[Emerging-updates] Daily Ruleset Update Summary 2018/07/23

Travis Green tgreen at emergingthreats.net
Mon Jul 23 13:25:49 HDT 2018


[***]            Summary:            [***]

6 new Open, 34 new Pro (6 + 28). JS Sniffer, AZORult Variant.4,
SurveyLocker, Various Phish, Mobile.

Thanks: @James_inthe_box


[+++]          Added rules:          [+++]

Open:

 2025880 - ET CURRENT_EVENTS Volexity – JS Sniffer Data Theft Beacon
Detected (current_events.rules)
 2025881 - ET CURRENT_EVENTS JS Sniffer Framework Sending to CnC
(current_events.rules)
 2025882 - ET EXPLOIT MVPower DVR Shell UCE MSF Check (exploit.rules)
 2025883 - ET EXPLOIT MVPower DVR Shell UCE (exploit.rules)
 2025884 - ET EXPLOIT Multiple CCTV-DVR Vendors RCE (exploit.rules)
 2025885 - ET TROJAN AZORult Variant.4 Checkin (trojan.rules)

Pro:

 2831925 - ETPRO USER_AGENTS Suspicious User-Agent (MyUserAgent)
(user_agents.rules)
 2831926 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.BPU Variant
Requesting Config (mobile_malware.rules)
 2831927 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.BPU Receiving
Config Including Payload Address (mobile_malware.rules)
 2831928 - ETPRO TROJAN NSIS/Alina Checkin 3 (trojan.rules)
 2831929 - ETPRO MOBILE_MALWARE Android/Agent.AHU CnC Checkin
(mobile_malware.rules)
 2831930 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
374 (mobile_malware.rules)
 2831931 - ETPRO MOBILE_MALWARE AndroidOS/Agent.CH CnC Beacon
(mobile_malware.rules)
 2831932 - ETPRO TROJAN Win32/CoinMiner.Downloader Retreiving Payloads and
Configs (trojan.rules)
 2831933 - ETPRO MOBILE_MALWARE AndroidOS/Shenghuo CnC Beacon
(mobile_malware.rules)
 2831934 - ETPRO MOBILE_MALWARE AndroidOS/ParaLoan CnC Beacon
(mobile_malware.rules)
 2831935 - ETPRO MOBILE_MALWARE Android-Trojan/Downloader.907ce Checkin
(mobile_malware.rules)
 2831936 - ETPRO TROJAN AZORult Variant.4 XORed Download (trojan.rules)
 2831937 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-23 1) (trojan.rules)
 2831938 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-23 2) (trojan.rules)
 2831939 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-23 3) (trojan.rules)
 2831940 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-23 4) (trojan.rules)
 2831941 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-23 5) (trojan.rules)
 2831942 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-23 6) (trojan.rules)
 2831943 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-23 7) (trojan.rules)
 2831944 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-23 8) (trojan.rules)
 2831945 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-23 9) (trojan.rules)
 2831946 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-23 10) (trojan.rules)
 2831947 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-23 11) (trojan.rules)
 2831948 - ETPRO CURRENT_EVENTS MalDoc Requesting Ursnif Payload M1
2018-07-23 (current_events.rules)
 2831949 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-23 12) (trojan.rules)
 2831950 - ETPRO CURRENT_EVENTS MalDoc Requesting Ursnif Payload M2
2018-07-23 (current_events.rules)
 2831951 - ETPRO TROJAN SurveyLocker Activity (trojan.rules)
 2831952 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7/Carbanak CnC)
(trojan.rules)


[///]     Modified active rules:     [///]

 2810276 - ETPRO TROJAN Azorult CnC Beacon (trojan.rules)



-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20180723/d20b5cb0/attachment.html>


More information about the Emerging-updates mailing list