[Emerging-updates] Daily Ruleset Update Summary 2018/06/29

Francis Trudeau ftrudeau at emergingthreats.net
Fri Jun 29 12:01:11 HDT 2018


 [***] Summary: [***]

 1 new Open signature, 18 new Pro (1 + 17).  Paradise Ransomware,
Drolock, VARIOUS PHISHING.

 Thanks:  @attackdetection

 [+++]          Added rules:          [+++]

 Open:

  2025631 - ET TROJAN [PTsecurity] Paradise Ransomware Check-in (trojan.rules)

 Pro:

  2831469 - ETPRO TROJAN Trojan.Agent.DAQC CnC Checkin (trojan.rules)
  2831470 - ETPRO MOBILE_MALWARE Android/Hiddad.AD CnC Beacon
(mobile_malware.rules)
  2831471 - ETPRO MOBILE_MALWARE Android/SMSreg.AIP CnC Beacon
(mobile_malware.rules)
  2831472 - ETPRO EXPLOIT Cisco Adaptive Security Appliance - Path
Traversal (exploit.rules)
  2831473 - ETPRO EXPLOIT DynoRoot DHCP - Client Command Injection
(exploit.rules)
  2831474 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.WatchMyDroid.a CnC
Beacon (mobile_malware.rules)
  2831475 - ETPRO MOBILE_MALWARE Android.Riskware.Drolock.AH CnC
Beacon (mobile_malware.rules)
  2831476 - ETPRO MOBILE_MALWARE Android.Riskware.Drolock.AH CnC
Beacon 2 (mobile_malware.rules)
  2831477 - ETPRO TROJAN Win32/Unknown.Stealer CnC Checkin (trojan.rules)
  2831478 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.Wapron.dkj CnC
Beacon (mobile_malware.rules)
  2831479 - ETPRO MOBILE_MALWARE Android.Trojan.SmsSpy.UM Checkin
(mobile_malware.rules)
  2831480 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2018-06-29 Domain
(dkb-agbs .com in TLS SNI) (current_events.rules)
  2831481 - ETPRO TROJAN MalDoc Requesting Obfuscated Payload
2018-06-29 (trojan.rules)
  2831482 - ETPRO CURRENT_EVENTS Successful ING Direct Phish M1
2018-06-29 (current_events.rules)
  2831483 - ETPRO CURRENT_EVENTS Successful ING Direct Phish M2
2018-06-29 (current_events.rules)
  2831484 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2018-06-29
(current_events.rules)
  2831485 - ETPRO EXPLOIT CloudMe Sync Buffer Overflow (exploit.rules)


 [///]     Modified active rules:     [///]

  2810600 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Honli.a
Checkin (mobile_malware.rules)


More information about the Emerging-updates mailing list