b5a3072582f5d6
.net in DNS Lookup) (trojan.rules)
 2024958 - ET TROJAN RouteX CnC Domain (73780fbd309561e201a4aee9914d882d
.org in DNS Lookup) (trojan.rules)
 2024959 - ET TROJAN RouteX CnC Domain (dcb5684707f6c66492aaa9f7d9bfb5a6
.biz in DNS Lookup) (trojan.rules)
 2024960 - ET TROJAN RouteX CnC Domain (322ffbbc7c1b312c2f9d942f20422f8d
.com in DNS Lookup) (trojan.rules)
 2024961 - ET TROJAN RouteX CnC Domain (18bca7c5fd709ac468ba148c590ef6bf
.net in DNS Lookup) (trojan.rules)
 2024962 - ET TROJAN RouteX CnC Domain (aaafc94b3a37b75ae9cb60afc42e86fe
.org in DNS Lookup) (trojan.rules)
 2024963 - ET TROJAN RouteX CnC Domain (c13a856f4a879a89e9a638207efd6c94
.biz in DNS Lookup) (trojan.rules)
 2024964 - ET TROJAN RouteX CnC Domain (2fa3c2fa16c47d9b9bff8986a42b048f
.com in DNS Lookup) (trojan.rules)
 2024965 - ET TROJAN RouteX CnC Domain (3ec9b600789b3bacf2c72ebae142a9c3
.net in DNS Lookup) (trojan.rules)
 2024966 - ET TROJAN Volex – OceanLotus JavaScript Load (connect.js)
(trojan.rules)
 2024967 - ET TROJAN Volex – OceanLotus JavaScript Fake Page URL Builder
Response (trojan.rules)
 2024968 - ET TROJAN Volex – OceanLotus System Profiling JavaScript
(linkStorage.x00SOCKET) (trojan.rules)

Pro:

 2814040 - ETPRO CURRENT_EVENTS Successful Wire Transfer Phish Sept 22 2015
(current_events.rules)
 2828534 - ETPRO TROJAN Win32/Remcos RAT Checkin 7 (trojan.rules)
 2828535 - ETPRO TROJAN MSIL/Hidden-Tear Variant Ransomware CnC Checkin
(trojan.rules)
 2828536 - ETPRO TROJAN Lena/BKDR_ANEL HTTP GET CnC Beacon 1 (trojan.rules)
 2828537 - ETPRO TROJAN Lena/BKDR_ANEL HTTP GET CnC Beacon 2 (trojan.rules)
 2828538 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.dot Checkin
(mobile_malware.rules)
 2828539 - ETPRO CURRENT_EVENTS Evil Redirector Leading to MalDoc Keitaro
TDS Nov 6 2017 (current_events.rules)
 2828540 - ETPRO CURRENT_EVENTS MalDoc Retrieving Payload Nov 6 2017
(current_events.rules)
 2828541 - ETPRO TROJAN Win32/Leviwa CnC Checkin (trojan.rules)
 2828542 - ETPRO CURRENT_EVENTS Successful Apple Phish Nov 06 2017
(current_events.rules)
 2828543 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
 2828544 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
 2828545 - ETPRO CURRENT_EVENTS Successful Netflix Phish Nov 06 2017
(current_events.rules)
 2828546 - ETPRO TROJAN Observed Malicious Coinminer Downloader Domain in
SNI (trojan.rules)
 2828547 - ETPRO CURRENT_EVENTS Successful Blockchain Phish Nov 06 2017
(current_events.rules)
 2828548 - ETPRO CURRENT_EVENTS Successful Generic Phish to HTTrack
Mirrored Website (current_events.rules)
 2828549 - ETPRO CURRENT_EVENTS Successful Generic Chalbhai Phish M1 Nov 06
2017 (current_events.rules)
 2828550 - ETPRO CURRENT_EVENTS Successful Generic Chalbhai Phish M2 Nov 06
2017 (current_events.rules)


[///]     Modified active rules:     [///]

 2015478 - ET CURRENT_EVENTS Possible Unknown TDS /top2.html
(current_events.rules)
 2021645 - ET TROJAN APT Cheshire Cat DNS Lookup (holidayapartments4you.
com) (trojan.rules)
 2023249 - ET CURRENT_EVENTS Possible EITest Flash Redirect Sep 19 2016
(current_events.rules)
 2024933 - ET TROJAN IoT_reaper DNS Lookup M4 (trojan.rules)
 2024934 - ET TROJAN IoT_reaper DNS Lookup M5 (trojan.rules)
 2024935 - ET TROJAN IoT_reaper DNS Lookup M6 (trojan.rules)
 2024936 - ET TROJAN IoT_reaper DNS Lookup M7 (trojan.rules)
 2827414 - ETPRO MALWARE MSIL/AdWare.Dotdo PUA CnC Checkin 1 (malware.rules)


[---]  Disabled and modified rules:  [---]

 2821954 - ETPRO CURRENT_EVENTS Successful Google Drive Phish M1 Sept 1
2016 (current_events.rules)
 2821978 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Sept M2 1
2016 (current_events.rules)
 2825136 - ETPRO CURRENT_EVENTS Successful Generic Phish Feb 24 2017
(current_events.rules)
 2826179 - ETPRO CURRENT_EVENTS Successful Office 365 Phish Apr 28 2017
(current_events.rules)
 2826476 - ETPRO CURRENT_EVENTS Successful Dropbox Phish May 22 2017
(current_events.rules)
 2826477 - ETPRO CURRENT_EVENTS Successful Dropbox Phish May 23 2017
(current_events.rules)
 2827889 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Sep 11 2017
(current_events.rules)


[---]         Removed rules:         [---]

 2024779 - ET CURRENT_EVENTS DNS Query For Browser Cryptocurrency Mining
Domain (current_events.rules)



-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20171106/cdb8442b/attachment.html>


More information about the Emerging-updates mailing list