[Emerging-updates] Daily Ruleset Update Summary 2017/11/30

Travis Green tgreen at emergingthreats.net
Thu Nov 30 11:41:04 EST 2017


[***]            Summary:            [***]

6 new Pro. Java/TNJ, Coinminers.


[+++]          Added rules:          [+++]

Pro:

 2828728 - ETPRO TROJAN Java/TNJ RAT Checkin (trojan.rules)
 2828729 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-30 1) (trojan.rules)
 2828730 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-30 2) (trojan.rules)
 2828731 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-30 3) (trojan.rules)
 2828732 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-30 4) (trojan.rules)
 2828733 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-30 5) (trojan.rules)


[///]     Modified active rules:     [///]

 2008020 - ET WORM Win32.Socks.s HTTP Post Checkin (worm.rules)
 2008603 - ET USER_AGENTS Suspicious User-Agent Detected (RLMultySocket)
(user_agents.rules)
 2009714 - ET WEB_SERVER Script tag in URI Possible Cross Site Scripting
Attempt (web_server.rules)
 2010963 - ET WEB_SERVER SELECT USER SQL Injection Attempt in URI
(web_server.rules)
 2012619 - ET USER_AGENTS Suspicious User-Agent Mozilla/3.0
(user_agents.rules)
 2012956 - ET DNS DNS Query for a Suspicious *.co.tv domain (dns.rules)
 2013030 - ET POLICY libwww-perl User-Agent (policy.rules)
 2013031 - ET POLICY Python-urllib/ Suspicious User Agent (policy.rules)
 2013213 - ET INFO DYNAMIC_DNS HTTP Request to a 3322.net Domain *.3322.org
(info.rules)
 2014484 - ET INFO DYNAMIC_DNS Query to a *.bbsindex.com Domain (info.rules)
 2015633 - ET INFO DYNAMIC_DNS Query to Abused Domain *.mooo.com
(info.rules)
 2015976 - ET TROJAN WORM_VOBFUS Checkin Generic (trojan.rules)
 2016748 - ET TROJAN RansomCrypt Intial Check-in (trojan.rules)
 2016810 - ET CURRENT_EVENTS Tor2Web .onion Proxy Service SSL Cert (2)
(current_events.rules)
 2016967 - ET TROJAN W32/Symmi Remote File Injector Initial CnC Beacon
(trojan.rules)
 2017136 - ET MALWARE Adware.Gamevance.AV Checkin (malware.rules)
 2017639 - ET INFO JAR Size Under 30K Size - Potentially Hostile
(info.rules)
 2018219 - ET INFO DYNAMIC_DNS HTTP Request to a *.sytes.net Domain
(info.rules)
 2018228 - ET TROJAN Possible PlugX Common Header Struct (trojan.rules)
 2018918 - ET POLICY possible Xiaomi phone data leakage DNS (policy.rules)
 2018919 - ET POLICY possible Xiaomi phone data leakage HTTP (policy.rules)
 2019512 - ET POLICY Possible IP Check api.ipify.org (policy.rules)
 2019891 - ET TROJAN W32/Dridex POST CnC Beacon (trojan.rules)
 2020083 - ET TROJAN Win64/Havex Checkin (trojan.rules)
 2020116 - ET POLICY DNS Query to .onion proxy Domain (onion.to)
(policy.rules)
 2020565 - ET POLICY Dropbox DNS Lookup - Possible Offsite File Backup in
Use (policy.rules)
 2020628 - ET MALWARE MALWARE W32/WinWrapper.Adware POST CnC Beacon
(malware.rules)
 2020705 - ET TROJAN Generic - Mozilla 4.0 EXE Request (trojan.rules)
 2022045 - ET POLICY DNS Query to .onion proxy Domain (forkinvestpay.com)
(policy.rules)
 2022280 - ET TROJAN Win32/Nivdort Posting Data 1 (trojan.rules)
 2022482 - ET TROJAN JS/Nemucod requesting EXE payload 2016-02-01
(trojan.rules)
 2022502 - ET TROJAN Suspicious Accept in HTTP POST - Possible
Alphacrypt/TeslaCrypt (trojan.rules)
 2022538 - ET TROJAN Ransomware Locky CnC Beacon (trojan.rules)
 2022548 - ET TROJAN Ransomware Locky .onion Payment Domain (trojan.rules)
 2022551 - ET POLICY Logmein.com/Join.me SSL Remote Control Access
(policy.rules)
 2022842 - ET TROJAN HTTPBrowser/Pisloader Covert DNS CnC Channel TXT
Lookup (trojan.rules)
 2023518 - ET POLICY Android Adups Firmware DNS Query 4 (policy.rules)
 2023882 - ET INFO HTTP Request to a *.top domain (info.rules)
 2024199 - ET CURRENT_EVENTS EITest SocENG Inject M2 (current_events.rules)
 2024227 - ET INFO Lets Encrypt Free SSL Cert Observed with IDN/Punycode
Domain - Possible Phishing (info.rules)
 2024786 - ET POLICY Request for Coinhive Browser Monero Miner M2
(policy.rules)
 2024808 - ET WEB_SPECIFIC_APPS Apache Tomcat Possible CVE-2017-12617 JSP
Upload Bypass Attempt (web_specific_apps.rules)
 2024809 - ET WEB_SPECIFIC_APPS Apache Tomcat Possible CVE-2017-12617 JSP
Upload Bypass Attempt (web_specific_apps.rules)
 2024810 - ET WEB_SPECIFIC_APPS Apache Tomcat Possible CVE-2017-12617 JSP
Upload Bypass Attempt (web_specific_apps.rules)
 2024811 - ET WEB_SPECIFIC_APPS Apache Tomcat Possible CVE-2017-12617 JSP
Upload Bypass Attempt (web_specific_apps.rules)
 2024812 - ET WEB_SPECIFIC_APPS Apache Tomcat Possible CVE-2017-12617 JSP
Upload Bypass Attempt (web_specific_apps.rules)
 2024813 - ET WEB_SPECIFIC_APPS Apache Tomcat Possible CVE-2017-12617 JSP
Upload Bypass Attempt (web_specific_apps.rules)
 2024828 - ET CURRENT_EVENTS Observed DNS Query to Browser Coinminer
(crypto-loot[.]com) (current_events.rules)
 2801321 - ETPRO WEB_CLIENT MHTML Attempted Script Execution
(web_client.rules)
 2802103 - ETPRO POLICY MOBILE iPhone locationd User-Agent Detected
(policy.rules)
 2805138 - ETPRO TROJAN Win32/SpyVoltar.A Checkin (trojan.rules)
 2805776 - ETPRO POLICY PowerPack software bundle
Downloader.Win32.SwiftCleaner.bd (policy.rules)
 2805802 - ETPRO POLICY GEOIP info online service (freegeoip.net)
(policy.rules)
 2805985 - ETPRO TROJAN Fareit/Pony Downloader .exe file download
(trojan.rules)
 2806659 - ETPRO TROJAN Worm.Win32/Esfury.X Checkin (trojan.rules)
 2806777 - ETPRO TROJAN Win32/Ghodow.NAS Checkin (trojan.rules)
 2807393 - ETPRO TROJAN W32/Redyms.AF Checkin (trojan.rules)
 2807793 - ETPRO TROJAN Win32/Rootkit.BlackEnergy.AG Checkin (trojan.rules)
 2808030 - ETPRO TROJAN Win32.IRCBot Checkin (trojan.rules)
 2808050 - ETPRO TROJAN Trojan-Ransom.Win32.Blocker.jgb Checkin
(trojan.rules)
 2808390 - ETPRO MALWARE PUP AdWare.OxyPumper Download (malware.rules)
 2808715 - ETPRO TROJAN Win32/Sality.AM GET Request (trojan.rules)
 2809531 - ETPRO TROJAN Likely Win32/Agobot Large POST to Legit Website
(trojan.rules)
 2809547 - ETPRO TROJAN Symmi payload download (trojan.rules)
 2809683 - ETPRO POLICY IP Check freegeoip.net (policy.rules)
 2810756 - ETPRO TROJAN Win32/Rovnix.P Retrieving .dat (trojan.rules)
 2810959 - ETPRO MOBILE_MALWARE Riskware Android/SMSreg.OC Checkin
(mobile_malware.rules)
 2811535 - ETPRO MALWARE Win32/bmMedia.D PUP Downloader (malware.rules)
 2812234 - ETPRO POLICY IP lookup pv.sohu.com (policy.rules)
 2812378 - ETPRO MALWARE Downloader.Win32.Agent.diyn PUA (malware.rules)
 2812465 - ETPRO USER_AGENTS Suspicious User-Agent (User-Agent)
(user_agents.rules)
 2812498 - ETPRO TROJAN Win32/Haperlock.A Connectivity Check (trojan.rules)
 2812739 - ETPRO POLICY NetSupport Remote Admin Checkin (policy.rules)
 2812834 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Sept 1 M2
(current_events.rules)
 2814318 - ETPRO CURRENT_EVENTS Angler EK Landing URI Struct Oct 12
(current_events.rules)
 2814736 - ETPRO TROJAN Pirpi CnC Beacon (trojan.rules)
 2815325 - ETPRO TROJAN Andromeda CnC Beacon Fake UA 2 (trojan.rules)
 2816095 - ETPRO CURRENT_EVENTS Angler EK Payload Feb 05 2015 M1 T1
(current_events.rules)
 2816234 - ETPRO CURRENT_EVENTS Angler EK Feb 15 2015 M1 T2
(current_events.rules)
 2816484 - ETPRO CURRENT_EVENTS Angler EK Landing Mar 02 2016 M1 T1
(current_events.rules)
 2816511 - ETPRO CURRENT_EVENTS Angler EK Landing Mar 02 2016 M1 T1
(current_events.rules)
 2821022 - ETPRO CURRENT_EVENTS Neutrino EK Payload July 08 2016 M1
(current_events.rules)
 2821356 - ETPRO MALWARE Qiyi PUP Installer SSL Cert (malware.rules)
 2821569 - ETPRO TROJAN Locky CnC checkin Aug 03 2016 M2 (trojan.rules)
 2822860 - ETPRO MALWARE MSIL/Kryptik.EAN Variant Downloader Activity
(malware.rules)
 2825353 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate
Detected (trojan.rules)
 2826889 - ETPRO TROJAN Win32.Cybergate RAT SQLite DL (trojan.rules)
 2826896 - ETPRO TROJAN Win32/InstallCore CnC Activity (trojan.rules)
 2827690 - ETPRO MOBILE_MALWARE PUP Android/Igexin.B Checkin 2
(mobile_malware.rules)
 2827774 - ETPRO TROJAN Backdoor.Ratenjay POST with System Information
(trojan.rules)
 2828722 - ETPRO TROJAN Win32/1ms0rry CoinMiner Botnet CnC Checkin M2
(trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20171130/b292508f/attachment.html>


More information about the Emerging-updates mailing list