[Emerging-updates] Daily Ruleset Update Summary 2017/11/08

Travis Green tgreen at emergingthreats.net
Wed Nov 8 17:14:55 EST 2017


[***]            Summary:            [***]

6 new Open, 27 new Pro (6 + 21). ProjectHook POS CnC, Win32.MY24, Various
Phishing, Various Mobile.


[+++]          Added rules:          [+++]

Open:

 2024971 - ET WEB_CLIENT pshell dl/execute primitives in wideb64 1
(web_client.rules)
 2024972 - ET WEB_CLIENT pshell dl/execute primitives in wideb64 2
(web_client.rules)
 2024973 - ET WEB_CLIENT pshell dl/execute primitives in wideb64 3
(web_client.rules)
 2024974 - ET WEB_CLIENT pshell dl/execute primitives in wideb64 4
(web_client.rules)
 2024975 - ET WEB_CLIENT pshell dl/execute primitives in wideb64 5
(web_client.rules)
 2024976 - ET WEB_CLIENT pshell dl/execute primitives in wideb64 6
(web_client.rules)

Pro:

 2024978 - ET INFO Browser Plugin Detect - Observed in Apple Phishing
(info.rules)
 2828562 - ETPRO TROJAN Trojan.Win32.MY24 Checkin (trojan.rules)
 2828563 - ETPRO TROJAN MSIL/BoteVote Backdoor CnC Checkin (trojan.rules)
 2828564 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
 2828565 - ETPRO CURRENT_EVENTS Successful Generic AES Phish Nov 08 2016
(current_events.rules)
 2828566 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
243 (mobile_malware.rules)
 2828567 - ETPRO MOBILE_MALWARE Android/JiuXuJinBao CnC Beacon
(mobile_malware.rules)
 2828568 - ETPRO TROJAN ZeusPanda CnC Domain (henfobuthis .com in DNS
Lookup) (trojan.rules)
 2828569 - ETPRO TROJAN ZeusPanda CnC Domain (henfobuthis .com in TLS SNI)
(trojan.rules)
 2828570 - ETPRO TROJAN ZeusPanda CnC Domain (rowrorofrat .com in DNS
Lookup) (trojan.rules)
 2828571 - ETPRO TROJAN ZeusPanda CnC Domain (rowrorofrat .com in TLS SNI)
(trojan.rules)
 2828572 - ETPRO TROJAN ZeusPanda CnC Domain (mysitothar .ru in DNS Lookup)
(trojan.rules)
 2828573 - ETPRO TROJAN ZeusPanda CnC Domain (mysitothar .ru in TLS SNI)
(trojan.rules)
 2828574 - ETPRO TROJAN ProjectHook POS CnC Checkin (trojan.rules)
 2828575 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.BLR Checkin
(mobile_malware.rules)
 2828576 - ETPRO TROJAN ZeusPanda CnC Domain (linghogolac .ru in DNS
Lookup) (trojan.rules)
 2828577 - ETPRO TROJAN ZeusPanda CnC Domain (linghogolac .ru in TLS SNI)
(trojan.rules)
 2828578 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.snt CnC Beacon
(mobile_malware.rules)
 2828579 - ETPRO CURRENT_EVENTS Successful WhatsApp Phish M1 Nov 08 2017
(current_events.rules)
 2828580 - ETPRO CURRENT_EVENTS Successful WhatsApp Phish M2 Nov 08 2017
(current_events.rules)
 2828581 - ETPRO CURRENT_EVENTS Successful Santander Phish Nov 08 2017
(current_events.rules)


[///]     Modified active rules:     [///]

 2007994 - ET MALWARE Suspicious User-Agent (1 space) (malware.rules)
 2822136 - ETPRO TROJAN Win32/Philadelphia Ransomware CnC Checkin
(trojan.rules)
 2822596 - ETPRO TROJAN Win32/Philadelphia Ransomware Encryption Activity
(trojan.rules)
 2824150 - ETPRO CURRENT_EVENTS Successful Generic Hamza Banking Phish Dec
30 2016 (current_events.rules)
 2824864 - ETPRO TROJAN Ratankba Recon Backdoor/Module CnC Beacon 1
(trojan.rules)
 2824865 - ETPRO TROJAN Ratankba Recon Backdoor/Module CnC Beacon 2
(trojan.rules)
 2824976 - ETPRO TROJAN Lazarus Rifle/Agent.RTC Checkin (trojan.rules)
 2827049 - ETPRO CURRENT_EVENTS Successful Generic Hamza Banking Phish M2
Jul 07 2017 (current_events.rules)


[---]         Removed rules:         [---]

 2024931 - ET ATTACK_RESPONSE 401TRG Perl DDoS IRCBot File Download
(attack_response.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20171108/6399146c/attachment.html>


More information about the Emerging-updates mailing list