[Emerging-updates] Daily Ruleset Update Summary 2018/11/22

James Emery-Callcott jcallcott at emergingthreats.net
Thu Nov 22 09:19:45 HST 2018


 [***]            Summary:            [***]

 4 new Open, 7 new Pro (4 + 3). OceanLotus, Brazilian Bankers, JS
Downloaders.

Thanks James Lay.

 [+++]          Added rules:          [+++]

  2026645 - ET TROJAN OceanLotus Stage 2 Domain in DNS Lookup
(cdn-ampproject .com) (trojan.rules)
  2026646 - ET TROJAN OceanLotus Stage 2 Domain in DNS Lookup
(bootstraplink .com) (trojan.rules)
  2026647 - ET TROJAN OceanLotus Stage 2 Domain in DNS Lookup
(sskimresources .com) (trojan.rules)
  2026648 - ET TROJAN OceanLotus Stage 2 Domain in DNS Lookup (widgets-wp
.com) (trojan.rules)
  2833610 - ETPRO TROJAN Unk.BR Banker Retrieving Payload via JS Bitsadmin
Transfer (trojan.rules)
  2833611 - ETPRO CURRENT_EVENTS Inbound JS Downloader Using Wscript.Shell
with Bitsadmin Transfer M1 (current_events.rules)
  2833612 - ETPRO CURRENT_EVENTS Inbound JS Downloader Using Wscript.Shell
with Bitsadmin Transfer M2 (current_events.rules)

 [///]     Modified active rules:     [///]

  2833424 - ETPRO TROJAN MSIL/Sieren CnC Checkin (trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20181122/082ff3b1/attachment.html>


More information about the Emerging-updates mailing list