[Emerging-updates] Daily Ruleset Update Summary 2018/07/06

Travis Green tgreen at emergingthreats.net
Fri Jul 6 11:08:27 HDT 2018


[***]            Summary:            [***]

24 new Pro. sLoad Cert, AscentorLoader, Weblogic Server Deserialization,
Various Mobile.


[+++]          Added rules:          [+++]

 2831581 - ETPRO EXPLOIT Oracle Weblogic Server Deserialization Remote
Command Execution (exploit.rules)
 2831582 - ETPRO TROJAN SSL/TLS Certificate Observed (sLoad) (trojan.rules)
 2831583 - ETPRO TROJAN SSL/TLS Certificate Observed (sLoad) (trojan.rules)
 2831584 - ETPRO MOBILE_MALWARE Android.Adware.KyView CnC Checkin
(mobile_malware.rules)
 2831585 - ETPRO MALWARE Win32/InstallMonster.Adware CnC Checkin
(malware.rules)
 2831586 - ETPRO USER_AGENTS InstallMonster Adware User-Agent (LH_A)
(user_agents.rules)
 2831587 - ETPRO TROJAN AscentorLoader HTTP Response M1 (trojan.rules)
 2831588 - ETPRO TROJAN AscentorLoader HTTP Response M2 (trojan.rules)
 2831589 - ETPRO TROJAN Cobalt Group Downloader (apstore .info in DNS
Lookup) (trojan.rules)
 2831590 - ETPRO TROJAN Cobalt Group Downloader (apstore .info in TLS SNI)
(trojan.rules)
 2831591 - ETPRO WEB_SPECIFIC_APPS Airties AIR5444TT - Cross-Site Scripting
(web_specific_apps.rules)
 2831592 - ETPRO NETBIOS PolarisOffice Insecure Library Loading - SMB ASCII
(netbios.rules)
 2831593 - ETPRO NETBIOS PolarisOffice Insecure Library Loading - SMB
Unicode (netbios.rules)
 2831594 - ETPRO WEB_CLIENT PolarisOffice Insecure Library Loading
(web_client.rules)
 2831595 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-06 1) (trojan.rules)
 2831596 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-06 2) (trojan.rules)
 2831597 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-06 3) (trojan.rules)
 2831598 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-06 4) (trojan.rules)
 2831599 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-06 5) (trojan.rules)
 2831600 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-06 6) (trojan.rules)
 2831601 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-06 7) (trojan.rules)
 2831602 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-06 8) (trojan.rules)
 2831603 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-06 9) (trojan.rules)
 2831604 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-06 10) (trojan.rules)


[///]     Modified active rules:     [///]

 2025091 - ET WEB_CLIENT Adobe Acrobat PDF Reader use after free JavaScript
engine (CVE-2017-16393) (web_client.rules)
 2828205 - ETPRO TROJAN MSIL/Kryptik.JJC/GalaxyRAT IP Check (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20180706/e1c655b2/attachment.html>


More information about the Emerging-updates mailing list