[Emerging-updates] Daily Ruleset Update Summary 2018/07/25

Travis Green tgreen at emergingthreats.net
Wed Jul 25 12:23:44 HDT 2018


[***]            Summary:            [***]

19 new Open, 27 new Pro (19 + 8). OilRig QUADAGENT, MSIL/Backtrap, Various
Mobile, Phishing.

Thanks: @eSentire


[+++]          Added rules:          [+++]

Open:

 2025889 - ET USER_AGENTS VPNFilter Related UA (Gemini/2.0)
(user_agents.rules)
 2025890 - ET USER_AGENTS VPNFilter Related UA (Hakai/2.0)
(user_agents.rules)
 2025891 - ET TROJAN OilRig QUADAGENT CnC Domain in SNI (trojan.rules)
 2025892 - ET TROJAN Observed Malicious SSL Cert (OilRig QUADAGENT CnC)
(trojan.rules)
 2025893 - ET CURRENT_EVENTS [eSentire] Successful 163 Webmail Phish
2018-07-25 (current_events.rules)
 2025894 - ET TROJAN OilRig QUADAGENT DNS Tunneling (trojan.rules)
 2025895 - ET MOBILE_MALWARE Android Golden Rat Checkin
(mobile_malware.rules)
 2025896 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 6 (mobile_malware.rules)
 2025897 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 7 (mobile_malware.rules)
 2025898 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 8 (mobile_malware.rules)
 2025899 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 9 (mobile_malware.rules)
 2025900 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 10
(mobile_malware.rules)
 2025901 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 11
(mobile_malware.rules)
 2025902 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 12
(mobile_malware.rules)
 2025903 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 13
(mobile_malware.rules)
 2025904 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 14
(mobile_malware.rules)
 2025905 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 15
(mobile_malware.rules)
 2025906 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 16
(mobile_malware.rules)
 2025907 - ET EXPLOIT Oracle WebLogic Unrestricted File Upload
(CVE-2018-2894) (exploit.rules)

Pro:

 2831960 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.IT Variant CnC Checkin
(mobile_malware.rules)
 2831961 - ETPRO POLICY Observed External IP Lookup (api.ipstack .com)
(policy.rules)
 2831962 - ETPRO TROJAN Ursnif Variant CnC Beacon 8 M1 (trojan.rules)
 2831963 - ETPRO TROJAN Ursnif Variant CnC Beacon 8 M2 (trojan.rules)
 2831964 - ETPRO TROJAN MSIL/Backtrap Checkin via MySQL (trojan.rules)
 2831965 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-25 1) (trojan.rules)
 2831966 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-25 2) (trojan.rules)
 2831967 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-25 3) (trojan.rules)


[///]     Modified active rules:     [///]

 2831817 - ETPRO CURRENT_EVENTS Likely Malicious JS Inbound
(current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20180725/0c98ebe7/attachment.html>


More information about the Emerging-updates mailing list