[Emerging-updates] Daily Ruleset Update Summary 2017/11/07

Travis Green tgreen at emergingthreats.net
Tue Nov 7 17:28:40 EST 2017


[***]            Summary:            [***]

2 new Open, 13 new Pro (11 + 2). OceanLotus JavaScript,
Win32.DiscordiaMiner, Various Mobile, Various Phishing.


[+++]          Added rules:          [+++]

Open:

 2024969 - ET TROJAN OceanLotus System Profiling JavaScript HTTP Request
(trojan.rules)
 2024970 - ET CURRENT_EVENTS Possible Paypal Phishing Landing - Title over
non SSL (current_events.rules)

Pro:

 2828551 - ETPRO TROJAN Observed Malicious SSL Cert (Spymaster Keylogger
Domain) (trojan.rules)
 2828552 - ETPRO TROJAN AlphaIRCbot JOIN Command (trojan.rules)
 2828553 - ETPRO TROJAN Trojan.Win32.DiscordiaMiner Checkin (trojan.rules)
 2828554 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
242 (mobile_malware.rules)
 2828555 - ETPRO CURRENT_EVENTS Successful Paypal Phish Nov 07 2017
(current_events.rules)
 2828556 - ETPRO TROJAN Win32/Scar CnC Checkin (trojan.rules)
 2828557 - ETPRO MOBILE_MALWARE Android.Trojan.HiddenAds.gDHTA Checkin
(mobile_malware.rules)
 2828558 - ETPRO CURRENT_EVENTS Successful Paypal Phish Nov 07 2017
(current_events.rules)
 2828559 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.es
SMS/Contact Exfil via SMTP 6 (mobile_malware.rules)
 2828560 - ETPRO CURRENT_EVENTS Successful Hello Bank (FR) Phish Nov 07
2017 (current_events.rules)
 2828561 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish Nov 07
2017 (current_events.rules)


[///]     Modified active rules:     [///]

 2018101 - ET TROJAN W32/Dinwod.Dropper Win32/Xtrat.B CnC Beacon
(trojan.rules)
 2023545 - ET TROJAN Win32/TrojanDownloader.Delf.BVP Win32/BioData CnC
Beacon (trojan.rules)
 2024391 - ET CURRENT_EVENTS Possible Paypal Phishing Landing - Title over
non SSL (current_events.rules)
 2024436 - ET TROJAN Formbook 0.3 Checkin (trojan.rules)
 2024966 - ET TROJAN Volex - OceanLotus JavaScript Load (connect.js)
(trojan.rules)
 2024967 - ET TROJAN Volex - OceanLotus JavaScript Fake Page URL Builder
Response (trojan.rules)
 2024968 - ET TROJAN Volex - OceanLotus System Profiling JavaScript
(linkStorage.x00SOCKET) (trojan.rules)
 2814934 - ETPRO MALWARE Win32/Iminent.Adinstaller.E PUP Checkin
(malware.rules)
 2815112 - ETPRO CURRENT_EVENTS Excel/Adobe Online Phishing Landing Nov 25
2015 (current_events.rules)
 2816172 - ETPRO CURRENT_EVENTS Possible Phishing Redirect Feb 09 2016
(current_events.rules)
 2824864 - ETPRO TROJAN Recon Backdoor/Module CnC Beacon 1 (trojan.rules)
 2826930 - ETPRO POLICY XMR CoinMiner Usage (policy.rules)
 2827594 - ETPRO TROJAN Formbook Stealer Checkin (trojan.rules)
 2828058 - ETPRO TROJAN Win32/Delf.BVP Win32/BioData CnC Keep-Alive Beacon
(trojan.rules)


[---]         Removed rules:         [---]

 2827150 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-07-14 3) (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20171107/0cba3d39/attachment.html>


More information about the Emerging-updates mailing list