[Emerging-Sigs] Daily Ruleset Update Summary 2019/04/17
Jason Williams
jwilliams at emergingthreats.net
Wed Apr 17 13:28:29 HDT 2019
[***] Summary: [***]
6 new Open, 30 new Pro (6 + 24). DonotGroup, Coinminers, Various Phishing.
[+++] Added rules: [+++]
Open:
2027214 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
2027215 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
2027216 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
2027217 - ET TROJAN DonotGroup CnC Domain in DNS Lookup (drivethrough
.top) (trojan.rules)
2027218 - ET TROJAN DonotGroup CnC Domain in DNS Lookup (drinkeatgood
.space) (trojan.rules)
2027219 - ET USER_AGENTS ESET Installer (user_agents.rules)
Pro:
2835912 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-17 1) (trojan.rules)
2835913 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-17 2) (trojan.rules)
2835914 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-17 3) (trojan.rules)
2835915 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2835916 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2835917 - ETPRO TROJAN Observed Malicious SSL Cert (CoreDn Activity)
(trojan.rules)
2835918 - ETPRO CURRENT_EVENTS Successful Outlook Phish 2019-04-17
(current_events.rules)
2835919 - ETPRO CURRENT_EVENTS Successful Outlook Phish 2019-04-17
(current_events.rules)
2835920 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-04-17 (current_events.rules)
2835921 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-04-17 (current_events.rules)
2835922 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-04-17 (current_events.rules)
2835923 - ETPRO CURRENT_EVENTS Successful Banco Inter Phish 2019-04-17
(current_events.rules)
2835924 - ETPRO CURRENT_EVENTS Successful Volksbank DE Phish 2019-03-29
(current_events.rules)
2835925 - ETPRO CURRENT_EVENTS Successful Volksbank DE Phish 2019-04-17
(current_events.rules)
2835926 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-04-17
(current_events.rules)
2835927 - ETPRO CURRENT_EVENTS Successful Xoom / Paypal Phish 2019-04-17
(current_events.rules)
2835928 - ETPRO POLICY External IP Address Lookup DNS Query (api .ip .sb)
(policy.rules)
2835929 - ETPRO POLICY External IP Address Lookup via api.ip .sb
(policy.rules)
2835930 - ETPRO POLICY Observed External IP Lookup Domain (api.ip .sb in
TLS SNI) (policy.rules)
2835931 - ETPRO POLICY SuperAntiSpyware PUA/PUP Install Phone Home
(policy.rules)
2835932 - ETPRO POLICY SuperAntiSpyware PUA/PUP Install Diagnostic Item
(policy.rules)
2835933 - ETPRO POLICY SuperAntiSpyware PUA/PUP User-Agent
SASDef_GetComponents (policy.rules)
2835934 - ETPRO POLICY SuperAntiSpyware PUA/PUP User-Agent
SASDef_GetDescriptor (policy.rules)
2835935 - ETPRO POLICY SuperAntiSpyware PUA/PUP User-Agent
SASDef_DownloadDefinitions (policy.rules)
[///] Modified active rules: [///]
2022578 - ET CURRENT_EVENTS JS Obfuscation - Possible Phishing 2016-03-01
(current_events.rules)
2027199 - ET POLICY URL Shortener Service Domain in DNS Lookup (tiny .cc)
(policy.rules)
2027200 - ET POLICY Observed SSL Cert (URL Shortener Service - tiny .cc)
(policy.rules)
2835265 - ETPRO MOBILE_MALWARE DonotGroup CnC DNS Query
(mobile_malware.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20190417/7ae0526b/attachment.html>
More information about the Emerging-sigs
mailing list