[Emerging-Sigs] Daily Ruleset Update Summary 2019/04/11
Travis Green
tgreen at emergingthreats.net
Thu Apr 11 12:55:36 HDT 2019
[***] Summary: [***]
11 new Open, 29 new Pro (11 + 18). (?:Nslookup|Ipconfig|Net View) in
SMB Traffic, MSIL/fhRansum, Kaprav, Various Phishing, Mobile.
Thanks: Kevin Ross
[+++] Added rules: [+++]
Open:
2027183 - ET POLICY Nslookup Command in SMB Traffic - Possible Lateral
Movement (policy.rules)
2027184 - ET POLICY Nslookup Command in SMB Traffic - Possible Lateral
Movement (policy.rules)
2027185 - ET POLICY Ipconfig Command in SMB Traffic - Possible Lateral
Movement (policy.rules)
2027186 - ET POLICY Ipconfig Command in SMB Traffic - Possible Lateral
Movement (policy.rules)
2027187 - ET POLICY Net View Command in SMB Traffic - Likely Lateral
Movement (policy.rules)
2027188 - ET POLICY Net View Command in SMB Traffic - Likely Lateral
Movement (policy.rules)
2027189 - ET NETBIOS DCERPC DCOM ExecuteShellCommand Call - Likely
Lateral Movement (netbios.rules)
2027190 - ET NETBIOS DCERPC DCOM ShellExecute - Likely Lateral
Movement (netbios.rules)
2027191 - ET POLICY Executable Transfer in SMB (policy.rules)
2027192 - ET POLICY Tunneled RDP msts Handshake (policy.rules)
2027193 - ET POLICY Tunneled RDP Handshake (policy.rules)
Pro:
2835812 - ETPRO MOBILE_MALWARE Android/iThree.A Checkin (mobile_malware.rules)
2835813 - ETPRO MOBILE_MALWARE Android/Indinfo.A Checkin (mobile_malware.rules)
2835814 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.CXO
Location Exfil (mobile_malware.rules)
2835815 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.CXO CnC
Beacon (mobile_malware.rules)
2835816 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-11 1) (trojan.rules)
2835817 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-11 2) (trojan.rules)
2835818 - ETPRO TROJAN Win32/VB.CU Stealer SMTP Exfil (trojan.rules)
2835819 - ETPRO TROJAN MSIL/fhRansum CnC Checkin (trojan.rules)
2835820 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2835821 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2835822 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2835823 - ETPRO TROJAN Kaprav Related FTP Implant (trojan.rules)
2835824 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2835825 - ETPRO CURRENT_EVENTS Successful Godaddy Phish 2019-04-11
(current_events.rules)
2835826 - ETPRO CURRENT_EVENTS Successful Banco Inter Phish 2019-04-11
(current_events.rules)
2835827 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-04-11 (current_events.rules)
2835828 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-04-11
(current_events.rules)
2835829 - ETPRO CURRENT_EVENTS Successful Spotify Phish 2019-04-11
(current_events.rules)
[///] Modified active rules: [///]
2831402 - ETPRO TROJAN MSIL/Predator The Thief CnC Checkin (trojan.rules)
2831995 - ETPRO TROJAN Win32/Predator The Thief Sending Data to CnC
(trojan.rules)
--
PGP:
travisgreen.net/tgreen at emergingthreats.net.asc
travisgreen.net/travis at travisgreen.net.asc
More information about the Emerging-sigs
mailing list