[Emerging-updates] Daily Ruleset Update Summary 2017/11/16

Travis Green tgreen at emergingthreats.net
Thu Nov 16 11:54:59 EST 2017


[***]            Summary:            [***]

16 new Open, 23 new Pro (16 + 7). AeroAdmin, Zebrocy, Various Mobile,
Various Phishing.

Thanks: @AttackDetection

[+++]          Added rules:          [+++]

Open:

 2024997 - ET CURRENT_EVENTS Successful Generic AES Phish M1 Oct 24 2017
(current_events.rules)
 2024998 - ET CURRENT_EVENTS Successful Generic AES Phish M2 Oct 24 2017
(current_events.rules)
 2024999 - ET CURRENT_EVENTS Successful OWA Phish Apr 25 2017
(current_events.rules)
 2025000 - ET CURRENT_EVENTS Possible Successful Phish to Hostinger Domains
Apr 4 M4 (current_events.rules)
 2025001 - ET CURRENT_EVENTS Possible Successful Websocket Credential Phish
Sep 15 2017 (current_events.rules)
 2025002 - ET CURRENT_EVENTS Successful Personalized OWA Webmail Phish Oct
04 2016 (current_events.rules)
 2025003 - ET CURRENT_EVENTS Successful TeamIPwned Phish Aug 30 2016
(current_events.rules)
 2025004 - ET CURRENT_EVENTS Google Drive Phishing Landing Sept 3
(current_events.rules)
 2025005 - ET CURRENT_EVENTS Possible Successful Generic Phish Jan 14 2016
(current_events.rules)
 2025006 - ET CURRENT_EVENTS Possible Phishing Redirect Feb 09 2016
(current_events.rules)
 2025007 - ET TROJAN Powershell commands sent when remote host claims to
send an image  (trojan.rules)
 2025008 - ET POLICY PTsecurity Remote Desktop AeroAdmin Server Hello
(policy.rules)
 2025009 - ET POLICY PTsecurity Remote Desktop AeroAdmin handshake
(policy.rules)
 2025010 - ET TROJAN Powershell commands sent B64 1 (trojan.rules)
 2025011 - ET TROJAN Powershell commands sent B64 2 (trojan.rules)
 2025012 - ET TROJAN Powershell commands sent B64 3 (trojan.rules)

Pro:

 2828639 - ETPRO INFO TCP DNS Query Domain .bit M2 (Namecoin) (info.rules)
 2828640 - ETPRO TROJAN Observed Malicious Reypston Ransomware Onion Domain
in SNI (7wqzov2j5hkklbw6) (trojan.rules)
 2828641 - ETPRO TROJAN Observed Malicious Reypston Ransomware Onion Domain
in SNI (dphux5xrwuaf4yey) (trojan.rules)
 2828642 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.SmsSpy.bah Reporting
Infection via SMTP (mobile_malware.rules)
 2828643 - ETPRO POLICY PhantomX CoinMiner Checkin (policy.rules)
 2828644 - ETPRO TROJAN Zebrocy Requesting Stage 2 Payload (trojan.rules)
 2828645 - ETPRO TROJAN Zebrocy CnC Checkin (trojan.rules)


[///]     Modified active rules:     [///]

 2022842 - ET TROJAN HTTPBrowser/Pisloader Covert DNS CnC Channel TXT
Lookup (trojan.rules)
 2023941 - ET TROJAN Possibly Malicious Base64 Unicode WebClient
DownloadString M1 (trojan.rules)
 2023942 - ET TROJAN Possibly Malicious Base64 Unicode WebClient
DownloadString M2 (trojan.rules)
 2023943 - ET TROJAN Possibly Malicious Base64 Unicode WebClient
DownloadString M3 (trojan.rules)
 2023944 - ET TROJAN Possibly Malicious Double Base64 Unicode
Net.ServicePointManager M1 (trojan.rules)
 2023945 - ET TROJAN Possibly Malicious Double Base64 Unicode
Net.ServicePointManager M2 (trojan.rules)
 2023946 - ET TROJAN Possibly Malicious Double Base64 Unicode
Net.ServicePointManager M3 (trojan.rules)


[---]         Removed rules:         [---]

 2812929 - ETPRO CURRENT_EVENTS Google Drive Phishing Landing Sept 3
(current_events.rules)
 2815781 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Jan 14
2016 (current_events.rules)
 2816172 - ETPRO CURRENT_EVENTS Possible Phishing Redirect Feb 09 2016
(current_events.rules)
 2816886 - ETPRO CURRENT_EVENTS Possible Successful Phish to Hostinger
Domains Apr 4 M4 (current_events.rules)
 2821913 - ETPRO CURRENT_EVENTS Successful TeamIPwned Phish Aug 30 2016
(current_events.rules)
 2822371 - ETPRO CURRENT_EVENTS Successful Personalized OWA Webmail Phish
Oct 04 2016 (current_events.rules)
 2826109 - ETPRO CURRENT_EVENTS Successful OWA Phish Apr 25 2017
(current_events.rules)
 2826593 - ETPRO TROJAN TCP DNS Query Domain .bit (Namecoin) (trojan.rules)
 2827959 - ETPRO CURRENT_EVENTS Possible Successful Websocket Credential
Phish Sep 15 2017 (current_events.rules)
 2828396 - ETPRO CURRENT_EVENTS Successful Generic AES Phish M1 Oct 24 2017
(current_events.rules)
 2828397 - ETPRO CURRENT_EVENTS Successful Generic AES Phish M2 Oct 24 2017
(current_events.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20171116/7bd5870e/attachment.html>


More information about the Emerging-updates mailing list