[Emerging-updates] Daily Ruleset Update Summary 2018/01/02

Travis Green tgreen at emergingthreats.net
Tue Jan 2 12:13:51 HST 2018


[***]            Summary:            [***]

3 new Open, 25 new Pro (3 + 22). Win32/CoinMining Loader, Xtrat/XtremeRAT,
Various Phishing.


[+++]          Added rules:          [+++]

Open:

 2025178 - ET TROJAN Sharik/Smoke CnC Beacon 9 (trojan.rules)
 2025179 - ET TROJAN Qasar Variant Domain (datapeople-cn .com in DNS
Lookup) (trojan.rules)
 2025180 - ET CURRENT_EVENTS Possible Successful Generic Phish (set)
2018-01-02 (current_events.rules)

Pro:

 2829118 - ETPRO TROJAN Win32/CoinMining Loader CnC Checkin (trojan.rules)
 2829119 - ETPRO CURRENT_EVENTS Successful Citizens Bank Phish 2018-01-02
M1 (current_events.rules)
 2829120 - ETPRO CURRENT_EVENTS Successful Citizens Bank Phish 2018-01-02
M2 (current_events.rules)
 2829121 - ETPRO CURRENT_EVENTS Successful Citizens Bank Phish 2018-01-02
M3 (current_events.rules)
 2829122 - ETPRO CURRENT_EVENTS Successful DHL Phish 2018-01-02
(current_events.rules)
 2829123 - ETPRO CURRENT_EVENTS Successful Amazon Cancel Order Phish
2018-01-02 (current_events.rules)
 2829124 - ETPRO CURRENT_EVENTS Successful Orange.fr Phish 2018-01-02
(current_events.rules)
 2829125 - ETPRO CURRENT_EVENTS Suspicious AutoIt EXE Download (Observed in
Maldoc Campaign Dropping Xtrat) (current_events.rules)
 2829126 - ETPRO CURRENT_EVENTS Successful Netflix (BR) Phish 2018-01-02
(current_events.rules)
 2829127 - ETPRO CURRENT_EVENTS Successful Dropbox (CN) Phish 2018-01-02 M1
(current_events.rules)
 2829128 - ETPRO CURRENT_EVENTS Successful Dropbox (CN) Phish 2018-01-02 M2
(current_events.rules)
 2829129 - ETPRO TROJAN Xtrat/XtremeRAT Google PING Connectivity Check
(trojan.rules)
 2829130 - ETPRO CURRENT_EVENTS MalDoc Retrieving EXE Payload 2018-01-02
(current_events.rules)
 2829131 - ETPRO CURRENT_EVENTS Successful SFR Account Phish 2018-01-02
(current_events.rules)
 2829132 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-02 1) (trojan.rules)
 2829133 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-02 2) (trojan.rules)
 2829134 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-02 3) (trojan.rules)
 2829135 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-02 4) (trojan.rules)
 2829136 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-02 5) (trojan.rules)
 2829137 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-02 6) (trojan.rules)
 2829138 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-02 8) (trojan.rules)
 2829139 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-02 9) (trojan.rules)


[///]     Modified active rules:     [///]

 2018401 - ET TROJAN Win32.Kazy Checkin (trojan.rules)
 2022730 - ET INFO PhishMe.com Phishing Landing Exercise (info.rules)
 2023712 - ET CURRENT_EVENTS Paypal Phishing Landing Jan 09 2017
(current_events.rules)
 2024583 - ET CURRENT_EVENTS Possible YapiKredi Bank (TR) Phishing Landing
- Title over non SSL (current_events.rules)
 2024705 - ET CURRENT_EVENTS Apple Phishing Landing M3 Sep 14 2017
(current_events.rules)
 2814624 - ETPRO TROJAN XtremeRAT CnC Beacon 1 (trojan.rules)
 2815129 - ETPRO CURRENT_EVENTS Possible Base64 Obfuscated Phishing Landing
2015-11-30 (current_events.rules)
 2816734 - ETPRO CURRENT_EVENTS Obfuscated Chase Phishing Landing
2016-03-23 (current_events.rules)
 2816790 - ETPRO CURRENT_EVENTS L33bo Phishing Landing 2016-03-29
(current_events.rules)
 2821737 - ETPRO TROJAN Babylon RAT C2 Client Request (trojan.rules)
 2822442 - ETPRO CURRENT_EVENTS Multibank Phishing Landing/Redirect (NL) M1
2016-10-06 (current_events.rules)
 2822443 - ETPRO CURRENT_EVENTS SNS Bank Phishing Landing/Redirect (NL) M1
2016-10-06 (current_events.rules)
 2822444 - ETPRO CURRENT_EVENTS SNS Bank Phishing Landing/Redirect/ (NL) M2
2016-10-06 (current_events.rules)
 2822445 - ETPRO CURRENT_EVENTS ASN/Regio Bank Phishing Landing/Redirect
(NL) M1 2016-10-06 (current_events.rules)
 2822446 - ETPRO CURRENT_EVENTS ASN/Regio Bank Phishing Landing/Redirect
(NL) M2 2016-10-06 (current_events.rules)
 2822447 - ETPRO CURRENT_EVENTS Multibank Phishing Landing/Redirect (NL) M2
2016-10-06 (current_events.rules)
 2823939 - ETPRO CURRENT_EVENTS Obfuscated Phishing Landing Dec 18 2016
(current_events.rules)
 2823940 - ETPRO TROJAN Google Docs Phishing Landing Dec 18 2016
(trojan.rules)
 2823945 - ETPRO CURRENT_EVENTS Microsoft Office Phishing Landing Dec 18
2016 (current_events.rules)
 2824565 - ETPRO CURRENT_EVENTS DHL Phishing Landing Jan 20 2017
(current_events.rules)
 2824614 - ETPRO CURRENT_EVENTS Paypal Phishing Landing Jan 24 2017
(current_events.rules)
 2824792 - ETPRO CURRENT_EVENTS Banco Itau Phishing Landing Javascript Feb
06 2017 (current_events.rules)
 2825147 - ETPRO CURRENT_EVENTS Possible Sparkasse Bank Phishing Landing
Feb 27 2017 (current_events.rules)
 2828073 - ETPRO CURRENT_EVENTS Successful Raiffeisen Bank Phishing Landing
/ Fake Android App Sep 27 2017 (current_events.rules)
 2829110 - ETPRO TROJAN Win32/Crimson Variant CnC Checkin (trojan.rules)


[---]         Removed rules:         [---]

 2014571 - ET TROJAN HTTP Request to a a known malware domain (sektori.org)
(trojan.rules)
 2828164 - ETPRO MOBILE_MALWARE ANDROIDOS_HIDDENAPP.HRXZ Checkin
(mobile_malware.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20180102/b1ea25b9/attachment-0001.html>


More information about the Emerging-updates mailing list