[Emerging-updates] Daily Ruleset Update Summary 2018/06/22

Travis Green tgreen at emergingthreats.net
Fri Jun 22 11:57:59 HDT 2018


[***]            Summary:            [***]

22 new Pro. MSIL/Predator, phpMyAdmin, W32/Chthonic, Various Mobile.


[+++]          Added rules:          [+++]

 2831382 - ETPRO TROJAN Win32/Injector.DXZc CnC Checkin (trojan.rules)
 2831383 - ETPRO EXPLOIT phpLDAPadmin LDAP Injection (exploit.rules)
 2831384 - ETPRO EXPLOIT phpMyAdmin 4.8.1 - Local File Inclusion
(exploit.rules)
 2831385 - ETPRO MOBILE_MALWARE Android/SMSreg.ZI Device Info Exfil
(mobile_malware.rules)
 2831386 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
371 (mobile_malware.rules)
 2831387 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.BJQ Checkin
(mobile_malware.rules)
 2831388 - ETPRO MOBILE_MALWARE Android.Trojan.HiddenApp.WL Checkin
(mobile_malware.rules)
 2831389 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
372 (mobile_malware.rules)
 2831390 - ETPRO TROJAN W32/Chthonic Dropping Exe (trojan.rules)
 2831391 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2018-06-22 Domain (a
.coka .la in TLS SNI) (current_events.rules)
 2831392 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2018-06-22 Domain
(promdresspromgowns .com in TLS SNI) (current_events.rules)
 2831393 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2018-06-22 Domain
(a428a4d2 .ngrok .io in TLS SNI) (current_events.rules)
 2831394 - ETPRO TROJAN W32/Chthonic CnC Domain (avaneredge .bit in DNS
Lookup) (trojan.rules)
 2831395 - ETPRO TROJAN W32/Chthonic CnC Domain (pendostan .bit in DNS
Lookup) (trojan.rules)
 2831396 - ETPRO TROJAN W32/Chthonic CnC Domain (stalinone .bit in DNS
Lookup) (trojan.rules)
 2831397 - ETPRO TROJAN W32/Chthonic CnC Domain (letit2 .bit in DNS Lookup)
(trojan.rules)
 2831398 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-22 1) (trojan.rules)
 2831399 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-22 2) (trojan.rules)
 2831400 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-22 3) (trojan.rules)
 2831401 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-22 4) (trojan.rules)
 2831402 - ETPRO TROJAN MSIL/Predator Stealer CnC Checkin/Exfil
(trojan.rules)
 2831403 - ETPRO EXPLOIT TP-Link Technologies TL-WA850RE Wi-Fi Range
Extender - Command Execution (exploit.rules)


[///]     Modified active rules:     [///]

 2022893 - ET MALWARE MSIL/Adload.AT Beacon (malware.rules)


[---]         Removed rules:         [---]

 2831323 - ETPRO MALWARE Win32/StartPage/Dotdo.Adware variant CnC Checkin
(malware.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20180622/11c398a3/attachment.html>


More information about the Emerging-updates mailing list