[prev in list] [next in list] [prev in thread] [next in thread] 

List:       emerging-sigs
Subject:    [Emerging-Sigs] Daily Ruleset Update Summary 2017/05/31
From:       Travis Green <tgreen () emergingthreats ! net>
Date:       2017-05-31 21:01:29
Message-ID: CAKgkF6=56xsXD5commyDyUqryMFc2_jYRmMSXNwn1K--7M1D0A () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


[***]            Summary:            [***]

4 new Open, 16 new Pro (4 + 12). Jaff Updates, Various Phishing, Various
Mobile.
Thanks: @esentire

[+++]          Added rules:          [+++]

Open:

 2024338 - ET TROJAN Jaff Ransomware Checkin (trojan.rules)
 2024339 - ET TROJAN DNS Query to Jaff Domain (orhangazitur . com)
(trojan.rules)
 2024340 - ET TROJAN Jaff Ransomware Checkin (trojan.rules)
 2024341 - ET TROJAN DNS Query to Jaff Domain (comboratiogferrdto . com)
(trojan.rules)

Pro:

 2826546 - ETPRO INFO Observed DNS Query for DDNS domain (camerakeeper .tv)
(info.rules)
 2826547 - ETPRO TROJAN Observed Malicious Domain SSL Cert in SNI
(MSIL/ExtenBro.CL) (trojan.rules)
 2826548 - ETPRO TROJAN Observed Malicious JS Downloader SSL Cert
(trojan.rules)
 2826549 - ETPRO TROJAN MSIL/njRAT/Bladabindi Variant
(Microsoft_key_update) CnC Checkin (trojan.rules)
 2826550 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic Contact
Exfil via SMTP 2 (mobile_malware.rules)
 2826551 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 May 31
2017 (current_events.rules)
 2826552 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ar Reporting
via SMTP 2 (mobile_malware.rules)
 2826553 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M2 May 31
2017 (current_events.rules)
 2826554 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M3 May 31
2017 (current_events.rules)
 2826555 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.hs Reporting
via SMTP (mobile_malware.rules)
 2826556 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.eg Contact
Exfil via SMTP 2 (mobile_malware.rules)
 2826557 - ETPRO CURRENT_EVENTS Dropbox Phishing Landing May 31 2017
(current_events.rules)


[///]     Modified active rules:     [///]

 2018543 - ET CURRENT_EVENTS Neverquest/Vawtrak Posting Data
(current_events.rules)
 2022840 - ET TROJAN Possible CryptXXX Ransomware Renaming Encrypted File
SMB v2 (trojan.rules)
 2826233 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz Contact
Exfil via SMTP 2 (mobile_malware.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>

[Attachment #5 (text/html)]

<div dir="ltr"><div>[***]                  Summary:                  \
[***]</div><div><br></div><div>4 new Open, 16 new Pro (4 + 12). Jaff Updates, Various \
Phishing, Various Mobile.</div><div>Thanks: @esentire</div><div><br></div><div>[+++]  \
Added rules:               \
[+++]</div><div><br></div><div>Open:</div><div><br></div><div>  2024338 - ET TROJAN \
Jaff Ransomware Checkin (trojan.rules)</div><div>  2024339 - ET TROJAN DNS Query to \
Jaff Domain (orhangazitur . com) (trojan.rules)</div><div>  2024340 - ET TROJAN Jaff \
Ransomware Checkin (trojan.rules)</div><div>  2024341 - ET TROJAN DNS Query to Jaff \
Domain (comboratiogferrdto . com) (trojan.rules)</div><div>  \
</div><div>Pro:</div><div>  </div><div>  2826546 - ETPRO INFO Observed DNS Query for \
DDNS domain (camerakeeper .tv) (info.rules)</div><div>  2826547 - ETPRO TROJAN \
Observed Malicious Domain SSL Cert in SNI (MSIL/ExtenBro.CL) \
(trojan.rules)</div><div>  2826548 - ETPRO TROJAN Observed Malicious JS Downloader \
SSL Cert (trojan.rules)</div><div>  2826549 - ETPRO TROJAN MSIL/njRAT/Bladabindi \
Variant (Microsoft_key_update) CnC Checkin (trojan.rules)</div><div>  2826550 - ETPRO \
MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic Contact Exfil via SMTP 2 \
(mobile_malware.rules)</div><div>  2826551 - ETPRO CURRENT_EVENTS Successful Bank of \
America Phish M1 May 31 2017 (current_events.rules)</div><div>  2826552 - ETPRO \
MOBILE_MALWARE <a href="http://Trojan-Spy.AndroidOS.SmForw.ar">Trojan-Spy.AndroidOS.SmForw.ar</a> \
Reporting via SMTP 2 (mobile_malware.rules)</div><div>  2826553 - ETPRO \
CURRENT_EVENTS Successful Bank of America Phish M2 May 31 2017 \
(current_events.rules)</div><div>  2826554 - ETPRO CURRENT_EVENTS Successful Bank of \
America Phish M3 May 31 2017 (current_events.rules)</div><div>  2826555 - ETPRO \
MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.hs Reporting via SMTP \
(mobile_malware.rules)</div><div>  2826556 - ETPRO MOBILE_MALWARE <a \
href="http://Trojan-Spy.AndroidOS.SmsThief.eg">Trojan-Spy.AndroidOS.SmsThief.eg</a> \
Contact Exfil via SMTP 2 (mobile_malware.rules)</div><div>  2826557 - ETPRO \
CURRENT_EVENTS Dropbox Phishing Landing May 31 2017 \
(current_events.rules)</div><div><br></div><div><br></div><div>[///]       Modified \
active rules:       [///]</div><div><br></div><div>  2018543 - ET CURRENT_EVENTS \
Neverquest/Vawtrak Posting Data (current_events.rules)</div><div>  2022840 - ET \
TROJAN Possible CryptXXX Ransomware Renaming Encrypted File SMB v2 \
(trojan.rules)</div><div>  2826233 - ETPRO MOBILE_MALWARE \
Trojan-Spy.AndroidOS.SmForw.iz Contact Exfil via SMTP 2 \
(mobile_malware.rules)</div><div><br></div><div><br></div>-- <br><div \
class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><font face="monospace, \
monospace" size="1">PGP:  <a \
href="https://pgp.mit.edu/pks/lookup?op=get&amp;search=0x6B68453CBED7B297" \
target="_blank">0xBED7B297</a></font></div></div></div></div> </div>


[Attachment #6 (text/plain)]

_______________________________________________
Emerging-sigs mailing list
Emerging-sigs@lists.emergingthreats.net
https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs

Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreats.net



[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic