[Emerging-updates] Daily Ruleset Update Summary 2018/01/17

Travis Green tgreen at emergingthreats.net
Wed Jan 17 12:05:57 HST 2018


[***]            Summary:            [***]

2 new Open, 15 new Pro (2 + 13). Win32.Blouiroet, Gozi/Ursnif Payload,
Downloader.Fon, Various Phishing.

Thanks: @AttackDetection


[+++]          Added rules:          [+++]

Open:

 2025204 - ET TROJAN MoneroPay Ransomware Payment Activity (trojan.rules)
 2025205 - ET TROJAN [PTsecurity] Gozi/Ursnif Payload v14 (trojan.rules)

Pro:

 2829321 - ETPRO TROJAN W32/z.wll Checkin (trojan.rules)
 2829322 - ETPRO TROJAN Downloader.Fon CnC Beacon 1 (trojan.rules)
 2829323 - ETPRO TROJAN Downloader.Fon CnC Beacon 2 (trojan.rules)
 2829324 - ETPRO CURRENT_EVENTS Possible Successful Wells Fargo Phish
2018-01-17 (current_events.rules)
 2829325 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-01-17 M1
(current_events.rules)
 2829326 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-01-17 M2
(current_events.rules)
 2829327 - ETPRO CURRENT_EVENTS Successful Banque Postale (FR) Phish
2018-01-17 (current_events.rules)
 2829328 - ETPRO TROJAN Trojan.Win32.Blouiroet CnC - Reporting Miner Status
(trojan.rules)
 2829329 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-17 1) (trojan.rules)
 2829330 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-17 2) (trojan.rules)
 2829331 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-17 3) (trojan.rules)
 2829332 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-17 4) (trojan.rules)
 2829333 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2018-01-17 (current_events.rules)


[///]     Modified active rules:     [///]

 2820512 - ETPRO TROJAN MSIL/Zyklon/Censer Plugin DL (trojan.rules)
 2822954 - ETPRO CURRENT_EVENTS Successful Generic Phish M2 Oct 27 2016
(current_events.rules)
 2824923 - ETPRO CURRENT_EVENTS Apple Phishing Landing M1 Feb 13 2017
(current_events.rules)


[---]         Removed rules:         [---]

 2827962 - ETPRO TROJAN Malicious Domain in SNI (Backconnet RAT PWStealer
Module DL) (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20180117/ff11b21d/attachment.html>


More information about the Emerging-updates mailing list