[Emerging-updates] Daily Ruleset Update Summary 2018/01/24

Travis Green tgreen at emergingthreats.net
Wed Jan 24 12:07:24 HST 2018


[***]            Summary:            [***]

35 new Pro. Mirai Variant DNS, RubyMiner, BlackTDS, Various Mobile, Various
Phishing.


[+++]          Added rules:          [+++]

 2829395 - ETPRO CURRENT_EVENTS Successful Fifth Third Bank Phish
2018-01-24 (current_events.rules)
 2829396 - ETPRO MOBILE_MALWARE Android/Agent.AKX /
Trojan-Spy.AndroidOS.Agent.oe Checkin 3 (mobile_malware.rules)
 2829397 - ETPRO CURRENT_EVENTS Malicious VBScript Inbound (dropping XMRig)
(current_events.rules)
 2829398 - ETPRO INFO Possibly Malicious VBScript Executing WScript.Shell
Run Method (info.rules)
 2829399 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-24 1) (trojan.rules)
 2829400 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-24 2) (trojan.rules)
 2829401 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-24 3) (trojan.rules)
 2829402 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-24 4) (trojan.rules)
 2829403 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-24 5) (trojan.rules)
 2829404 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc Payload
2018-01-23) (current_events.rules)
 2829405 - ETPRO POLICY External IP Address Lookup (policy.rules)
 2829406 - ETPRO TROJAN Remcos DNS Lookup (trojan.rules)
 2829407 - ETPRO TROJAN Mirai Variant DNS Lookup M1 (trojan.rules)
 2829408 - ETPRO TROJAN Mirai Variant DNS Lookup M2 (trojan.rules)
 2829409 - ETPRO TROJAN Mirai Variant DNS Lookup M3 (trojan.rules)
 2829410 - ETPRO TROJAN Mirai Variant DNS Lookup M4 (trojan.rules)
 2829411 - ETPRO TROJAN Mirai Variant DNS Lookup M5 (trojan.rules)
 2829412 - ETPRO TROJAN Mirai Variant DNS Lookup M6 (trojan.rules)
 2829413 - ETPRO TROJAN Mirai Variant DNS Lookup M7 (trojan.rules)
 2829414 - ETPRO TROJAN Mirai Variant DNS Lookup M8 (trojan.rules)
 2829415 - ETPRO TROJAN Mirai Variant DNS Lookup M9 (trojan.rules)
 2829416 - ETPRO TROJAN Mirai Variant DNS Lookup M10 (trojan.rules)
 2829417 - ETPRO TROJAN Mirai Variant DNS Lookup M11 (trojan.rules)
 2829418 - ETPRO TROJAN Mirai Variant DNS Lookup M12 (trojan.rules)
 2829419 - ETPRO TROJAN Mirai Variant DNS Lookup M13 (trojan.rules)
 2829420 - ETPRO TROJAN Mirai Variant DNS Lookup M14 (trojan.rules)
 2829421 - ETPRO TROJAN Mirai Variant DNS Lookup M15 (trojan.rules)
 2829422 - ETPRO TROJAN Mirai Variant DNS Lookup M16 (trojan.rules)
 2829423 - ETPRO TROJAN RubyMiner CnC/Dropzone DNS Lookup 1 (trojan.rules)
 2829424 - ETPRO TROJAN RubyMiner CnC/Dropzone DNS Lookup 2 (trojan.rules)
 2829425 - ETPRO TROJAN RubyMiner CnC/Dropzone DNS Lookup 3 (trojan.rules)
 2829426 - ETPRO CURRENT_EVENTS BlackTDS SocEng Fake Java Update
(current_events.rules)
 2829427 - ETPRO CURRENT_EVENTS BlackTDS Favicon Inbound - SocEng Related
(current_events.rules)
 2829428 - ETPRO CURRENT_EVENTS BlackTDS Cookie Set (current_events.rules)
 2829429 - ETPRO TROJAN Win32/Sathurbot.AN Checkin M1 (trojan.rules)


[///]     Modified active rules:     [///]

 2025238 - ET INFO Base64 Encoded powershell.exe in HTTP Response M1
(info.rules)
 2826455 - ETPRO MOBILE_MALWARE Android/Agent.AKX Checkin
(mobile_malware.rules)
 2828734 - ETPRO TROJAN Powerstats C2 (trojan.rules)

-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20180124/f9290a65/attachment.html>


More information about the Emerging-updates mailing list