[Emerging-updates] Daily Ruleset Update Summary 2018/01/08

Travis Green tgreen at emergingthreats.net
Mon Jan 8 12:25:45 HST 2018


[***]            Summary:            [***]

21 new Pro. Win32/Agent.IKYV, Win32/FileTour Variant, CVE-2017-6736,
Various Phishing.


[+++]          Added rules:          [+++]

Pro:

 2829194 - ETPRO TROJAN Win32/Agent.IKYV CnC Checkin (trojan.rules)
 2829195 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2018-01-08
(current_events.rules)
 2829196 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-01-08
(current_events.rules)
 2829197 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-01-08
(current_events.rules)
 2829198 - ETPRO TROJAN MSIL/Zbrain PUP/Stealer Checkin (trojan.rules)
 2829199 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2018-01-08
(current_events.rules)
 2829200 - ETPRO CURRENT_EVENTS Possible Successful Cyberplus (FR) Phish M1
2018-01-08 (current_events.rules)
 2829201 - ETPRO CURRENT_EVENTS Successful Cyberplus (FR) Phish M2
2018-01-08 (current_events.rules)
 2829202 - ETPRO TROJAN MSIL/Zbrain PUP/Stealer Installer UA (trojan.rules)
 2829203 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-08 1) (trojan.rules)
 2829204 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-08 2) (trojan.rules)
 2829205 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-08 3) (trojan.rules)
 2829206 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-08 4) (trojan.rules)
 2829207 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-08 5) (trojan.rules)
 2829208 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-08 6) (trojan.rules)
 2829209 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-08 7) (trojan.rules)
 2829210 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-08 8) (trojan.rules)
 2829211 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-08 9) (trojan.rules)
 2829212 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-08 10) (trojan.rules)
 2829218 - ETPRO TROJAN Win32/FileTour Variant CnC Checkin (trojan.rules)
 2829219 - ETPRO EXPLOIT Possible CVE-2017-6736 Malformed Vulnerable OID
Inbound (exploit.rules)


[///]     Modified active rules:     [///]

 2019313 - ET TROJAN Sourtoff Receiving Simda Payload (trojan.rules)
 2826391 - ETPRO TROJAN Zloader HTTP Checkin (trojan.rules)


[---]         Removed rules:         [---]

 2015905 - ET CURRENT_EVENTS WSO - WebShell Activity - WSO Title
(current_events.rules)
 2015906 - ET CURRENT_EVENTS WSO - WebShell Activity - POST structure
(current_events.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20180108/25e4e48d/attachment.html>


More information about the Emerging-updates mailing list