[Emerging-updates] Daily Ruleset Update Summary 2018/07/11

Travis Green tgreen at emergingthreats.net
Wed Jul 11 13:17:32 HDT 2018


[***]            Summary:            [***]

4 new Open, 41 new Pro (5 + 36). Danabot HTTP Checkin, CVE-2018-5008,
Various Phish, Various Mobile.

Thanks: @eSentire


[+++]          Added rules:          [+++]

Open:

 2025649 - ET EXPLOIT Possible ETERNALBLUE MSF Probe MS17-010
(exploit.rules)
 2025650 - ET EXPLOIT Possible ETERNALBLUE MSF Probe Vulnerable System
Response MS17-010 (exploit.rules)
 2025651 - ET TROJAN [eSentire] Unknown Banker CnC Command (DOWNLOAD)
(trojan.rules)
 2025652 - ET TROJAN [eSentire] Unknown Banker CnC Checkin (trojan.rules)

Pro:

 2831689 - ETPRO EXPLOIT Flash Player OOB Read (CVE-2018-5008)
(exploit.rules)
 2831690 - ETPRO TROJAN Danabot HTTP Checkin (trojan.rules)
 2831691 - ETPRO MOBILE_MALWARE Android.SMSReg.AIP Variant CnC Checkin
(mobile_malware.rules)
 2831692 - ETPRO POLICY Base64 Encoded EXE Inbound M1 (policy.rules)
 2831693 - ETPRO CURRENT_EVENTS Successful DHL Phish 2018-07-11
(current_events.rules)
 2831694 - ETPRO POLICY Base64 Encoded EXE Inbound M2 (policy.rules)
 2831695 - ETPRO POLICY Base64 Encoded EXE Inbound M3 (policy.rules)
 2831696 - ETPRO POLICY Base64 Encoded EXE Inbound M4 (policy.rules)
 2831697 - ETPRO POLICY Base64 Encoded EXE Inbound M5 (policy.rules)
 2831698 - ETPRO POLICY Base64 Encoded EXE Inbound M6 (policy.rules)
 2831699 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2018-07-11 (current_events.rules)
 2831700 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2018-07-11
(current_events.rules)
 2831701 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-07-11
(current_events.rules)
 2831702 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-07-11
(current_events.rules)
 2831703 - ETPRO NETBIOS Microsoft Windows RRAS SMB Remote Code Execution
(netbios.rules)
 2831704 - ETPRO CURRENT_EVENTS Successful Caisse d'Epargne Phish M1
2018-07-11 (current_events.rules)
 2831705 - ETPRO CURRENT_EVENTS Successful Caisse d'Epargne Phish M2
2018-07-11 (current_events.rules)
 2831706 - ETPRO MOBILE_MALWARE Android.Trojan.MisoSMS.A Reporting
Infection via SMTP (mobile_malware.rules)
 2831707 - ETPRO WEB_SPECIFIC_APPS Dicoogle PACS 2.5.0 - Directory
Traversal (web_specific_apps.rules)
 2831708 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-11 1) (trojan.rules)
 2831709 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-11 2) (trojan.rules)
 2831710 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-11 3) (trojan.rules)
 2831711 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-11 4) (trojan.rules)
 2831712 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-11 5) (trojan.rules)
 2831713 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-11 6) (trojan.rules)
 2831714 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-11 7) (trojan.rules)
 2831715 - ETPRO EXPLOIT IBM QRadar SIEM Unauthenticated Remote Code
Execution (exploit.rules)
 2831716 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-11 8) (trojan.rules)
 2831717 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-11 9) (trojan.rules)
 2831718 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-11 10) (trojan.rules)
 2831719 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-11 11) (trojan.rules)
 2831720 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-11 12) (trojan.rules)
 2831721 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-11 13) (trojan.rules)
 2831722 - ETPRO TROJAN Korozya Miner CnC Activity (trojan.rules)
 2831723 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-07-11)
(trojan.rules)
 2831724 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-07-11
2) (trojan.rules)


[///]     Modified active rules:     [///]

 2021747 - ET TROJAN Win32.Spy/TVRat Checkin (trojan.rules)
 2024217 - ET EXPLOIT Possible ETERNALBLUE MS17-010 Heap Spray
(exploit.rules)
 2025648 - ET CURRENT_EVENTS [eSentire] Adobe Phishing Landing 2018-07-04
(current_events.rules)
 2821591 - ETPRO TROJAN Win32.Spy/TVRat Checkin 2 (trojan.rules)
 2827448 - ETPRO WEB_CLIENT Adobe Reader Memory Corruption (CVE-2017-3122,
CVE-2018-4965) (web_client.rules)
 2829620 - ETPRO TROJAN Chthonic CnC Beacon Generic M1 (trojan.rules)
 2830344 - ETPRO TROJAN LokiBot PowerShell Downloader User-Agent (USR-KL)
(trojan.rules)
 2831193 - ETPRO EXPLOIT Flash Player Integer Overflow Inbound
(CVE-2018-5000) (exploit.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20180711/b3f8877b/attachment.html>


More information about the Emerging-updates mailing list