[Emerging-Sigs] Daily Ruleset Update Summary 2019/04/04
James Emery-Callcott
jcallcott at emergingthreats.net
Thu Apr 4 14:17:31 HDT 2019
[***] Summary: [***]
7 new Open, 15 new Pro (7 + 8). LaZagne Artifact, BKDR_HTV.ZKGD-A,
Various SSL.
[+++] Added rules: [+++]
Open:
2027150 - ET TROJAN ELF.Initdz.Coinminer C2 Systeminfo (D2) (trojan.rules)
2027151 - ET ATTACK_RESPONSE LaZagne Artifact Outbound in FTP
(attack_response.rules)
2027152 - ET POLICY Outbound SMTP NTLM Authentication Observed
(policy.rules)
2027153 - ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound
(exploit.rules)
2027154 - ET MOBILE_MALWARE Android/BasBanke CnC Checkin
(mobile_malware.rules)
2027155 - ET TROJAN AHK/BKDR_HTV.ZKGD-A CnC Checkin (trojan.rules)
2027156 - ET TROJAN AHK/BKDR_HTV.ZKGD-A Fake HTTP 500 Containing Encoded
Commands Inbound (trojan.rules)
Pro:
2835728 - ETPRO TROJAN W32.LocNa Checkin (trojan.rules)
2835729 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-04 1) (trojan.rules)
2835730 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-04 2) (trojan.rules)
2835731 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-04 3) (trojan.rules)
2835732 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2835733 - ETPRO TROJAN Win32/Phorpiex CnC Checkin (trojan.rules)
2835734 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2835735 - ETPRO TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
[///] Modified active rules: [///]
2027143 - ET CURRENT_EVENTS MalDoc Request for Payload (TA505 Related)
(current_events.rules)
---------------------------------------
James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20190405/3d719f4b/attachment.html>
More information about the Emerging-sigs
mailing list