[Emerging-updates] Daily Ruleset Update Summary 2017/11/14

Travis Green tgreen at emergingthreats.net
Tue Nov 14 12:40:43 EST 2017


[***]            Summary:            [***]

9 new Open, 19 new Pro (9 + 10). Win32/RCAP CnC, SocEng Fake Font Download,
Various Lazarus, Various Mobile, Various Phishing.

Thanks: @malware_traffic

November MAPP Coverage:
2828632    -> CVE-2017-16393
2828633    -> CVE-2017-16396

[+++]          Added rules:          [+++]

Open:

 2024981 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion
Domain (trojan.rules)
 2024982 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion
Domain (trojan.rules)
 2024983 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion
Domain (trojan.rules)
 2024984 - ET TROJAN Win32/RCAP CnC Checkin (trojan.rules)
 2024985 - ET CURRENT_EVENTS SocEng Fake Font Download Template Nov 14 2017
(current_events.rules)
 2024986 - ET TROJAN SunOrcal Reaver Domain Observed (tashdqdxp .com in DNS
Lookup) (trojan.rules)
 2024987 - ET TROJAN SunOrcal Reaver Domain Observed (weryhstui .com in DNS
Lookup) (trojan.rules)
 2024988 - ET TROJAN SunOrcal Reaver Domain Observed (fyoutside .com in DNS
Lookup) (trojan.rules)
 2024989 - ET TROJAN SunOrcal Reaver Domain Observed (olinaodi .com in DNS
Lookup) (trojan.rules)

Pro:

 2828624 - ETPRO TROJAN Lazarus FakeSSL Variant Fake SNI in Client Hello 1
(trojan.rules)
 2828625 - ETPRO TROJAN Lazarus FakeSSL Variant Fake SNI in Client Hello 2
(trojan.rules)
 2828626 - ETPRO TROJAN Lazarus Destover Variant Checkin (trojan.rules)
 2828627 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
246 (mobile_malware.rules)
 2828628 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
247 (mobile_malware.rules)
 2828629 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ff CnC Beacon
(mobile_malware.rules)
 2828630 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz SMS Exfil
via SMTP 30 (mobile_malware.rules)
 2828631 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz Contact
Exfil via SMTP 31 (mobile_malware.rules)
 2828632 - ETPRO WEB_CLIENT Adobe Acrobat PDF Reader use after free
JavaScript engine (CVE-2017-16393) (web_client.rules)
 2828633 - ETPRO WEB_CLIENT Adobe TIFF processing module Out of Bounds
Access Violation (CVE-2017-16396) (web_client.rules)


[///]     Modified active rules:     [///]

 2014726 - ET POLICY Outdated Flash Version M1 (policy.rules)
 2024379 - ET POLICY Outdated Flash Version M2 (policy.rules)
 2024420 - ET TROJAN MalDoc Retrieving Malicious Payload (Possibly Ursnif)
(trojan.rules)
 2826029 - ETPRO TROJAN Malicious SSL Certificate Observed (IcedID/BokBot
CnC) (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20171114/3f0cd5ac/attachment.html>


More information about the Emerging-updates mailing list