[prev in list] [next in list] [prev in thread] [next in thread]
List: emerging-sigs
Subject: [Emerging-Sigs] Daily Ruleset Update Summary 2017/08/31
From: Travis Green <tgreen () emergingthreats ! net>
Date: 2017-08-31 21:44:46
Message-ID: CAKgkF6mxKT=xDzTaTsOt+MT3PJRRp2SBS=V+zpMbRN_KXhdU-Q () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
[***] Summary: [***]
12 new Open, 27 new Pro (12 + 15). Gazer, Flash Update Landing,
MSIL/Omnibus, Various Phishing, Various Mobile.
[+++] Added rules: [+++]
Open:
2024638 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Aug 31
2017 (current_events.rules)
2024639 - ET CURRENT_EVENTS Successful Bitstamp Cryptocurrency Exchange
Phish Aug 30 2017 (current_events.rules)
2024640 - ET CURRENT_EVENTS Successful LocalBitcoins Cryptocurrency
Exchange Phish Aug 30 2017 (current_events.rules)
2024641 - ET TROJAN Gazer DNS query observed (soligro.com) (trojan.rules)
2024642 - ET TROJAN Gazer DNS query observed (mydreamhoroscope.com)
(trojan.rules)
2024643 - ET CURRENT_EVENTS Fake Adobe Flash Update Landing - Title over
non SSL (current_events.rules)
2024644 - ET CURRENT_EVENTS Fake Adobe Flash Update Landing - Title over
non SSL (current_events.rules)
2024645 - ET CURRENT_EVENTS Fake Adobe Flash Update Landing - Title over
non SSL (current_events.rules)
2024646 - ET CURRENT_EVENTS Fake Adobe Flash Update Landing - Title over
non SSL (current_events.rules)
2024647 - ET CURRENT_EVENTS Fake Adobe Flash Update Landing - Title over
non SSL (current_events.rules)
2024648 - ET CURRENT_EVENTS Fake Adobe Flash Update Landing - Title over
non SSL (current_events.rules)
2024649 - ET CURRENT_EVENTS Fake Adobe Flash Update Landing - Title over
non SSL (current_events.rules)
Pro:
2827759 - ETPRO TROJAN Win32/Spy.Qukart Activity (trojan.rules)
2827760 - ETPRO CURRENT_EVENTS FakeAV/TechSupport Scam Aug 30 2017
(current_events.rules)
2827761 - ETPRO TROJAN MSIL/Omnibus PWS Data Exfil (trojan.rules)
2827762 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.am CnC Beacon
(mobile_malware.rules)
2827763 - ETPRO CURRENT_EVENTS Successful Facebook Support Phish Aug 30
2017 (current_events.rules)
2827764 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL)
(current_events.rules)
2827765 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.jj Contact
Exfil via SMTP (mobile_malware.rules)
2827766 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.jj Reporting
Infection via SMTP (mobile_malware.rules)
2827767 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact
Exfil via SMTP 21 (mobile_malware.rules)
2827768 - ETPRO CURRENT_EVENTS Successful Paypal (DE) Phish M1 Aug 31 2017
(current_events.rules)
2827769 - ETPRO CURRENT_EVENTS Successful Paypal (DE) Phish M2 Aug 31 2017
(current_events.rules)
2827770 - ETPRO CURRENT_EVENTS Successful Paypal (DE) Phish M3 Aug 31 2017
(current_events.rules)
2827771 - ETPRO CURRENT_EVENTS Successful Car2Go Phish M1 Aug 31 2017
(current_events.rules)
2827772 - ETPRO CURRENT_EVENTS Successful Car2Go Phish M2 Aug 31 2017
(current_events.rules)
2827773 - ETPRO CURRENT_EVENTS Successful Cembra Phish Aug 31 2017
(current_events.rules)
[///] Modified active rules: [///]
2804838 - ETPRO TROJAN Savit.A Checkin (trojan.rules)
2827167 - ETPRO TROJAN Alina Checkin 1 (trojan.rules)
2827168 - ETPRO TROJAN Alina Checkin 2 (trojan.rules)
2827169 - ETPRO TROJAN Alina IP Check (whatismyipaddress .com)
(trojan.rules)
2827719 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(W32.PooLen) (trojan.rules)
2827720 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(W32.PooLen) (trojan.rules)
[---] Disabled and modified rules: [---]
2822143 - ETPRO TROJAN Loda Logger Screenshot Command from CnC
(trojan.rules)
--
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
[Attachment #5 (text/html)]
<div dir="ltr"><div>[***] Summary: \
[***]</div><div><br></div><div>12 new Open, 27 new Pro (12 + 15). Gazer, Flash Update \
Landing, MSIL/Omnibus, Various Phishing, Various \
Mobile.</div><div><br></div><div>[+++] Added rules: \
[+++]</div><div><br></div><div>Open:</div><div><br></div><div> 2024638 - ET \
CURRENT_EVENTS Possible Successful Generic Phish (set) Aug 31 2017 \
(current_events.rules)</div><div> 2024639 - ET CURRENT_EVENTS Successful Bitstamp \
Cryptocurrency Exchange Phish Aug 30 2017 (current_events.rules)</div><div> 2024640 \
- ET CURRENT_EVENTS Successful LocalBitcoins Cryptocurrency Exchange Phish Aug 30 \
2017 (current_events.rules)</div><div> 2024641 - ET TROJAN Gazer DNS query observed \
(<a href="http://soligro.com">soligro.com</a>) (trojan.rules)</div><div> 2024642 - \
ET TROJAN Gazer DNS query observed (<a \
href="http://mydreamhoroscope.com">mydreamhoroscope.com</a>) \
(trojan.rules)</div><div> 2024643 - ET CURRENT_EVENTS Fake Adobe Flash Update \
Landing - Title over non SSL (current_events.rules)</div><div> 2024644 - ET \
CURRENT_EVENTS Fake Adobe Flash Update Landing - Title over non SSL \
(current_events.rules)</div><div> 2024645 - ET CURRENT_EVENTS Fake Adobe Flash \
Update Landing - Title over non SSL (current_events.rules)</div><div> 2024646 - ET \
CURRENT_EVENTS Fake Adobe Flash Update Landing - Title over non SSL \
(current_events.rules)</div><div> 2024647 - ET CURRENT_EVENTS Fake Adobe Flash \
Update Landing - Title over non SSL (current_events.rules)</div><div> 2024648 - ET \
CURRENT_EVENTS Fake Adobe Flash Update Landing - Title over non SSL \
(current_events.rules)</div><div> 2024649 - ET CURRENT_EVENTS Fake Adobe Flash \
Update Landing - Title over non SSL \
(current_events.rules)</div><div><br></div><div>Pro:</div><div><br></div><div> \
2827759 - ETPRO TROJAN Win32/Spy.Qukart Activity (trojan.rules)</div><div> 2827760 - \
ETPRO CURRENT_EVENTS FakeAV/TechSupport Scam Aug 30 2017 \
(current_events.rules)</div><div> 2827761 - ETPRO TROJAN MSIL/Omnibus PWS Data Exfil \
(trojan.rules)</div><div> 2827762 - ETPRO MOBILE_MALWARE <a \
href="http://Trojan.AndroidOS.Triada.am">Trojan.AndroidOS.Triada.am</a> CnC Beacon \
(mobile_malware.rules)</div><div> 2827763 - ETPRO CURRENT_EVENTS Successful Facebook \
Support Phish Aug 30 2017 (current_events.rules)</div><div> 2827764 - ETPRO \
CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) \
(current_events.rules)</div><div> 2827765 - ETPRO MOBILE_MALWARE \
Trojan-Spy.AndroidOS.SmForw.jj Contact Exfil via SMTP \
(mobile_malware.rules)</div><div> 2827766 - ETPRO MOBILE_MALWARE \
Trojan-Spy.AndroidOS.SmForw.jj Reporting Infection via SMTP \
(mobile_malware.rules)</div><div> 2827767 - ETPRO MOBILE_MALWARE \
Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact Exfil via SMTP 21 \
(mobile_malware.rules)</div><div> 2827768 - ETPRO CURRENT_EVENTS Successful Paypal \
(DE) Phish M1 Aug 31 2017 (current_events.rules)</div><div> 2827769 - ETPRO \
CURRENT_EVENTS Successful Paypal (DE) Phish M2 Aug 31 2017 \
(current_events.rules)</div><div> 2827770 - ETPRO CURRENT_EVENTS Successful Paypal \
(DE) Phish M3 Aug 31 2017 (current_events.rules)</div><div> 2827771 - ETPRO \
CURRENT_EVENTS Successful Car2Go Phish M1 Aug 31 2017 \
(current_events.rules)</div><div> 2827772 - ETPRO CURRENT_EVENTS Successful Car2Go \
Phish M2 Aug 31 2017 (current_events.rules)</div><div> 2827773 - ETPRO \
CURRENT_EVENTS Successful Cembra Phish Aug 31 2017 \
(current_events.rules)</div><div><br></div><div><br></div><div>[///] Modified \
active rules: [///]</div><div><br></div><div> 2804838 - ETPRO TROJAN Savit.A \
Checkin (trojan.rules)</div><div> 2827167 - ETPRO TROJAN Alina Checkin 1 \
(trojan.rules)</div><div> 2827168 - ETPRO TROJAN Alina Checkin 2 \
(trojan.rules)</div><div> 2827169 - ETPRO TROJAN Alina IP Check (whatismyipaddress \
.com) (trojan.rules)</div><div> 2827719 - ETPRO TROJAN CoinMiner Known Malicious \
Stratum Authline (W32.PooLen) (trojan.rules)</div><div> 2827720 - ETPRO TROJAN \
CoinMiner Known Malicious Stratum Authline (W32.PooLen) \
(trojan.rules)</div><div><br></div><div><br></div><div>[---] Disabled and modified \
rules: [---]</div><div><br></div><div> 2822143 - ETPRO TROJAN Loda Logger \
Screenshot Command from CnC (trojan.rules)</div><div><br></div><div><br></div>-- \
<br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><font \
face="monospace, monospace" size="1">PGP: <a \
href="https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297" \
target="_blank">0xBED7B297</a></font></div></div></div></div> </div>
[Attachment #6 (text/plain)]
_______________________________________________
Emerging-sigs mailing list
Emerging-sigs@lists.emergingthreats.net
https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreats.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic