[Emerging-updates] Daily Ruleset Update Summary 2018/11/01

Travis Green tgreen at emergingthreats.net
Thu Nov 1 12:33:00 HDT 2018


[***]            Summary:            [***]

4 new Open, 34 new Pro (4 + 30). BlackTech/PLEAD TSCookie, Possible
CVE-2018-4407, Various Phishing, Various Mobile.


[+++]          Added rules:          [+++]

Open:

 2026565 - ET TROJAN BlackTech/PLEAD TSCookie CnC Checkin M1 (trojan.rules)
 2026566 - ET MOBILE_MALWARE Android/GPlayed (sub1 .tdsworker .ru in
DNS Lookup) (mobile_malware.rules)
 2026567 - ET EXPLOIT Possible CVE-2018-4407 - Apple ICMP DoS PoC
(exploit.rules)
 2026568 - ET TROJAN BlackTech/PLEAD TSCookie CnC Checkin M2 (trojan.rules)

Pro:

 2833391 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Congur.y
Reporting Infection via SMTP (mobile_malware.rules)
 2833392 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ar
Reporting Infection via SMTP (mobile_malware.rules)
 2833393 - ETPRO MOBILE_MALWARE Android/GoldenTouch.A!tr Reporting
Infection via SMTP (mobile_malware.rules)
 2833394 - ETPRO TROJAN Win32/Banload.Downloader Variant CnC via IRC
(trojan.rules)
 2833395 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-01 1) (trojan.rules)
 2833396 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-01 2) (trojan.rules)
 2833397 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-01 3) (trojan.rules)
 2833398 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-01 4) (trojan.rules)
 2833399 - ETPRO TROJAN MSIL/TPA02 Process Listing (trojan.rules)
 2833400 - ETPRO TROJAN EvilVNC Backdoor CnC Checkin (trojan.rules)
 2833401 - ETPRO CURRENT_EVENTS MalDoc Retrieving Payload 2018-11-01
(current_events.rules)
 2833402 - ETPRO TROJAN Observed Malicious SSL Cert (Qbot CnC) (trojan.rules)
 2833403 - ETPRO CURRENT_EVENTS Successful Vodafone Phish 2018-11-01
(current_events.rules)
 2833404 - ETPRO CURRENT_EVENTS Successful Stripe Phish 2018-11-01
(current_events.rules)
 2833405 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2018-11-01
(current_events.rules)
 2833406 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2018-11-01 (current_events.rules)
 2833407 - ETPRO CURRENT_EVENTS Successful Banque Populaire Phish
2018-11-01 (current_events.rules)
 2833408 - ETPRO CURRENT_EVENTS Successful Credit Card Information
Phish 2018-11-01 (current_events.rules)
 2833409 - ETPRO CURRENT_EVENTS Successful Generic Phish 2018-11-01
(current_events.rules)
 2833410 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2018-11-01 (current_events.rules)
 2833411 - ETPRO TROJAN MSIL/Agent.QUC/Koi.Stealer Communicating with
CnC M1 (trojan.rules)
 2833413 - ETPRO CURRENT_EVENTS Invoke Obfuscated PowerShell Inbound
M1 2018-11-01 (current_events.rules)
 2833414 - ETPRO TROJAN Observed Malicious SSL Cert (RizzoRAT CnC
Domain) (trojan.rules)
 2833415 - ETPRO TROJAN MSIL/SCBP.Stealer Uploading Keylog File (trojan.rules)
 2833416 - ETPRO TROJAN MSIL/SCBP.Stealer Uploading Passwords File
(trojan.rules)
 2833417 - ETPRO TROJAN MSIL/SCBP.Stealer Reporting Successful
Password Upload (trojan.rules)
 2833418 - ETPRO TROJAN MSIL/SCBP.Stealer CnC Checkin (trojan.rules)
 2833419 - ETPRO TROJAN MSIL/SCBP.Stealer Sending Errors to CnC (Debug
Enabled) (trojan.rules)
 2833420 - ETPRO CURRENT_EVENTS Malicious Memory Inject PowerShell
Inbound 2018-11-01 (current_events.rules)
 2833421 - ETPRO CURRENT_EVENTS GreenFlash Sundown EK Landing Nov 2018
M1 (current_events.rules)


[///]     Modified active rules:     [///]



[---]  Disabled and modified rules:  [---]

 2021749 - ET CURRENT_EVENTS Possible Upatre/Dyre/Kegotip SSL Cert
Sept 8 2015 (current_events.rules)


[---]         Removed rules:         [---]

 2829891 - ETPRO TROJAN PLEAD TScookie CnC Checkin (trojan.rules)



-- 
PGP: 0xBED7B297


More information about the Emerging-updates mailing list