[Emerging-updates] Daily Ruleset Update Summary 2017/11/09

Francis Trudeau ftrudeau at emergingthreats.net
Thu Nov 9 11:22:07 EST 2017


 [***] Summary: [***]

 19 new Pro signatures.  CoinMiners, Zeus Panda, VARIOUS PHISHING.

 [+++]          Added rules:          [+++]

  2828582 - ETPRO TROJAN Fake Ransomware CnC Checkin (trojan.rules)
  2828583 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
244 (mobile_malware.rules)
  2828584 - ETPRO TROJAN Observed Malicious Zeus Panda Domain in SNI
(henfobuthis .com) (trojan.rules)
  2828585 - ETPRO TROJAN Observed Malicious SSL Cert (Zeus Panda CnC)
(trojan.rules)
  2828586 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Nov 09
2017 (set) (current_events.rules)
  2828587 - ETPRO TROJAN PowerShell Empire SSL Cert (trojan.rules)
  2828588 - ETPRO CURRENT_EVENTS Successful Rediff.com Phish Nov 09 2017
(current_events.rules)
  2828589 - ETPRO CURRENT_EVENTS Successful ABN-AMRO Bank Phish M1 Nov 09
2017 (current_events.rules)
  2828590 - ETPRO CURRENT_EVENTS Successful ABN-AMRO Bank Phish M2 Nov 09
2017 (current_events.rules)
  2828591 - ETPRO CURRENT_EVENTS Successful 163.com Phish Nov 09 2017
(current_events.rules)
  2828592 - ETPRO CURRENT_EVENTS Successful HM Revenue & Customs Phish Nov
09 2017 (current_events.rules)
  2828593 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-09 1) (trojan.rules)
  2828594 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-09 2) (trojan.rules)
  2828595 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-09 3) (trojan.rules)
  2828596 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-09 4) (trojan.rules)
  2828597 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-09 5) (trojan.rules)
  2828598 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-09 6) (trojan.rules)
  2828599 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-09 7) (trojan.rules)
  2828600 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-09 8) (trojan.rules)


 [///]     Modified active rules:     [///]

  2009897 - ET MALWARE Possible Windows executable sent when remote host
claims to send html content (malware.rules)
  2021111 - ET TROJAN DDoS.Win32/Nitol.B Checkin (trojan.rules)
  2812100 - ETPRO TROJAN Win32/TrojanDownloader.Banload.TXV Receiving
compressed PE set (ZIP) (trojan.rules)
  2822901 - ETPRO CURRENT_EVENTS Successful Generic Phish - Observed in
Apple/Bank of America/Amazon Oct 26 2016 (current_events.rules)
  2823672 - ETPRO TROJAN LatentBot HTTP POST CnC (trojan.rules)
  2828543 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20171109/84093811/attachment.html>


More information about the Emerging-updates mailing list