[Emerging-updates] Daily Ruleset Update Summary 2018/07/13

Travis Green tgreen at emergingthreats.net
Fri Jul 13 12:46:26 HDT 2018


[***]            Summary:            [***]

1 new Open, 20 new Pro (1 + 19). W32/Vemply.A, Shrug Ransomware, Various
Exploit, Phish.


[+++]          Added rules:          [+++]

Open:

 2025695 - ET SHELLCODE Execve(/bin/sh) Shellcode (shellcode.rules)

Pro:

 2831753 - ETPRO TROJAN W32.WooDconn.KR Checkin (trojan.rules)
 2831754 - ETPRO TROJAN W32/Vemply.A Checkin via MySQL (trojan.rules)
 2831755 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-12 1) (trojan.rules)
 2831756 - ETPRO EXPLOIT Adobe Coldfusion BlazeDS Java Object
Deserialization Remote Code Execution (exploit.rules)
 2831757 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-12 2) (trojan.rules)
 2831758 - ETPRO CURRENT_EVENTS Successful Paypal Credit Card Phish
2018-07-13 (current_events.rules)
 2831759 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2018-07-13
(current_events.rules)
 2831760 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-12 3) (trojan.rules)
 2831761 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-12 4) (trojan.rules)
 2831762 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-12 5) (trojan.rules)
 2831763 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-12 6) (trojan.rules)
 2831764 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-07-13
(current_events.rules)
 2831765 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2018-07-13
(current_events.rules)
 2831766 - ETPRO EXPLOIT Oracle WebLogic - wls-wsat Component
Deserialization Remote Code Execution Unix (exploit.rules)
 2831767 - ETPRO EXPLOIT Oracle WebLogic - wls-wsat Component
Deserialization Remote Code Execution Windows (exploit.rules)
 2831768 - ETPRO TROJAN Win32.Banker.Banbra.ss Checkin (trojan.rules)
 2831769 - ETPRO TROJAN Possible Shrug Ransomware Checkin (trojan.rules)
 2831770 - ETPRO USER_AGENTS Suspicious UA (IP Retriever)
(user_agents.rules)
 2831771 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2018-07-13) (current_events.rules)


[///]     Modified active rules:     [///]

 2831402 - ETPRO TROJAN MSIL/Predator Stealer CnC Checkin/Exfil
(trojan.rules)


[---]         Removed rules:         [---]

 2811900 - ETPRO CURRENT_EVENTS Google Drive Phishing Landing Jul 10 2015
(current_events.rules)
 2812158 - ETPRO CURRENT_EVENTS Google Drive Phishing Landing Jul 24 2015
(current_events.rules)
 2812351 - ETPRO CURRENT_EVENTS Generic Credential Phishing Landing Aug 11
2015 (current_events.rules)
 2812511 - ETPRO CURRENT_EVENTS Bank of America Phishing Landing Aug 19
2015 (current_events.rules)
 2813009 - ETPRO CURRENT_EVENTS DHL Phish Landing Sept 14 2015
(current_events.rules)
 2814526 - ETPRO CURRENT_EVENTS Chase Account Phish Landing Oct 22
(current_events.rules)
 2814527 - ETPRO CURRENT_EVENTS AES Crypto Observed in Javascript -
Possible Phishing Landing (current_events.rules)
 2814780 - ETPRO CURRENT_EVENTS Google Drive Phishing Landing Nov 6 2015 M1
(current_events.rules)
 2814781 - ETPRO CURRENT_EVENTS Google Drive Phishing Landing Nov 6 2015 M2
(current_events.rules)
 2815112 - ETPRO CURRENT_EVENTS Excel/Adobe Online Phishing Landing Nov 25
2015 (current_events.rules)
 2815145 - ETPRO CURRENT_EVENTS Possible Chase Phishing Landing - Title
over non SSL (current_events.rules)
 2815494 - ETPRO CURRENT_EVENTS AES Crypto Observed in Javascript -
Possible Phishing Landing M1 Dec 28 2015 (current_events.rules)
 2815660 - ETPRO CURRENT_EVENTS Suspicious Wordpress Redirect - Possible
Phishing Landing Jan 7 2016 (current_events.rules)
 2816313 - ETPRO CURRENT_EVENTS Chalbhai Phishing Landing Feb 18 2016
(current_events.rules)
 2820239 - ETPRO CURRENT_EVENTS Mailbox Update Phishing Landing M1 May 16
(current_events.rules)
 2820240 - ETPRO CURRENT_EVENTS Mailbox Update Phishing Landing M2 May 16
(current_events.rules)
 2821394 - ETPRO CURRENT_EVENTS Wells Fargo Mobile Phishing Landing Aug 1
(current_events.rules)
 2821824 - ETPRO CURRENT_EVENTS Possible Office 365 Phishing Landing Aug 24
2016 (current_events.rules)
 2821881 - ETPRO INFO Suspicious Dropbox Page - Possible Phishing Landing
(info.rules)
 2821883 - ETPRO INFO Suspicious Google Docs Page - Possible Phishing
Landing (info.rules)
 2821956 - ETPRO CURRENT_EVENTS Google Drive Phish Landing Sept 1 2016
(current_events.rules)
 2823305 - ETPRO CURRENT_EVENTS Shared Document Phishing Landing Nov 16
2016 (current_events.rules)
 2823312 - ETPRO CURRENT_EVENTS Email Settings Error Phishing Landing Nov
16 2016 (current_events.rules)
 2823739 - ETPRO CURRENT_EVENTS Stripe Phishing Landing Dec 09 2016
(current_events.rules)
 2824923 - ETPRO CURRENT_EVENTS Apple Phishing Landing M1 Feb 13 2017
(current_events.rules)
 2824924 - ETPRO CURRENT_EVENTS Apple Phishing Landing M2 Feb 13 2017
(current_events.rules)
 2824969 - ETPRO CURRENT_EVENTS Microsoft Live External Link Phishing
Landing M2 Feb 14 2017 (current_events.rules)
 2825054 - ETPRO CURRENT_EVENTS Dropbox Shared Document Phishing Landing
Feb 21 2017 (current_events.rules)
 2825149 - ETPRO CURRENT_EVENTS Dropbox Phishing Landing Feb 27 2017
(current_events.rules)
 2825307 - ETPRO CURRENT_EVENTS Docusign Phishing Landing Mar 08 2017
(current_events.rules)
 2825445 - ETPRO CURRENT_EVENTS INTERAC Payment Multibank Phishing Landing
Mar 14 2017 (current_events.rules)
 2825485 - ETPRO CURRENT_EVENTS Microsoft Live Email Account Phishing
Landing Mar 16 2017 (current_events.rules)
 2825611 - ETPRO CURRENT_EVENTS Adobe Online Document Phishing Landing M1
Mar 25 2017 (current_events.rules)
 2826557 - ETPRO CURRENT_EVENTS Dropbox Phishing Landing May 31 2017
(current_events.rules)
 2826915 - ETPRO CURRENT_EVENTS Paypal Phishing Landing Jun 28 2017
(current_events.rules)
 2826990 - ETPRO CURRENT_EVENTS Chase Mobile Phishing Landing M2
(current_events.rules)
 2828385 - ETPRO CURRENT_EVENTS Chalbhai Phishing Landing Oct 23 2017
(current_events.rules)
 2828602 - ETPRO CURRENT_EVENTS Apple Phishing Landing Nov 10 2017
(current_events.rules)
 2828847 - ETPRO CURRENT_EVENTS Mailbox Shutdown Phishing Landing
2017-12-11 (current_events.rules)
 2829018 - ETPRO CURRENT_EVENTS Generic Financial Phish Landing 2017-12-21
(current_events.rules)
 2829266 - ETPRO CURRENT_EVENTS Generic Phishing Landing 2018-01-12
(current_events.rules)
 2830789 - ETPRO CURRENT_EVENTS Possible Chalbhai (Multibrand) Phishing
Landing 2018-05-10 (current_events.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20180713/fd5a0474/attachment.html>


More information about the Emerging-updates mailing list