[Emerging-Sigs] Daily Ruleset Update Summary 2019/04/01

James Emery-Callcott jcallcott at emergingthreats.net
Mon Apr 1 13:31:53 HDT 2019 

[***]            Summary:            [***]

  1 new Open, 32 new Pro (1 + 31).  APT32 Shellcode, JasperLoader,
CoinMiners, Various Phish.

[+++]          Added rules:          [+++]

Open:

  2027142 - ET USER_AGENTS Observed Suspicious UA (Mozilla 6.0)
(user_agents.rules)

Pro:

  2835655 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-01 1) (trojan.rules)
  2835656 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-01 2) (trojan.rules)
  2835657 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-01 3) (trojan.rules)
  2835658 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-01 4) (trojan.rules)
  2835659 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-01 5) (trojan.rules)
  2835660 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-01 6) (trojan.rules)
  2835661 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-01 7) (trojan.rules)
  2835662 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-01 8) (trojan.rules)
  2835663 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-01 9) (trojan.rules)
  2835664 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-01 10) (trojan.rules)
  2835665 - ETPRO TROJAN MalDoc Reporting System Information (trojan.rules)
  2835666 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-04-01
(current_events.rules)
  2835667 - ETPRO CURRENT_EVENTS Successful Tesco Phish 2019-04-01
(current_events.rules)
  2835668 - ETPRO CURRENT_EVENTS Successful Tesco Phish 2019-04-01
(current_events.rules)
  2835669 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-04-01
(current_events.rules)
  2835670 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-04-01
(current_events.rules)
  2835671 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-04-01 (current_events.rules)
  2835672 - ETPRO CURRENT_EVENTS Successful Outlook Phish 2019-04-01
(current_events.rules)
  2835673 - ETPRO CURRENT_EVENTS Successful 163 Webmail Phish 2019-04-01
(current_events.rules)
  2835674 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-04-01 (current_events.rules)
  2835675 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-04-01
(current_events.rules)
  2835676 - ETPRO CURRENT_EVENTS Possible Successful Generic Wordpress
Hosted Phish 2019-04-01 (current_events.rules)
  2835677 - ETPRO TROJAN Win32/Kryptik.GPXU CnC Checkin (trojan.rules)
  2835678 - ETPRO TROJAN Win32/Xuni CnC Checkin (trojan.rules)
  2835679 - ETPRO TROJAN JasperLoader Requesting Campaign Specific Payload
(trojan.rules)
  2835680 - ETPRO CURRENT_EVENTS JasperLoader Related PowerShell Inbound
(current_events.rules)
  2835681 - ETPRO TROJAN JasperLoader Spam Module Inbound (trojan.rules)
  2835682 - ETPRO TROJAN Powerstats/MuddyWater CnC Activity (trojan.rules)
  2835683 - ETPRO TROJAN Gozi Inject CnC Domain in SNI (trojan.rules)
  2835684 - ETPRO CURRENT_EVENTS Evil Keitaro Set-Cookie Inbound (409f2)
(current_events.rules)
  2835685 - ETPRO TROJAN APT32 Shellcode CnC Activity (trojan.rules)

 [///]     Modified active rules:     [///]

  2026772 - ET TROJAN ServHelper CnC Inital Checkin (trojan.rules)


---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20190401/27108de5/attachment.html>

More information about the Emerging-sigs mailing list