[Emerging-updates] Daily Ruleset Update Summary 2017/11/15

Travis Green tgreen at emergingthreats.net
Wed Nov 15 13:30:57 EST 2017


[***]            Summary:            [***]

7 new Open, 12 new Pro (7 + 5). Lazarus FALLCHILL Fake SSL, Win32/TinyNuke,
Various Mobile, Various Phishing.


[+++]          Added rules:          [+++]

Open:

 2024990 - ET TROJAN Lazarus FALLCHILL Fake SSL Checkin 1 (trojan.rules)
 2024991 - ET TROJAN Win32/TinyNuke CnC Checkin (trojan.rules)
 2024992 - ET TROJAN Lazarus FALLCHILL Fake SSL Checkin 2 (trojan.rules)
 2024993 - ET WEB_CLIENT Type Confusion Microsoft Edge (CVE-2017-11873)
(web_client.rules)
 2024994 - ET WEB_CLIENT PWNJS JS Constructs (web_client.rules)
 2024995 - ET WEB_CLIENT Apple Safari UXSS (CVE-2017-7089)
(web_client.rules)
 2024996 - ET WEB_CLIENT Google Chrome XSS (CVE-2017-5124)
(web_client.rules)

Pro:

 2828634 - ETPRO MOBILE_MALWARE Android/SMSFlooder.Agent.BP CnC Beacon
(mobile_malware.rules)
 2828635 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.HS SMS Exfil via SMTP
(mobile_malware.rules)
 2828636 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.es Contact
Exfil via SMTP 7 (mobile_malware.rules)
 2828637 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ey SMS Exfil
via SMTP 5 (mobile_malware.rules)
 2828638 - ETPRO USER_AGENTS LokiBot Dropper UA (noobBoy)
(user_agents.rules)


[///]     Modified active rules:     [///]

 2809267 - ETPRO TROJAN W32/TinyZBot Fake Resume Upload GET Request
(Operation Cleaver) (trojan.rules)


[---]         Removed rules:         [---]

 2825132 - ETPRO TROJAN Win32/TinyNuke CnC Checkin (trojan.rules)
 2828626 - ETPRO TROJAN Lazarus Destover Variant Checkin (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20171115/b053aa62/attachment.html>


More information about the Emerging-updates mailing list