[Emerging-updates] Daily Ruleset Update Summary 2018/07/18

Travis Green tgreen at emergingthreats.net
Wed Jul 18 13:02:27 HDT 2018


[***]            Summary:            [***]

23 new Pro. SocEng Redirec, MSIL/Unk.BroswerStealer, Various Phish, Mobile.


[+++]          Added rules:          [+++]

 2831859 - ETPRO TROJAN Powershell Commands Determining OS and Downloading
Additional Powershell (trojan.rules)
 2831860 - ETPRO TROJAN Zeus Panda SSL/TLS Certificate Observed
(trojan.rules)
 2831861 - ETPRO CURRENT_EVENTS SocEng Redirect Chain - Evil Keitaro
Set-Cookie Inbound (846bd) (current_events.rules)
 2831862 - ETPRO CURRENT_EVENTS Successful Generic Res Phish 2018-07-18
(current_events.rules)
 2831863 - ETPRO TROJAN Win32/Troibomb.B CnC Beacon (trojan.rules)
 2831864 - ETPRO CURRENT_EVENTS Successful Made in China Phish 2018-07-18
(current_events.rules)
 2831865 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-07-18
(current_events.rules)
 2831866 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-07-18
(current_events.rules)
 2831867 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-07-18
(current_events.rules)
 2831868 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2018-07-18
(current_events.rules)
 2831869 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-07-18
(current_events.rules)
 2831870 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-07-18
(current_events.rules)
 2831871 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-07-18
(current_events.rules)
 2831872 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2018-07-18
(current_events.rules)
 2831873 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-18 1) (trojan.rules)
 2831874 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-18 2) (trojan.rules)
 2831875 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-18 3) (trojan.rules)
 2831876 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-18 4) (trojan.rules)
 2831877 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-18 5) (trojan.rules)
 2831878 - ETPRO TROJAN MSIL/Unk.BroswerStealer CnC Exfil (trojan.rules)
 2831879 - ETPRO MOBILE_MALWARE Android Riskware ComicDim CnC Beacon
(mobile_malware.rules)
 2831880 - ETPRO MOBILE_MALWARE Android.Trojan.PjApps.A CnC Beacon
(mobile_malware.rules)
 2831881 - ETPRO MOBILE_MALWARE PUP Android/Autoins.C CnC Beacon
(mobile_malware.rules)


[///]     Modified active rules:     [///]

 2021697 - ET TROJAN EXE Download Request To Wordpress Folder Likely
Malicious (trojan.rules)
 2025392 - ET TROJAN QRat.Java.RAT Checkin Response (trojan.rules)
 2025719 - ET POLICY Powershell Activity Over SMB - Likely Lateral Movement
(policy.rules)
 2025720 - ET POLICY Powershell Command With Hidden Window Argument Over
SMB - Likely Lateral Movement (policy.rules)
 2025721 - ET POLICY Powershell Command With Encoded Argument Over SMB -
Likely Lateral Movement (policy.rules)
 2025722 - ET POLICY Powershell Command With No Profile Argument Over SMB -
Likely Lateral Movement (policy.rules)
 2025723 - ET POLICY Powershell Command With Execution Bypass Argument Over
SMB - Likely Lateral Movement (policy.rules)
 2025724 - ET POLICY Powershell Command With NonInteractive Argument Over
SMB - Likely Lateral Movement (policy.rules)
 2025725 - ET POLICY RunDll Request Over SMB - Likely Lateral Movement
(policy.rules)
 2025726 - ET POLICY WMIC WMI Request Over SMB - Likely Lateral Movement
(policy.rules)
 2823937 - ETPRO CURRENT_EVENTS Successful Generic Phish (302) Dec 16 2016
(current_events.rules)
 2830811 - ETPRO TROJAN Possible Qbot SSL Cert (trojan.rules)
 2831446 - ETPRO CURRENT_EVENTS SocEng Redirect Chain - Evil Keitaro
Set-Cookie Inbound (529a0) (current_events.rules)


[---]         Removed rules:         [---]

 2022239 - ET TROJAN EXE Download Request To Wordpress Folder Likely
Malicious (trojan.rules)
 2812818 - ETPRO TROJAN Backdoor.Telnneru CnC Beacon (INBOUND) 3
(trojan.rules)



-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20180718/0841cfff/attachment.html>


More information about the Emerging-updates mailing list