[Emerging-Sigs] Daily Ruleset Update Summary 2019/04/03

James Emery-Callcott jcallcott at emergingthreats.net
Wed Apr 3 13:37:26 HDT 2019 

[***]            Summary:            [***]

  4 new Open, 17 new Pro (4 + 13).  EternalBlueDownloader, CoinMiners,
Various Phish.

  Thanks, DakotaCon Threat Hunting Class.

 [+++]          Added rules:          [+++]

Open:

  2027146 - ET POLICY Possible Successful Phish - Password Submitted to *.
000webhostapp.com (policy.rules)
  2027147 - ET TROJAN Win32/EternalBlueDownloader CnC Checkin (trojan.rules)
  2027148 - ET TROJAN PS/EternalBlueDownloader CnC Checkin (trojan.rules)
  2027149 - ET TROJAN Py/EternalBlueDownloader CnC Checkin (trojan.rules)

Pro:

  2835715 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-03 1) (trojan.rules)
  2835716 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-03 2) (trojan.rules)
  2835717 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-03 3) (trojan.rules)
  2835718 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-03 4) (trojan.rules)
  2835719 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-03 5) (trojan.rules)
  2835720 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-03 6) (trojan.rules)
  2835721 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-04-03
(current_events.rules)
  2835722 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-04-03
(current_events.rules)
  2835723 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2019-04-03
(current_events.rules)
  2835724 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-04-03
(current_events.rules)
  2835725 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-04-03 (current_events.rules)
  2835726 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-04-03
(current_events.rules)
  2835727 - ETPRO MALWARE Win32/Techsnab PUA Checkin (malware.rules)


---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20190403/c32aa1a6/attachment.html>

More information about the Emerging-sigs mailing list