[Emerging-updates] Daily Ruleset Update Summary 2018/01/03

Travis Green tgreen at emergingthreats.net
Wed Jan 3 14:20:31 HST 2018


[***]            Summary:            [***]

1 new Open, 28 new Pro (1 + 27). MSIL/System Information Grabber,
MSIL/Bancos Variant, Various Phishing.


[+++]          Added rules:          [+++]

Open:

 2025181 - ET CURRENT_EVENTS Paypal Phishing Landing 2018-01-03
(current_events.rules)

Pro:

 2829140 - ETPRO TROJAN Win32/ChaseBrute CnC Checkin (trojan.rules)
 2829141 - ETPRO CURRENT_EVENTS Successful Orange.fr Phish 2018-01-03
(current_events.rules)
 2829142 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL)
(trojan.rules)
 2829143 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2018-01-03
M1 (current_events.rules)
 2829144 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2018-01-03
M2 (current_events.rules)
 2829145 - ETPRO INFO MSIL/System Information Grabber Reporting Details
(info.rules)
 2829146 - ETPRO CURRENT_EVENTS Successful WhatsApp Phish 2018-01-03
(current_events.rules)
 2829147 - ETPRO TROJAN MSIL/Bancos Variant CnC Checkin (trojan.rules)
 2829148 - ETPRO CURRENT_EVENTS Successful TMobile Phish 2018-01-03
(current_events.rules)
 2829149 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2018-01-03
(current_events.rules)
 2829150 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-01-03
(current_events.rules)
 2829151 - ETPRO TROJAN Cybergate/Rebhip/Spyrat/Win32.Poison Generic
Checkin (trojan.rules)
 2829152 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz SMS/Contact
Exfil via SMTP 35 (mobile_malware.rules)
 2829153 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-02 10) (trojan.rules)
 2829154 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-02 11) (trojan.rules)
 2829155 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact
Exfil via SMTP 24 (mobile_malware.rules)
 2829156 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-02 12) (trojan.rules)
 2829157 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-02 13) (trojan.rules)
 2829158 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact
Exfil via SMTP 25 (mobile_malware.rules)
 2829159 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-02 14) (trojan.rules)
 2829160 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-02 15) (trojan.rules)
 2829161 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-02 16) (trojan.rules)
 2829162 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-02 17) (trojan.rules)
 2829163 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-02 18) (trojan.rules)
 2829164 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-02 19) (trojan.rules)
 2829165 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-02 20) (trojan.rules)
 2829166 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(NDNRemFNVm5SS1lpc1E...) (trojan.rules)


[///]     Modified active rules:     [///]

 2021178 - ET ATTACK_RESPONSE Metasploit Meterpreter Reverse HTTPS
certificate (attack_response.rules)
 2024708 - ET TROJAN CCleaner Backdoor DGA Feb 2017 (trojan.rules)
 2024709 - ET TROJAN CCleaner Backdoor DGA Mar 2017 (trojan.rules)
 2024710 - ET TROJAN CCleaner Backdoor DGA Apr 2017 (trojan.rules)
 2024711 - ET TROJAN CCleaner Backdoor DGA May 2017 (trojan.rules)
 2024712 - ET TROJAN CCleaner Backdoor DGA Jun 2017 (trojan.rules)
 2829118 - ETPRO TROJAN Win32/CoinMining Loader CnC Checkin (trojan.rules)
 2024708 - ET TROJAN CCleaner Backdoor DGA Feb 2017 (trojan.rules)
 2024709 - ET TROJAN CCleaner Backdoor DGA Mar 2017 (trojan.rules)
 2024710 - ET TROJAN CCleaner Backdoor DGA Apr 2017 (trojan.rules)
 2024711 - ET TROJAN CCleaner Backdoor DGA May 2017 (trojan.rules)
 2024712 - ET TROJAN CCleaner Backdoor DGA Jun 2017 (trojan.rules)
 2024713 - ET TROJAN CCleaner Backdoor DGA Jul 2017 (trojan.rules)
 2024714 - ET TROJAN CCleaner Backdoor DGA Aug 2017 (trojan.rules)
 2024715 - ET TROJAN CCleaner Backdoor DGA Sep 2017 (trojan.rules)
 2024716 - ET TROJAN CCleaner Backdoor DGA Oct 2017 (trojan.rules)
 2024717 - ET TROJAN CCleaner Backdoor DGA Nov 2017 (trojan.rules)
 2024718 - ET TROJAN CCleaner Backdoor DGA Dec 2017 (trojan.rules)
 2024816 - ET TROJAN CCleaner Backdoor DGA Jan 2018 (trojan.rules)
 2024817 - ET TROJAN CCleaner Backdoor DGA Feb 2018 (trojan.rules)
 2024818 - ET TROJAN CCleaner Backdoor DGA Mar 2018 (trojan.rules)
 2024819 - ET TROJAN CCleaner Backdoor DGA Apr 2018 (trojan.rules)
 2024820 - ET TROJAN CCleaner Backdoor DGA May 2018 (trojan.rules)
 2024821 - ET TROJAN CCleaner Backdoor DGA Jun 2018 (trojan.rules)
 2024822 - ET TROJAN CCleaner Backdoor DGA Jul 2018 (trojan.rules)
 2024823 - ET TROJAN CCleaner Backdoor DGA Aug 2018 (trojan.rules)
 2024824 - ET TROJAN CCleaner Backdoor DGA Sep 2018 (trojan.rules)
 2024825 - ET TROJAN CCleaner Backdoor DGA Oct 2018 (trojan.rules)
 2024826 - ET TROJAN CCleaner Backdoor DGA Nov 2018 (trojan.rules)
 2024827 - ET TROJAN CCleaner Backdoor DGA Dec 2018 (trojan.rules)
 2829129 - ETPRO TROJAN Xtrat/XtremeRAT Google PING Connectivity Check
(trojan.rules)

[---]         Removed rules:         [---]

 2002405 - ET MALWARE Internet Optimizer User-Agent (ROGUE) (malware.rules)
 2816393 - ETPRO TROJAN Obfuscated Phishing Landing Feb 25 (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20180103/5775dbf9/attachment.html>


More information about the Emerging-updates mailing list