[Emerging-Sigs] Daily Ruleset Update Summary 2019/04/05

James Emery-Callcott jcallcott at emergingthreats.net
Fri Apr 5 12:23:55 HDT 2019 

[***]            Summary:            [***]

  10 new Open, 22 new Pro (10 + 12).  Win32.Vipid.CN, AndroidOS.Agent.CC,
Various DNS.

[+++]          Added rules:          [+++]

Open:

  2027157 - ET TROJAN Observed Malicious SSL Cert (Gozi CnC) (trojan.rules)
  2027158 - ET TROJAN DNS Query for Known Malicious Domain Observed Serving
Various Phish Campaigns (trojan.rules)
  2027159 - ET TROJAN DNS Query for Known Malicious Domain Observed Serving
Various Phish Campaigns (trojan.rules)
  2027160 - ET TROJAN DNS Query for Known Malicious Domain Observed Serving
Various Phish Campaigns (trojan.rules)
  2027161 - ET TROJAN DNS Query for Known Malicious Domain Observed Serving
Various Phish Campaigns (trojan.rules)
  2027162 - ET TROJAN DNS Query for Known Malicious Domain Observed Serving
Various Phish Campaigns (trojan.rules)
  2027163 - ET TROJAN DNS Query for Known Malicious Domain Observed Serving
Various Phish Campaigns (trojan.rules)
  2027164 - ET TROJAN DNS Query for Known Malicious Domain Observed Serving
Various Phish Campaigns (trojan.rules)
  2027165 - ET TROJAN DNS Query for Known Malicious Domain Observed Serving
Various Phish Campaigns (trojan.rules)
  2027166 - ET TROJAN DNS Query for Known Malicious Domain Observed Serving
Various Phish Campaigns (trojan.rules)

Pro:

  2835736 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Agent.CC
Checkin (mobile_malware.rules)
  2835737 - ETPRO TROJAN Win32.Vipid.CN Checkin (trojan.rules)
  2835738 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-05 1) (trojan.rules)
  2835739 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-05 2) (trojan.rules)
  2835740 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-05 3) (trojan.rules)
  2835741 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-05 4) (trojan.rules)
  2835742 - ETPRO POLICY Leopard Remote Control System Checkin
(policy.rules)
  2835743 - ETPRO USER_AGENTS ELF/Mirai UA Outbound (ECHOBOT)
(user_agents.rules)
  2835744 - ETPRO USER_AGENTS ELF/Mirai UA Inbound (ECHOBOT)
(user_agents.rules)
  2835745 - ETPRO USER_AGENTS ELF/Mirai UA Outbound (ZuoIdj/)
(user_agents.rules)
  2835746 - ETPRO USER_AGENTS ELF/Mirai UA Inbound (ZuoIdj)
(user_agents.rules)
  2835747 - ETPRO MALWARE Win32/DealPly.Adware Checkin (malware.rules)


 [///]     Modified active rules:     [///]

  2833312 - ETPRO TROJAN CoinMiner Config Request (trojan.rules)
  2833617 - ETPRO TROJAN Win32/Phorpiex Template 2 Active - Outbound Email
Spam (trojan.rules)


---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20190405/c71a89a9/attachment.html>

More information about the Emerging-sigs mailing list