[Emerging-updates] Daily Ruleset Update Summary 2018/06/27

Jason Williams jwilliams at emergingthreats.net
Wed Jun 27 12:50:08 HDT 2018


[***]            Summary:            [***]

1 new Open, 19 new Pro (1 + 18). TP-Link Auth Bypass, Android Hiddad APK,
Various Phish

[+++]          Added rules:          [+++]

Open:

  2025630 - ET CURRENT_EVENTS Successful Generic Phish 2018-06-27 (set)
(current_events.rules)

Pro:

  2831439 - ETPRO EXPLOIT TP-Link TL-WR840N/TL-WR841N - Authentication
Bypass (GET conf.bin) (exploit.rules)
  2831440 - ETPRO EXPLOIT TP-Link TL-WR840N/TL-WR841N - Authentication
Bypass (Add Port Forwarding) (exploit.rules)
  2831441 - ETPRO EXPLOIT TP-Link TL-WR840N/TL-WR841N - Authentication
Bypass (Reboot Router) (exploit.rules)
  2831442 - ETPRO EXPLOIT TP-Link TL-WR840N/TL-WR841N - Authentication
Bypass (Enable Guest Network) (exploit.rules)
  2831443 - ETPRO EXPLOIT TP-Link TL-WR840N/TL-WR841N - Authentication
Bypass (DMZ enable and Disable) (exploit.rules)
  2831444 - ETPRO EXPLOIT TP-Link TL-WR840N/TL-WR841N - Authentication
Bypass (WiFi Password Change) (exploit.rules)
  2831445 - ETPRO CURRENT_EVENTS Evil Keitaro Cookie Flowbit Set
(current_events.rules)
  2831446 - ETPRO CURRENT_EVENTS SocEng Redirect Chain - Evil Keitaro
Set-Cookie Inbound (529a0) (current_events.rules)
  2831447 - ETPRO MOBILE_MALWARE Android/Hiddad.OG Requesting APK
(mobile_malware.rules)
  2831448 - ETPRO MOBILE_MALWARE Android/Hiddad.OG Requesting APK 2
(mobile_malware.rules)
  2831449 - ETPRO MOBILE_MALWARE Android/Hiddad.OG Requesting APK 3
(mobile_malware.rules)
  2831450 - ETPRO MOBILE_MALWARE Android/Clicker.JV CnC Beacon 2
(mobile_malware.rules)
  2831451 - ETPRO EXPLOIT D-Link DSL-2750B - OS Command Injection
(exploit.rules)
  2831452 - ETPRO WEB_SPECIFIC_APPS Wordpress Arbitrary File Deletion 1
(web_specific_apps.rules)
  2831453 - ETPRO WEB_SPECIFIC_APPS Wordpress Arbitrary File Deletion 2
(web_specific_apps.rules)
  2831454 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2018-06-27
(current_events.rules)
  2831456 - ETPRO WEB_SPECIFIC_APPS Blind Server-Side Request Forgery
(web_specific_apps.rules)
  2831457 - ETPRO CURRENT_EVENTS Successful Generic Personalized Phish
2018-06-27 (current_events.rules)


[///]     Modified active rules:     [///]

Open:

  2014381 - ET POLICY HTTP HEAD invalid method case outbound (policy.rules)
  2022647 - ET TROJAN Cryptolocker Payment Domain (3qbyaoohkcqkzrz6)
(trojan.rules)

Pro:

  2804850 - ETPRO TROJAN Trojan.Win32.Scar.fgcf CnC Traffic (trojan.rules)
  2826185 - ETPRO TROJAN ABUSE.CH TorrentLocker Payment Domain
(2ymh2gnnbg6pgq2r) (trojan.rules)
  2829105 - ETPRO TROJAN NSIS/Unk.Dropper Downloading Monero Coinminer EXE
(trojan.rules)
  2831037 - ETPRO MOBILE_MALWARE Android/TeleRAT Info Exfil via Telegram
API 1 (mobile_malware.rules)
  2831038 - ETPRO MOBILE_MALWARE Android/TeleRAT Info Exfil via Telegram
API 2 (mobile_malware.rules)
  2831039 - ETPRO MOBILE_MALWARE Android/TeleRAT Info Exfil via Telegram
API 3 (mobile_malware.rules)
  2831040 - ETPRO MOBILE_MALWARE Android/TeleRAT Info Exfil via Telegram
API 4 (mobile_malware.rules)
  2831041 - ETPRO MOBILE_MALWARE Android/TeleRAT Info Exfil via Telegram
API 5 (mobile_malware.rules)
  2831042 - ETPRO MOBILE_MALWARE Android/TeleRAT Info Exfil via Telegram
API 6 (mobile_malware.rules)
  2831043 - ETPRO MOBILE_MALWARE Android/TeleRAT Info Exfil via Telegram
API 7 (mobile_malware.rules)
  2831327 - ETPRO MOBILE_MALWARE Android/TeleRAT Info Exfil via Telegram
API 8 (mobile_malware.rules)
  2831328 - ETPRO MOBILE_MALWARE Android/TeleRAT Info Exfil via Telegram
API 9 (mobile_malware.rules)
  2831425 - ETPRO WEB_SPECIFIC_APPS Joomla Component Ek rishta 2.10 - SQL
Injection 1 (web_specific_apps.rules)
  2831429 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2018-06-26 1) (current_events.rules)

[---]         Removed rules:         [---]

  2820687 - ETPRO MOBILE_MALWARE Android Unknown Trojan SMS Exfiltration
(mobile_malware.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20180627/67e182d0/attachment.html>


More information about the Emerging-updates mailing list