[Emerging-Sigs] Daily Ruleset Update Summary 2017/10/16

Travis Green tgreen at emergingthreats.net
Mon Oct 16 17:38:51 EDT 2017


[***]            Summary:            [***]

5 new Open, 9 new Pro (5 + 9). Android/DoubleLocker.A, MSIL/CoalaBot,
Magniber Ransomware, Various Phishing.

Thanks: Adair John Collins, Shyaam Sundhar

[+++]          Added rules:          [+++]

Open:

 2024843 - ET SCAN struts-pwn User-Agent (scan.rules)
 2024844 - ET CURRENT_EVENTS Tech Support Phone Scam Landing M1 Oct 16 2016
(current_events.rules)
 2024845 - ET CURRENT_EVENTS Tech Support Phone Scam Landing M2 Oct 16 2016
(current_events.rules)
 2024846 - ET CURRENT_EVENTS Successful Paypal Phish Oct 16 2017
(current_events.rules)
 2024847 - ET CURRENT_EVENTS Successful Paypal (FR) Phish Oct 16 2017
(current_events.rules)

Pro:

 2828308 - ETPRO MOBILE_MALWARE Android/DoubleLocker.A CnC Beacon 2
(mobile_malware.rules)
 2828310 - ETPRO MOBILE_MALWARE Android/DoubleLocker.A DNS Lookup
(mobile_malware.rules)
 2828312 - ETPRO TROJAN Unknown Maldoc POST to CnC (trojan.rules)
 2828313 - ETPRO TROJAN MSIL/CoalaBot CnC Checkin M2 (trojan.rules)
 2828314 - ETPRO TROJAN Magniber Ransomware Checkin 1 (trojan.rules)
 2828315 - ETPRO TROJAN Magniber Ransomware Checkin 2 (trojan.rules)
 2828316 - ETPRO TROJAN Orz JavaScript Backdoor Sending Password to CnC
(trojan.rules)
 2828317 - ETPRO TROJAN Orz JavaScript Backdoor Communicating with CnC
(trojan.rules)
 2828318 - ETPRO CURRENT_EVENTS Successful Apple GSX Phish Oct 16 2017
(current_events.rules)


[///]     Modified active rules:     [///]

 2014726 - ET POLICY Outdated Flash Version M1 (policy.rules)
 2024379 - ET POLICY Outdated Flash Version M2 (policy.rules)
 2810628 - ETPRO TROJAN NanHaiShu JavaScript backdoor CnC Beacon M2 (b64 3)
(trojan.rules)
 2815494 - ETPRO CURRENT_EVENTS AES Crypto Observed in Javascript -
Possible Phishing Landing M1 Dec 28 2015 (current_events.rules)
 2815495 - ETPRO CURRENT_EVENTS Anonisma AES Crypto Observed in Javascript
- Possible Phishing Landing M2 Dec 28 2015 (current_events.rules)
 2827111 - ETPRO MOBILE_MALWARE Android/DoubleLocker.A CnC Beacon
(mobile_malware.rules)
 2828286 - ETPRO TROJAN Sage Ransomware Variant Checkin (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20171016/9269f573/attachment-0001.html>


More information about the Emerging-sigs mailing list