[Emerging-updates] Daily Ruleset Update Summary 2018/07/09

Travis Green tgreen at emergingthreats.net
Mon Jul 9 12:23:15 HDT 2018


[***]            Summary:            [***]

49 new Pro. Various PHP/system exploits, Various Phish, Various Mobile.


[+++]          Added rules:          [+++]

 2816040 - ETPRO INFO Phishing Landing via Weebly.com Feb 2 M1 (info.rules)
 2816041 - ETPRO INFO Phishing Landing via Weebly.com Feb 2 M2 (info.rules)
 2816042 - ETPRO INFO Phishing Landing via Weebly.com Feb 2 M3 (info.rules)
 2816043 - ETPRO INFO Phishing Landing via Weebly.com Feb 2 M4 (info.rules)
 2831605 - ETPRO CURRENT_EVENTS Possible Powershell Loader with Base64
Encoded EXE Inbound (current_events.rules)
 2831606 - ETPRO EXPLOIT Exim Internet Mailer Remote Code Execution
(exploit.rules)
 2831607 - ETPRO MOBILE_MALWARE PUP Android/SMSFlooder.Agent.CK CnC Beacon
(mobile_malware.rules)
 2831608 - ETPRO EXPLOIT xdebug OS Command Execution  (exploit.rules)
 2831609 - ETPRO EXPLOIT Generic system shell command to php base64 encoded
Remote Code Execution 1 (exploit.rules)
 2831610 - ETPRO EXPLOIT Generic system shell command to php base64 encoded
Remote Code Execution 2 (exploit.rules)
 2831611 - ETPRO EXPLOIT Generic system shell command to php base64 encoded
Remote Code Execution 3 (exploit.rules)
 2831612 - ETPRO EXPLOIT Generic system shell command to php base64 encoded
Remote Code Execution 4 (exploit.rules)
 2831613 - ETPRO EXPLOIT Generic system shell command to php base64 encoded
Remote Code Execution 5 (exploit.rules)
 2831614 - ETPRO EXPLOIT Generic system shell command to php base64 encoded
Remote Code Execution 6 (exploit.rules)
 2831615 - ETPRO EXPLOIT file_put_contents php base64 encoded Remote Code
Execution 1 (exploit.rules)
 2831616 - ETPRO EXPLOIT file_put_contents php base64 encoded Remote Code
Execution 2 (exploit.rules)
 2831617 - ETPRO EXPLOIT file_put_contents php base64 encoded Remote Code
Execution 3 (exploit.rules)
 2831618 - ETPRO EXPLOIT bin bash base64 encoded Remote Code Execution 1
(exploit.rules)
 2831619 - ETPRO EXPLOIT bin bash base64 encoded Remote Code Execution 2
(exploit.rules)
 2831620 - ETPRO EXPLOIT bin bash base64 encoded Remote Code Execution 3
(exploit.rules)
 2831621 - ETPRO EXPLOIT php script base64 encoded Remote Code Execution 1
(exploit.rules)
 2831622 - ETPRO EXPLOIT php script base64 encoded Remote Code Execution 2
(exploit.rules)
 2831623 - ETPRO EXPLOIT php script base64 encoded Remote Code Execution 3
(exploit.rules)
 2831624 - ETPRO EXPLOIT php script double base64 encoded Remote Code
Execution 1 (exploit.rules)
 2831625 - ETPRO EXPLOIT php script double base64 encoded Remote Code
Execution 2 (exploit.rules)
 2831626 - ETPRO EXPLOIT php script double base64 encoded Remote Code
Execution 3 (exploit.rules)
 2831627 - ETPRO EXPLOIT php script double base64 encoded Remote Code
Execution 4 (exploit.rules)
 2831628 - ETPRO EXPLOIT php script double base64 encoded Remote Code
Execution 5 (exploit.rules)
 2831629 - ETPRO EXPLOIT php script double base64 encoded Remote Code
Execution 6 (exploit.rules)
 2831630 - ETPRO EXPLOIT php script double base64 encoded Remote Code
Execution 7 (exploit.rules)
 2831631 - ETPRO EXPLOIT php script double base64 encoded Remote Code
Execution 8 (exploit.rules)
 2831632 - ETPRO EXPLOIT php script double base64 encoded Remote Code
Execution 9 (exploit.rules)
 2831633 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-09 1) (trojan.rules)
 2831634 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-09 2) (trojan.rules)
 2831635 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-09 3) (trojan.rules)
 2831636 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-09 4) (trojan.rules)
 2831637 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-09 5) (trojan.rules)
 2831638 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-09 6) (trojan.rules)
 2831639 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-09 7) (trojan.rules)
 2831640 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-09 8) (trojan.rules)
 2831641 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-09 9) (trojan.rules)
 2831642 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-09 10) (trojan.rules)
 2831643 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2018-07-09
(current_events.rules)
 2831644 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-07-09
(current_events.rules)
 2831645 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2018-07-09
(current_events.rules)
 2831646 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2018-07-09
(current_events.rules)
 2831647 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2018-07-09) (current_events.rules)
 2831648 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2018-07-09 Domain (www
.casements .co .ug in TLS SNI) (current_events.rules)
 2831649 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2018-07-09 Domain
(hertdog .site in TLS SNI) (current_events.rules)


[///]     Modified active rules:     [///]

 2815315 - ETPRO TROJAN Gootkit Malicious SSL Cert Dec 10 (trojan.rules)
 2831585 - ETPRO MALWARE Win32/InstallMonster.Adware CnC Checkin
(malware.rules)


[---]         Removed rules:         [---]

 2816040 - ETPRO CURRENT_EVENTS Phishing Landing via Weebly.com Feb 2 M1
(current_events.rules)
 2816041 - ETPRO CURRENT_EVENTS Phishing Landing via Weebly.com Feb 2 M2
(current_events.rules)
 2816042 - ETPRO CURRENT_EVENTS Phishing Landing via Weebly.com Feb 2 M3
(current_events.rules)
 2816043 - ETPRO CURRENT_EVENTS Phishing Landing via Weebly.com Feb 2 M4
(current_events.rules)
 2831586 - ETPRO USER_AGENTS InstallMonster Adware User-Agent (LH_A)
(user_agents.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20180709/fe38b162/attachment.html>


More information about the Emerging-updates mailing list