[Emerging-updates] Daily Ruleset Update Summary 2018/01/23

Travis Green tgreen at emergingthreats.net
Tue Jan 23 14:14:50 HST 2018


[***]            Summary:            [***]

5 new Open, 22 new Pro (5 + 17). Win32/QwertMiner, MSIL/XanaduMiner,
Emrethob CnC, Various Phishing.

Thanks: @MalwrHunterTeam


 [+++]          Added rules:          [+++]

  Open:

  2025242 - ET CURRENT_EVENTS Blocked Incoming Emails Phishing Landing
2018-01-23 (current_events.rules)
  2025243 - ET CURRENT_EVENTS ABSA Online Phishing Landing 2018-01-23
(current_events.rules)
  2025244 - ET CURRENT_EVENTS AT&T Phishing Landing 2018-01-23
(current_events.rules)
  2025245 - ET CURRENT_EVENTS Facebook Phishing Landing 2018-01-23
(current_events.rules)
  2025246 - ET CURRENT_EVENTS LCL Banque et Assurance (FR) Phishing Landing
2018-01-23 (current_events.rules)

  Pro:

  2829377 - ETPRO TROJAN Samsam Payment Domain Observed (jcmi5n4c3mvgtyt5
in DNS Lookup) (trojan.rules)
  2829378 - ETPRO TROJAN Win32/QwertMiner CnC Checkin (trojan.rules)
  2829379 - ETPRO TROJAN MSIL/XanaduMiner CnC Checkin (trojan.rules)
  2829381 - ETPRO CURRENT_EVENTS Successful Stripe Phish 2018-01-23
(current_events.rules)
  2829382 - ETPRO TROJAN CrimeScene IRC Bot Checkin (trojan.rules)
  2829383 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc
Payload 2018-01-23) (current_events.rules)
  2829384 - ETPRO EXPLOIT Possible CVE-2017-11882 MS Equation 3.0 OLE
Component Buffer Overflow Attempt M1 (exploit.rules)
  2829385 - ETPRO EXPLOIT Possible CVE-2017-11882 MS Equation 3.0 OLE
Component Buffer Overflow Attempt M2 (exploit.rules)
  2829386 - ETPRO EXPLOIT Possible CVE-2017-11882 MS Equation 3.0 OLE
Component Buffer Overflow Attempt M3 (exploit.rules)
  2829387 - ETPRO EXPLOIT Possible CVE-2017-11882 MS Equation 3.0 OLE
Component Buffer Overflow Attempt M4 (exploit.rules)
  2829388 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-23 1) (trojan.rules)
  2829389 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-23 2) (trojan.rules)
  2829390 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-23 3) (trojan.rules)
  2829391 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-23 4) (trojan.rules)
  2829392 - ETPRO CURRENT_EVENTS Successful Oracle/PeopleSoft Phish
2018-01-23 (current_events.rules)
  2829393 - ETPRO TROJAN Emrethob CnC Check-in (trojan.rules)
  2829394 - ETPRO TROJAN Emrethob CnC Heartbeat (trojan.rules)


 [///]     Modified active rules:     [///]

  2828914 - ETPRO TROJAN MSIL/Hon.DoS.Tool CnC Checkin (trojan.rules)
  2829231 - ETPRO TROJAN Win32/Smominru Coinminer Checkin (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20180123/cb925f19/attachment.html>


More information about the Emerging-updates mailing list