[Emerging-updates] Daily Ruleset Update Summary 2018/07/12

Travis Green tgreen at emergingthreats.net
Thu Jul 12 12:13:24 HDT 2018


[***]            Summary:            [***]

28 new Pro. MSIL/BoseBot, Win32.Kolovorot, Win32/RovnixLoader, Various
Phish.


[+++]          Added rules:          [+++]

Pro:

 2831725 - ETPRO WEB_SPECIFIC_APPS cmd powershell base64 encoded to Web
Server 1 (web_specific_apps.rules)
 2831726 - ETPRO WEB_SPECIFIC_APPS cmd powershell base64 encoded to Web
Server 2 (web_specific_apps.rules)
 2831727 - ETPRO WEB_SPECIFIC_APPS cmd powershell base64 encoded to Web
Server 3 (web_specific_apps.rules)
 2831728 - ETPRO WEB_SPECIFIC_APPS GitStack - Unsanitized Argument Remote
Code Execution (web_specific_apps.rules)
 2831729 - ETPRO EXPLOIT ZyXEL PK5001Z Backdoor Account Used By HNS Inbound
(CVE-2016-10401) (exploit.rules)
 2831730 - ETPRO TROJAN Win32/RovnixLoader Checkin M2 (trojan.rules)
 2831731 - ETPRO MALWARE PUP.W32.Regaid.KR Checkin via MySQL (malware.rules)
 2831732 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Phish
2018-07-12 (current_events.rules)
 2831733 - ETPRO CURRENT_EVENTS Successful Fedex Phish 2018-07-12
(current_events.rules)
 2831734 - ETPRO CURRENT_EVENTS Successful International Card Services
Phish 2018-07-12 (current_events.rules)
 2831735 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-07-12
(current_events.rules)
 2831736 - ETPRO CURRENT_EVENTS Successful Banco do Estado de Sergipe S.A.
Phish 2018-07-12 (current_events.rules)
 2831737 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-07-12
(current_events.rules)
 2831738 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2018-07-12
(current_events.rules)
 2831739 - ETPRO TROJAN Win32.Kolovorot Checkin M1 (trojan.rules)
 2831740 - ETPRO CURRENT_EVENTS Successful Possible Excel Online Phish
2018-07-12 (current_events.rules)
 2831741 - ETPRO CURRENT_EVENTS Successful TSB Banking Phish 2018-07-12
(current_events.rules)
 2831742 - ETPRO CURRENT_EVENTS Successful Bank Austria Phish 2018-07-12
(current_events.rules)
 2831743 - ETPRO CURRENT_EVENTS Successful Stripe Banking Phish 2018-07-12
(current_events.rules)
 2831744 - ETPRO EXPLOIT SAP NetWeaver AS JAVA CRM - Log injection Remote
Command Execution (exploit.rules)
 2831745 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-07-12)
(trojan.rules)
 2831746 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-12 1) (trojan.rules)
 2831747 - ETPRO TROJAN MSIL/BoseBot CnC Checkin (trojan.rules)
 2831748 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-12 2) (trojan.rules)
 2831749 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-12 3) (trojan.rules)
 2831750 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-12 4) (trojan.rules)
 2831751 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-12 5) (trojan.rules)
 2831752 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-12 6) (trojan.rules)


[///]     Modified active rules:     [///]

 2022658 - ET CURRENT_EVENTS Possible Malicious Macro DL EXE Feb 2016
(WinHTTPRequest) (current_events.rules)
 2808245 - ETPRO TROJAN Win32.Agent.agpdx Checkin (trojan.rules)
 2830220 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2018-04-02 (current_events.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20180712/b487dfe4/attachment.html>


More information about the Emerging-updates mailing list