[Emerging-updates] Daily Ruleset Update Summary 2018/06/07

Travis Green tgreen at emergingthreats.net
Thu Jun 7 12:10:20 HDT 2018


[***]            Summary:            [***]

14 new Pro. CVE-2018-5002, Meterpreter over TCP DNS, Various Phish.


[+++]          Added rules:          [+++]

2828823 - ETPRO INFO Suspicious Terse SSL Cert (Observed used by Powershell
Empire) (info.rules)
2831178 - ETPRO TROJAN SSL/TLS Certificate Observed (Ursnif) (trojan.rules)
2831179 - ETPRO TROJAN Observed Meterpreter Communications over TCP DNS
(trojan.rules)
2831180 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2018-06-07 Domain (www
.dfib .net in TLS SNI) (current_events.rules)
2831181 - ETPRO EXPLOIT Flash Player OOB Write (CVE-2018-5002)
(exploit.rules)
2831182 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2018-06-07 2) (current_events.rules)
2831183 - ETPRO TROJAN Observed Malicious SSL Cert (URLZone/Ursnif CnC)
(trojan.rules)
2831184 - ETPRO CURRENT_EVENTS Successful Apple Phish 2018-06-07
(current_events.rules)
2831185 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-07 1) (trojan.rules)
2831186 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-07 2) (trojan.rules)
2831187 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-07 3) (trojan.rules)
2831188 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-07 4) (trojan.rules)
2831189 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-07 5) (trojan.rules)
2831190 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2018-06-07 (current_events.rules)


[///]     Modified active rules:     [///]

2014726 - ET POLICY Outdated Flash Version M1 (policy.rules)
2024379 - ET POLICY Outdated Flash Version M2 (policy.rules)
2402000 - ET DROP Dshield Block Listed Source group 1 (dshield.rules)
2403300 - ET CINS Active Threat Intelligence Poor Reputation IP group 1
(ciarmy.rules)
2403301 - ET CINS Active Threat Intelligence Poor Reputation IP group 2
(ciarmy.rules)
2403302 - ET CINS Active Threat Intelligence Poor Reputation IP group 3
(ciarmy.rules)
2403303 - ET CINS Active Threat Intelligence Poor Reputation IP group 4
(ciarmy.rules)
2403304 - ET CINS Active Threat Intelligence Poor Reputation IP group 5
(ciarmy.rules)
2403305 - ET CINS Active Threat Intelligence Poor Reputation IP group 6
(ciarmy.rules)
2403306 - ET CINS Active Threat Intelligence Poor Reputation IP group 7
(ciarmy.rules)
2403307 - ET CINS Active Threat Intelligence Poor Reputation IP group 8
(ciarmy.rules)
2403308 - ET CINS Active Threat Intelligence Poor Reputation IP group 9
(ciarmy.rules)
2403309 - ET CINS Active Threat Intelligence Poor Reputation IP group 10
(ciarmy.rules)
2403310 - ET CINS Active Threat Intelligence Poor Reputation IP group 11
(ciarmy.rules)
2403311 - ET CINS Active Threat Intelligence Poor Reputation IP group 12
(ciarmy.rules)
2403312 - ET CINS Active Threat Intelligence Poor Reputation IP group 13
(ciarmy.rules)
2403313 - ET CINS Active Threat Intelligence Poor Reputation IP group 14
(ciarmy.rules)
2403314 - ET CINS Active Threat Intelligence Poor Reputation IP group 15
(ciarmy.rules)
2403315 - ET CINS Active Threat Intelligence Poor Reputation IP group 16
(ciarmy.rules)
2403316 - ET CINS Active Threat Intelligence Poor Reputation IP group 17
(ciarmy.rules)
2403317 - ET CINS Active Threat Intelligence Poor Reputation IP group 18
(ciarmy.rules)
2403318 - ET CINS Active Threat Intelligence Poor Reputation IP group 19
(ciarmy.rules)
2403319 - ET CINS Active Threat Intelligence Poor Reputation IP group 20
(ciarmy.rules)
2403320 - ET CINS Active Threat Intelligence Poor Reputation IP group 21
(ciarmy.rules)
2403321 - ET CINS Active Threat Intelligence Poor Reputation IP group 22
(ciarmy.rules)
2403322 - ET CINS Active Threat Intelligence Poor Reputation IP group 23
(ciarmy.rules)
2403323 - ET CINS Active Threat Intelligence Poor Reputation IP group 24
(ciarmy.rules)
2403324 - ET CINS Active Threat Intelligence Poor Reputation IP group 25
(ciarmy.rules)
2403325 - ET CINS Active Threat Intelligence Poor Reputation IP group 26
(ciarmy.rules)
2403326 - ET CINS Active Threat Intelligence Poor Reputation IP group 27
(ciarmy.rules)
2403327 - ET CINS Active Threat Intelligence Poor Reputation IP group 28
(ciarmy.rules)
2403328 - ET CINS Active Threat Intelligence Poor Reputation IP group 29
(ciarmy.rules)
2403329 - ET CINS Active Threat Intelligence Poor Reputation IP group 30
(ciarmy.rules)
2403330 - ET CINS Active Threat Intelligence Poor Reputation IP group 31
(ciarmy.rules)
2403331 - ET CINS Active Threat Intelligence Poor Reputation IP group 32
(ciarmy.rules)
2403332 - ET CINS Active Threat Intelligence Poor Reputation IP group 33
(ciarmy.rules)
2403333 - ET CINS Active Threat Intelligence Poor Reputation IP group 34
(ciarmy.rules)
2403334 - ET CINS Active Threat Intelligence Poor Reputation IP group 35
(ciarmy.rules)
2403335 - ET CINS Active Threat Intelligence Poor Reputation IP group 36
(ciarmy.rules)
2403336 - ET CINS Active Threat Intelligence Poor Reputation IP group 37
(ciarmy.rules)
2403337 - ET CINS Active Threat Intelligence Poor Reputation IP group 38
(ciarmy.rules)
2403338 - ET CINS Active Threat Intelligence Poor Reputation IP group 39
(ciarmy.rules)
2403339 - ET CINS Active Threat Intelligence Poor Reputation IP group 40
(ciarmy.rules)
2403340 - ET CINS Active Threat Intelligence Poor Reputation IP group 41
(ciarmy.rules)
2403341 - ET CINS Active Threat Intelligence Poor Reputation IP group 42
(ciarmy.rules)
2403342 - ET CINS Active Threat Intelligence Poor Reputation IP group 43
(ciarmy.rules)
2403343 - ET CINS Active Threat Intelligence Poor Reputation IP group 44
(ciarmy.rules)
2403344 - ET CINS Active Threat Intelligence Poor Reputation IP group 45
(ciarmy.rules)
2403345 - ET CINS Active Threat Intelligence Poor Reputation IP group 46
(ciarmy.rules)
2403346 - ET CINS Active Threat Intelligence Poor Reputation IP group 47
(ciarmy.rules)
2403347 - ET CINS Active Threat Intelligence Poor Reputation IP group 48
(ciarmy.rules)
2403348 - ET CINS Active Threat Intelligence Poor Reputation IP group 49
(ciarmy.rules)
2403349 - ET CINS Active Threat Intelligence Poor Reputation IP group 50
(ciarmy.rules)
2403350 - ET CINS Active Threat Intelligence Poor Reputation IP group 51
(ciarmy.rules)
2403351 - ET CINS Active Threat Intelligence Poor Reputation IP group 52
(ciarmy.rules)
2403352 - ET CINS Active Threat Intelligence Poor Reputation IP group 53
(ciarmy.rules)
2403353 - ET CINS Active Threat Intelligence Poor Reputation IP group 54
(ciarmy.rules)
2403354 - ET CINS Active Threat Intelligence Poor Reputation IP group 55
(ciarmy.rules)
2403355 - ET CINS Active Threat Intelligence Poor Reputation IP group 56
(ciarmy.rules)
2403356 - ET CINS Active Threat Intelligence Poor Reputation IP group 57
(ciarmy.rules)
2403357 - ET CINS Active Threat Intelligence Poor Reputation IP group 58
(ciarmy.rules)
2403358 - ET CINS Active Threat Intelligence Poor Reputation IP group 59
(ciarmy.rules)
2403359 - ET CINS Active Threat Intelligence Poor Reputation IP group 60
(ciarmy.rules)
2403360 - ET CINS Active Threat Intelligence Poor Reputation IP group 61
(ciarmy.rules)
2403361 - ET CINS Active Threat Intelligence Poor Reputation IP group 62
(ciarmy.rules)
2403362 - ET CINS Active Threat Intelligence Poor Reputation IP group 63
(ciarmy.rules)
2403363 - ET CINS Active Threat Intelligence Poor Reputation IP group 64
(ciarmy.rules)
2403364 - ET CINS Active Threat Intelligence Poor Reputation IP group 65
(ciarmy.rules)
2403365 - ET CINS Active Threat Intelligence Poor Reputation IP group 66
(ciarmy.rules)
2403366 - ET CINS Active Threat Intelligence Poor Reputation IP group 67
(ciarmy.rules)
2403367 - ET CINS Active Threat Intelligence Poor Reputation IP group 68
(ciarmy.rules)
2403368 - ET CINS Active Threat Intelligence Poor Reputation IP group 69
(ciarmy.rules)
2403369 - ET CINS Active Threat Intelligence Poor Reputation IP group 70
(ciarmy.rules)
2403370 - ET CINS Active Threat Intelligence Poor Reputation IP group 71
(ciarmy.rules)
2403371 - ET CINS Active Threat Intelligence Poor Reputation IP group 72
(ciarmy.rules)
2403372 - ET CINS Active Threat Intelligence Poor Reputation IP group 73
(ciarmy.rules)
2403373 - ET CINS Active Threat Intelligence Poor Reputation IP group 74
(ciarmy.rules)
2403374 - ET CINS Active Threat Intelligence Poor Reputation IP group 75
(ciarmy.rules)
2403375 - ET CINS Active Threat Intelligence Poor Reputation IP group 76
(ciarmy.rules)
2403376 - ET CINS Active Threat Intelligence Poor Reputation IP group 77
(ciarmy.rules)
2403377 - ET CINS Active Threat Intelligence Poor Reputation IP group 78
(ciarmy.rules)
2403378 - ET CINS Active Threat Intelligence Poor Reputation IP group 79
(ciarmy.rules)
2403379 - ET CINS Active Threat Intelligence Poor Reputation IP group 80
(ciarmy.rules)
2403380 - ET CINS Active Threat Intelligence Poor Reputation IP group 81
(ciarmy.rules)
2403381 - ET CINS Active Threat Intelligence Poor Reputation IP group 82
(ciarmy.rules)
2403382 - ET CINS Active Threat Intelligence Poor Reputation IP group 83
(ciarmy.rules)
2403383 - ET CINS Active Threat Intelligence Poor Reputation IP group 84
(ciarmy.rules)
2403384 - ET CINS Active Threat Intelligence Poor Reputation IP group 85
(ciarmy.rules)
2403385 - ET CINS Active Threat Intelligence Poor Reputation IP group 86
(ciarmy.rules)
2403386 - ET CINS Active Threat Intelligence Poor Reputation IP group 87
(ciarmy.rules)
2403387 - ET CINS Active Threat Intelligence Poor Reputation IP group 88
(ciarmy.rules)
2403388 - ET CINS Active Threat Intelligence Poor Reputation IP group 89
(ciarmy.rules)
2403389 - ET CINS Active Threat Intelligence Poor Reputation IP group 90
(ciarmy.rules)
2403390 - ET CINS Active Threat Intelligence Poor Reputation IP group 91
(ciarmy.rules)
2403391 - ET CINS Active Threat Intelligence Poor Reputation IP group 92
(ciarmy.rules)
2403392 - ET CINS Active Threat Intelligence Poor Reputation IP group 93
(ciarmy.rules)
2403393 - ET CINS Active Threat Intelligence Poor Reputation IP group 94
(ciarmy.rules)
2403394 - ET CINS Active Threat Intelligence Poor Reputation IP group 95
(ciarmy.rules)
2403395 - ET CINS Active Threat Intelligence Poor Reputation IP group 96
(ciarmy.rules)
2403396 - ET CINS Active Threat Intelligence Poor Reputation IP group 97
(ciarmy.rules)
2403397 - ET CINS Active Threat Intelligence Poor Reputation IP group 98
(ciarmy.rules)
2403398 - ET CINS Active Threat Intelligence Poor Reputation IP group 99
(ciarmy.rules)
2403399 - ET CINS Active Threat Intelligence Poor Reputation IP group 100
(ciarmy.rules)
2405000 - ET CNC Shadowserver Reported CnC Server Port 80 Group 1
(botcc.portgrouped.rules)
2405001 - ET CNC Shadowserver Reported CnC Server Port 81 Group 1
(botcc.portgrouped.rules)
2405002 - ET CNC Shadowserver Reported CnC Server Port 443 Group 1
(botcc.portgrouped.rules)
2405003 - ET CNC Shadowserver Reported CnC Server Port 1337 Group 1
(botcc.portgrouped.rules)
2405004 - ET CNC Shadowserver Reported CnC Server Port 2319 Group 1
(botcc.portgrouped.rules)
2405005 - ET CNC Shadowserver Reported CnC Server Port 4042 Group 1
(botcc.portgrouped.rules)
2405006 - ET CNC Shadowserver Reported CnC Server Port 4244 Group 1
(botcc.portgrouped.rules)
2405007 - ET CNC Shadowserver Reported CnC Server Port 6556 Group 1
(botcc.portgrouped.rules)
2405008 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 1
(botcc.portgrouped.rules)
2405009 - ET CNC Shadowserver Reported CnC Server Port 6668 Group 1
(botcc.portgrouped.rules)
2405010 - ET CNC Shadowserver Reported CnC Server Port 6768 Group 1
(botcc.portgrouped.rules)
2405011 - ET CNC Shadowserver Reported CnC Server Port 7000 Group 1
(botcc.portgrouped.rules)
2405012 - ET CNC Shadowserver Reported CnC Server Port 8585 Group 1
(botcc.portgrouped.rules)
2405013 - ET CNC Shadowserver Reported CnC Server Port 9000 Group 1
(botcc.portgrouped.rules)
2405014 - ET CNC Shadowserver Reported CnC Server Port 10324 Group 1
(botcc.portgrouped.rules)
2405015 - ET CNC Shadowserver Reported CnC Server Port 11830 Group 1
(botcc.portgrouped.rules)
2405016 - ET CNC Shadowserver Reported CnC Server Port 13001 Group 1
(botcc.portgrouped.rules)
2405017 - ET CNC Shadowserver Reported CnC Server Port 33333 Group 1
(botcc.portgrouped.rules)
2811044 - ETPRO TROJAN Unknown Checkin (trojan.rules)


[---]         Removed rules:         [---]

2828823 - ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell
Empire) (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20180607/75a56b5b/attachment-0001.html>


More information about the Emerging-updates mailing list