[Emerging-updates] Daily Ruleset Update Summary 2018/06/15

Travis Green tgreen at emergingthreats.net
Fri Jun 15 12:39:00 HDT 2018


[***]            Summary:            [***]

2 new Open, 13 new Pro (2 + 11). Various Phish, Various Coinminer, Various
MalDocs.


[+++]          Added rules:          [+++]

Open:

 2025593 - ET WEB_SERVER Weevely PHP backdoor detected (passthru() function
used) M2 (web_server.rules)
 2025594 - ET WEB_SERVER Weevely PHP backdoor detected (passthru() function
used) M3 (web_server.rules)

Pro:

 2831284 - ETPRO TROJAN Remcos RAT Checkin 21 (trojan.rules)
 2831285 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2018-06-15 Domain
(idontknow .moe in TLS SNI) (current_events.rules)
 2831286 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2018-06-15 2) (current_events.rules)
 2831287 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-15 1) (trojan.rules)
 2831288 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-15 2) (trojan.rules)
 2831289 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-15 3) (trojan.rules)
 2831290 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-15 4) (trojan.rules)
 2831291 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-15 5) (trojan.rules)
 2831292 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-06-15
(current_events.rules)
 2831293 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2018-06-15 (current_events.rules)
 2831294 - ETPRO TROJAN MSIL.Unfinished.RAT Checkin (trojan.rules)


[///]     Modified active rules:     [///]

 2012587 - ET TROJAN BlackshadesRAT Reporting (trojan.rules)
 2013938 - ET WEB_SERVER Weevely PHP backdoor detected (passthru() function
used) M1 (web_server.rules)
 2024792 - ET POLICY Cryptocurrency Miner Checkin (policy.rules)
 2807955 - ETPRO TROJAN Win32/Injector.Autoit.ZZ (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20180615/746d9885/attachment.html>


More information about the Emerging-updates mailing list