[Emerging-updates] Daily Ruleset Update Summary 2018/06/12

Travis Green tgreen at emergingthreats.net
Tue Jun 12 13:26:34 HDT 2018


[***]            Summary:            [***]

3 new Open, 39 new Pro (3 + 36). MAPP, Win32/Backdoor.Androm.pzng, MalDoc
SSL Certs, MSIL/CoinMiner.AEF, Various Mobile, Phishing.

April MAPP Coverage:
2831251 => CVE-2018-4945
2831252 => CVE-2018-5000
2831253 => CVE-2018-5001


[+++]          Added rules:          [+++]

Open:

 2025588 - ET CURRENT_EVENTS Possible Successful Generic Phish (set)
2018-06-11 (current_events.rules)
 2025589 - ET MALWARE WiseCleaner Installed (PUA) (malware.rules)
 2025590 - ET MALWARE Antibody Software Installed (PUA) (malware.rules)

Pro:

 2831221 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-06-11
(current_events.rules)
 2831222 - ETPRO CURRENT_EVENTS Successful Poloniex Phish 2018-06-11
(current_events.rules)
 2831223 - ETPRO CURRENT_EVENTS Successful Generic Phish - Observed in
OneDrive Phishing 2018-06-11 (current_events.rules)
 2831224 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish
2018-06-11 (current_events.rules)
 2831225 - ETPRO CURRENT_EVENTS Successful Generic Phish - Observed in
Netflix Phishing 2018-06-11 (current_events.rules)
 2831226 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
364 (mobile_malware.rules)
 2831227 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2018-06-12) (current_events.rules)
 2831228 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2018-06-12 2) (current_events.rules)
 2831229 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2018-06-12 3 Domain
(chemstride .com in TLS SNI) (current_events.rules)
 2831230 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2018-06-12 4) (current_events.rules)
 2831231 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2018-06-12 5 Domain
(morgannancy001 .000webhostapp .com in TLS SNI) (current_events.rules)
 2831232 - ETPRO TROJAN Observed Malicious SSL Cert (LockPOS CnC)
(trojan.rules)
 2831233 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2018-06-12 6) (current_events.rules)
 2831234 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2018-06-12 7) (current_events.rules)
 2831235 - ETPRO TROJAN Win32/TrojanDownloader.Autoit.OLY (trojan.rules)
 2831236 - ETPRO TROJAN MSIL/CoinMiner.AEF CnC Checkin (trojan.rules)
 2831237 - ETPRO TROJAN Win32/Backdoor.Androm.pzng Keep-Alive (Outbound)
(trojan.rules)
 2831238 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-12 1) (trojan.rules)
 2831239 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-12 2) (trojan.rules)
 2831240 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-12 3) (trojan.rules)
 2831241 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-12 4) (trojan.rules)
 2831242 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-12 5) (trojan.rules)
 2831243 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-12 6) (trojan.rules)
 2831244 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-12 7) (trojan.rules)
 2831245 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-12 8) (trojan.rules)
 2831246 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-12 9) (trojan.rules)
 2831247 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-12 10) (trojan.rules)
 2831248 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-12 11) (trojan.rules)
 2831249 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-12 12) (trojan.rules)
 2831250 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-12 13) (trojan.rules)
 2831251 - ETPRO EXPLOIT Flash Player Type Confusion (CVE-2018-4945)
(exploit.rules)
 2831252 - ETPRO EXPLOIT Flash Player Integer Overflow Inbound
(CVE-2018-5000) (exploit.rules)
 2831253 - ETPRO EXPLOIT Flash Player OOB Read (CVE-2018-5001)
(exploit.rules)


[///]     Modified active rules:     [///]

 2011341 - ET TROJAN Suspicious POST With Reference to WINDOWS Folder
Possible Malware Infection (trojan.rules)
 2018876 - ET POLICY DNS Query to .onion proxy Domain (onion.cab)
(policy.rules)
 2025221 - ET TROJAN Malicious Chrome Extension Click Fraud Activity via
Websocket (trojan.rules)
 2823937 - ETPRO CURRENT_EVENTS Successful Generic Phish (302) Dec 16 2016
(current_events.rules)
 2829000 - ETPRO TROJAN FormBook CnC Checkin (GET) (trojan.rules)
 2831209 - ETPRO TROJAN Win32/Emotet CnC Checkin (POST) (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20180612/ca17a154/attachment.html>


More information about the Emerging-updates mailing list