[Emerging-updates] Daily Ruleset Update Summary 2018/07/30

Travis Green tgreen at emergingthreats.net
Mon Jul 30 12:16:28 HDT 2018


[***]            Summary:            [***]

1 new Open, 26 new Pro (1 + 25). Win32/PredatorStealer, Aurora Ransomware,
Various Mobile, Phishing.


[+++]          Added rules:          [+++]

Open:

 2025919 - ET CURRENT_EVENTS Paypal Phishing Landing 2018-07-30
(current_events.rules)

Pro:

 2831993 - ETPRO CURRENT_EVENTS Possible Coin Miner Downloader Retrieving
EXE Payload (cpu32) (current_events.rules)
 2831994 - ETPRO CURRENT_EVENTS Possible Coin Miner Downloader Retrieving
Payload (cpu64) (current_events.rules)
 2831995 - ETPRO TROJAN Win32/PredatorStealer Sending Data to CnC
(trojan.rules)
 2831996 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-07-30
(current_events.rules)
 2831997 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Ewind.jg Device Info Exfil
(mobile_malware.rules)
 2831998 - ETPRO TROJAN Unknown APT VBS/PS/VBA Downloader (trojan.rules)
 2831999 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2018-07-30) (current_events.rules)
 2832000 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2018-07-30 2) (current_events.rules)
 2832001 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
 2832002 - ETPRO TROJAN Aurora Ransomware CnC Checkin (trojan.rules)
 2832003 - ETPRO MOBILE_MALWARE Android.Adware.Agent.KX CnC Beacon
(mobile_malware.rules)
 2832004 - ETPRO TROJAN RootService RCS CnC Activity (trojan.rules)
 2832005 - ETPRO TROJAN Win32.Neshta.a Checkin (trojan.rules)
 2832006 - ETPRO TROJAN Win32.Occamy.B Checkin (trojan.rules)
 2832007 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-30 1) (trojan.rules)
 2832008 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-30 2) (trojan.rules)
 2832009 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-30 3) (trojan.rules)
 2832010 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-30 4) (trojan.rules)
 2832011 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-30 5) (trojan.rules)
 2832012 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-30 6) (trojan.rules)
 2832013 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-30 7) (trojan.rules)
 2832014 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-30 8) (trojan.rules)
 2832015 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-30 9) (trojan.rules)
 2832016 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-30 10) (trojan.rules)
 2832017 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-30 11) (trojan.rules)


[///]     Modified active rules:     [///]

 2024108 - ET TROJAN KHRAT DragonOK DNS Lookup (inter-ctrip .com)
(trojan.rules)
 2025880 - ET CURRENT_EVENTS Volexity - JS Sniffer Data Theft Beacon
Detected (current_events.rules)
 2827749 - ETPRO TROJAN IDKEY/Ghoul Banker Checkin (trojan.rules)
 2827750 - ETPRO TROJAN IDKEY/Ghoul Banker Exfil System Info (trojan.rules)
 2830717 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-07 7) (trojan.rules)


[---]         Removed rules:         [---]


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20180730/6858031e/attachment.html>


More information about the Emerging-updates mailing list