[Emerging-updates] Daily Ruleset Update Summary 2018/07/10

Travis Green tgreen at emergingthreats.net
Tue Jul 10 12:31:41 HDT 2018


[***]            Summary:            [***]

5 new Open, 45 new Pro (5 + 40). Drupalgeddon2, LokiBot PowerShell
Downloader, MAPP, Various Phish, Various Mobile.

Thanks: @eSentire

July MAPP Coverage:
2831659 => CVE-2018-5028
2831660 => CVE-2018-5040
2831661 => CVE-2018-5052
2831669 => CVE-2018-12756
2831670 =>  CVE-2018-12789


[+++]          Added rules:          [+++]

Open:

 2025644 - ET TROJAN Possible Metasploit Payload Common Construct Bind_API
(from server) (trojan.rules)
 2025645 - ET MALWARE [eSentire] Win32/Adware.Adposhel.lgvk CnC Checkin
(malware.rules)
 2025646 - ET WEB_SPECIFIC_APPS [eSentire] Drupalgeddon2 <8.3.9 <8.4.6
<8.5.1 RCE Through Registration Form (CVE-2018-7600)
(web_specific_apps.rules)
 2025647 - ET CURRENT_EVENTS [eSentire] Fake Flash Update 2018-07-09
(current_events.rules)
 2025648 - ET CURRENT_EVENTS [eSentire] Adobe Landing 2018-07-04
(current_events.rules)

Pro:

 2830344 - ETPRO TROJAN LokiBot PowerShell Downloader User-Agent (USR-KL)
(trojan.rules)
 2831650 - ETPRO TROJAN Win32/Agent.TDK Variant CnC Checkin (trojan.rules)
 2831651 - ETPRO EXPLOIT D-Link DIR601 2.02 Credential Disclosure
(exploit.rules)
 2831652 - ETPRO WEB_SPECIFIC_APPS Elektronischer Leitz-Ordner 10 - SQL
Injection (web_specific_apps.rules)
 2831653 - ETPRO TROJAN Powerstats/Muddywater CnC Checkin (trojan.rules)
 2831654 - ETPRO TROJAN Observed Cobalt Strike CnC Domain in TLS SNI
(trojan.rules)
 2831655 - ETPRO TROJAN Observed Cobalt Strike CnC M2 Domain (wsus
.azureedge .net in TLS SNI) (trojan.rules)
 2831656 - ETPRO TROJAN Powerstats/Muddywater CnC Activity (trojan.rules)
 2831657 - ETPRO EXPLOIT HID VertX and Edge door controllers
command_blink_on Remote Command Execution (exploit.rules)
 2831658 - ETPRO SCAN HID VertX and Edge door controllers discover
(scan.rules)
 2831659 - ETPRO EXPLOIT Acrobat Pro XPS Heap Overflow Attempt
(CVE-2018-5028) (exploit.rules)
 2831660 - ETPRO WEB_CLIENT Possible Adobe PDF Acrobat Reader Heap Overflow
(CVE-2018-5040) (web_client.rules)
 2831661 - ETPRO WEB_CLIENT Possible Adobe PDF Acrobat Reader Heap Overflow
(CVE-2018-5052) (web_client.rules)
 2831662 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1
2018-07-10 (current_events.rules)
 2831663 - ETPRO EXPLOIT Adobe EMF File Memory Corrpution Vulnerability
Inbound (CVE-2018-5061) (exploit.rules)
 2831664 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M2
2018-07-10 (current_events.rules)
 2831665 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-07-10
(current_events.rules)
 2831666 - ETPRO CURRENT_EVENTS Successful NatWest Phish M1 2018-07-10
(current_events.rules)
 2831667 - ETPRO CURRENT_EVENTS Successful NatWest Phish M2 2018-07-10
(current_events.rules)
 2831668 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-07-10
(current_events.rules)
 2831669 - ETPRO EXPLOIT Adobe Reader UAF (CVE-2018-12756) (exploit.rules)
 2831670 - ETPRO EXPLOIT Adobe EMF File Memory Corrpution Vulnerability
Inbound (CVE-2018-12789) (exploit.rules)
 2831671 - ETPRO CURRENT_EVENTS MalDoc Retrieving Ursnif Payload 2018-07-10
(current_events.rules)
 2831672 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-10 1) (trojan.rules)
 2831673 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-10 2) (trojan.rules)
 2831674 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-10 3) (trojan.rules)
 2831675 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-10 4) (trojan.rules)
 2831676 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-10 5) (trojan.rules)
 2831677 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-10 6) (trojan.rules)
 2831678 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-10 7) (trojan.rules)
 2831679 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-10 8) (trojan.rules)
 2831680 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-10 9) (trojan.rules)
 2831681 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-10 10) (trojan.rules)
 2831682 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-10 11) (trojan.rules)
 2831683 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-10 12) (trojan.rules)
 2831684 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-10 13) (trojan.rules)
 2831685 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-10 14) (trojan.rules)
 2831686 - ETPRO MOBILE_MALWARE Android/Hiddad.QO CnC Beacon
(mobile_malware.rules)
 2831687 - ETPRO MOBILE_MALWARE Android/Hiddad.QO CnC Beacon 2
(mobile_malware.rules)
 2831688 - ETPRO WEB_SPECIFIC_APPS GitList Argument Injection
(web_specific_apps.rules)


[///]     Modified active rules:     [///]

 2014726 - ET POLICY Outdated Flash Version M1 (policy.rules)
 2018667 - ET TROJAN Possible Zeus P2P Variant Check-in (trojan.rules)
 2024379 - ET POLICY Outdated Flash Version M2 (policy.rules)
 2025583 - ET TROJAN [PTsecurity] PS/TrojanDownloader.Agent.NNR XORed Zip
payload (key 0x91) (trojan.rules)
 2827448 - ETPRO WEB_CLIENT Adobe Reader Memory Corruption (CVE-2017-3122,
CVE-2018-4965) (web_client.rules)


[---]         Removed rules:         [---]

 2820244 - ETPRO TROJAN Possible Metasploit Payload Common Construct
Bind_API (from server) (trojan.rules)
 2830344 - ETPRO USER_AGENTS LokiBot PowerShell Downloader User-Agent
(USR-KL) (user_agents.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20180710/5eea211e/attachment.html>


More information about the Emerging-updates mailing list