[Emerging-updates] Daily Ruleset Update Summary 2019/03/04
Jack Mott
jmott at emergingthreats.net
Mon Mar 4 15:40:28 HST 2019
[***] Summary: [***]
2 new Open, 35 new Pro (2 + 33). Win32/Spy.RTM/Redaman, FinderBot, Various
EK, Various Phishing,
Various Mobile.
[+++] Added rules: [+++]
Open:
2027025 - ET TROJAN [PTsecurity] Win32/Spy.RTM/Redaman IP Check
(trojan.rules)
2027026 - ET POLICY External IP Address Lookup DNS Query (policy.rules)
Pro:
2835124 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis CnC Beacon
(mobile_malware.rules)
2835125 - ETPRO MOBILE_MALWARE Android/Trojan.FAA CnC Beacon
(mobile_malware.rules)
2835126 - ETPRO MOBILE_MALWARE Android/Trojan.FAA CnC Beacon 2
(mobile_malware.rules)
2835127 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.abp CnC Beacon
(mobile_malware.rules)
2835128 - ETPRO MOBILE_MALWARE Android/Agent.AMP Checkin
(mobile_malware.rules)
2835129 - ETPRO MOBILE_MALWARE Android/Spy.Banker.AJZ Checkin
(mobile_malware.rules)
2835130 - ETPRO TROJAN MSIL/Spy.Agent.BPX Checkin (trojan.rules)
2835131 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-04 1) (trojan.rules)
2835132 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-04 2) (trojan.rules)
2835133 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-04 3) (trojan.rules)
2835134 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-04 4) (trojan.rules)
2835135 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-04 5) (trojan.rules)
2835136 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-04 6) (trojan.rules)
2835137 - ETPRO TROJAN FinderBot Checkin/Requesting Payload (trojan.rules)
2835138 - ETPRO TROJAN FinderBot User-Agent (nnn/) (trojan.rules)
2835139 - ETPRO TROJAN FinderBot Requesting Tasks (trojan.rules)
2835140 - ETPRO TROJAN FinderBot Cookie Exfil (trojan.rules)
2835141 - ETPRO TROJAN FinderBot Login Exfil (trojan.rules)
2835142 - ETPRO TROJAN FinderBot CnC Checkin (trojan.rules)
2835143 - ETPRO CURRENT_EVENTS Successful Simplii Phish 2019-03-04
(current_events.rules)
2835144 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2019-03-04
(current_events.rules)
2835145 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-03-04 (current_events.rules)
2835146 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-03-04 (current_events.rules)
2835147 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-03-04 (current_events.rules)
2835148 - ETPRO CURRENT_EVENTS Malicious HookAds Affiliate - Redirect to
EK (current_events.rules)
2835149 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (EK Landing)
(current_events.rules)
2835150 - ETPRO CURRENT_EVENTS SocEng Redirect Chain - Evil Keitaro
Set-Cookie Inbound (9d5e3) (current_events.rules)
2835151 - ETPRO TROJAN MSIL/Spy.Agent.BTP CnC Checkin (trojan.rules)
2835152 - ETPRO CURRENT_EVENTS MalDoc Requesting Payload 2019-03-04
(current_events.rules)
2835153 - ETPRO TROJAN Win32/Phorpiex CnC DNS Query (trojan.rules)
2835154 - ETPRO TROJAN PowerShell Downloader CnC Checkin (trojan.rules)
2835155 - ETPRO TROJAN Win-Python-Backdoor Config Inbound (trojan.rules)
2835156 - ETPRO TROJAN VBS/Susp.Enumerator Script Inbound (trojan.rules)
[///] Modified active rules: [///]
2835102 - ETPRO TROJAN CrazyCrypt Ransomware CnC Activity (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20190304/c7a97c6e/attachment.html>
More information about the Emerging-updates
mailing list