[Emerging-updates] Daily Ruleset Update Summary 2018/01/16

Travis Green tgreen at emergingthreats.net
Tue Jan 16 13:06:15 HST 2018


[***]            Summary:            [***]

5 new Open, 55 new Pro (5 + 50). Possible APT28 DNS,OSX/Mami, Colony
Rootkit, Various Phishing.

Thanks: @MalwrHunterTeam


[+++]          Added rules:          [+++]

Open:

 2025199 - ET TROJAN OSX/Mami CnC Checkin (trojan.rules)
 2025200 - ET TROJAN OSX/Mami Possible DNS Query to Evil DNS Server
(trojan.rules)
 2025201 - ET TROJAN Observed Evrial Domain (cryptoclipper .ru in TLS SNI)
(trojan.rules)
 2025202 - ET TROJAN [PTsecurity] Trojan.Downloader VBA Script obfuscation
(binary_getter) (trojan.rules)
 2025203 - ET USER_AGENTS [PTsecurity] Possible Trojan.Downloader UserAgent
(binary_getter) (user_agents.rules)

Pro:

 2828743 - ETPRO CURRENT_EVENTS Malicious VBScript Inbound
(current_events.rules)
 2829272 - ETPRO TROJAN Possible APT28 DNS Lookup (trojan.rules)
 2829273 - ETPRO TROJAN Possible APT28 DNS Lookup (trojan.rules)
 2829274 - ETPRO TROJAN Possible APT28 DNS Lookup (trojan.rules)
 2829275 - ETPRO TROJAN Possible APT28 DNS Lookup (trojan.rules)
 2829276 - ETPRO TROJAN Possible APT28 DNS Lookup (trojan.rules)
 2829277 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
 2829278 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
 2829279 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
 2829280 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
 2829281 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
 2829282 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
 2829283 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
 2829284 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
 2829285 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
 2829286 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
 2829287 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
 2829288 - ETPRO TROJAN Colony Rootkit Downloader CnC Checkin (trojan.rules)
 2829289 - ETPRO TROJAN Colony Rootkit Downloader Requesting Payload
(trojan.rules)
 2829290 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL)
(trojan.rules)
 2829291 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2018-01-16
(current_events.rules)
 2829292 - ETPRO CURRENT_EVENTS Successful Stripe Phish 2018-01-16
(current_events.rules)
 2829293 - ETPRO CURRENT_EVENTS Adobe Shared Document Phishing Landing
2018-01-16 (current_events.rules)
 2829294 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2018-01-16 (current_events.rules)
 2829295 - ETPRO CURRENT_EVENTS Successful Facebook Help Center Phish
2018-01-16 (current_events.rules)
 2829296 - ETPRO TROJAN MSIL/Backdoor.Magoo Retrieving Server Info
(trojan.rules)
 2829297 - ETPRO MALWARE MSIL/AdFraudClicker Activity M2 (malware.rules)
 2829298 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-01-16
(current_events.rules)
 2829299 - ETPRO CURRENT_EVENTS Successful BNZ Internet Banking Phish
2018-01-16 (current_events.rules)
 2829300 - ETPRO CURRENT_EVENTS Successful Oney (FR) Phish 2018-01-16 M1
(current_events.rules)
 2829301 - ETPRO CURRENT_EVENTS Successful Oney (FR) Phish 2018-01-16 M2
(current_events.rules)
 2829302 - ETPRO CURRENT_EVENTS Successful Optus Webmail Phish 2018-01-16
(current_events.rules)
 2829303 - ETPRO CURRENT_EVENTS Successful Smartsheet Phish 2018-01-16
(current_events.rules)
 2829304 - ETPRO TROJAN Compromised Legitimate Website Lazarus Group
Downloader SSL Cert (trojan.rules)
 2829305 - ETPRO CURRENT_EVENTS Successful Generic Mailbox Upgrade Phish
2018-01-16 (current_events.rules)
 2829306 - ETPRO CURRENT_EVENTS Successful Microsoft/Hotmail Account Phish
2018-01-16 (current_events.rules)
 2829307 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-16 1) (trojan.rules)
 2829308 - ETPRO TROJAN MSIL/Remcos Variant CnC Checkin (trojan.rules)
 2829309 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-16 2) (trojan.rules)
 2829310 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-16 3) (trojan.rules)
 2829311 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-16 4) (trojan.rules)
 2829312 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-16 5) (trojan.rules)
 2829313 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-16 7) (trojan.rules)
 2829314 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-16 8) (trojan.rules)
 2829315 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-16 10) (trojan.rules)
 2829316 - ETPRO CURRENT_EVENTS Fedex Phishing Landing 2018-01-16
(current_events.rules)
 2829317 - ETPRO CURRENT_EVENTS Successful Fedex Phish 2018-01-16
(current_events.rules)
 2829318 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-16 6) (trojan.rules)
 2829319 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-16 9) (trojan.rules)
 2829320 - ETPRO CURRENT_EVENTS Successful Stripe Phish 2018-01-16
(current_events.rules)


[///]     Modified active rules:     [///]

 2809267 - ETPRO TROJAN W32/TinyZBot Fake Resume Upload GET Request
(Operation Cleaver) (trojan.rules)
 2829000 - ETPRO TROJAN FormBook CnC Checkin (GET) (trojan.rules)


[---]  Disabled and modified rules:  [---]

 2814040 - ETPRO CURRENT_EVENTS Successful Wire Transfer Phish Sept 22 2015
(current_events.rules)


[---]         Removed rules:         [---]

 2828743 - ETPRO TROJAN Malicious VBScript Inbound (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20180116/8834c491/attachment.html>


More information about the Emerging-updates mailing list