[Emerging-Sigs] Daily Ruleset Update Summary 2019/04/22

Jack Mott jmott at emergingthreats.net
Mon Apr 22 14:10:44 HDT 2019 

[***]            Summary:            [***]

7 new Open, 29 new Pro (7 + 22). Windows SCM DLL Hijack, Win32.Raccoon
Stealer, Mirai stuff, Various Phishing.

 [+++]          Added rules:          [+++]

Open:

  2027232 - ET ATTACK_RESPONSE Windows SCM DLL Hijack Command Inbound via
HTTP M1 (attack_response.rules)
  2027233 - ET ATTACK_RESPONSE Windows SCM DLL Hijack Command Inbound via
HTTP M2 (attack_response.rules)
  2027234 - ET ATTACK_RESPONSE Windows SCM DLL Hijack Command (UTF-16)
Inbound via HTTP M1 (attack_response.rules)
  2027235 - ET ATTACK_RESPONSE Windows SCM DLL Hijack Command (UTF-16)
Inbound via HTTP M2 (attack_response.rules)
  2027236 - ET ATTACK_RESPONSE Windows SCM DLL Hijack Command Inbound via
HTTP M3 (attack_response.rules)
  2027237 - ET NETBIOS DCERPC SVCCTL - Remote Service Control Manager
Access (netbios.rules)
  2027238 - ET ATTACK_RESPONSE Windows SCM DLL Hijack Script (UTF-16)
Inbound via HTTP M3 (attack_response.rules)

 Pro:

  2835973 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-22 1) (trojan.rules)
  2835974 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-22 2) (trojan.rules)
  2835975 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-22 3) (trojan.rules)
  2835976 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-22 4) (trojan.rules)
  2835977 - ETPRO TROJAN Win32.Raccoon Stealer Checkin (trojan.rules)
  2835978 - ETPRO TROJAN Win32.Raccoon Stealer Password Exfil (trojan.rules)
  2835979 - ETPRO TROJAN Unk.CoinMiner Requesting Inf (trojan.rules)
  2835980 - ETPRO TROJAN ELF/Mirari Variant Momentum User-Agent
(trojan.rules)
  2835981 - ETPRO USER_AGENTS ELF/Mirari Variant Momentum User-Agent
Observed Inbound (user_agents.rules)
  2835982 - ETPRO TROJAN ELF/Mirai Variant TheEnd Botnet IRC Checkin
(trojan.rules)
  2835983 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-04-22
(current_events.rules)
  2835984 - ETPRO CURRENT_EVENTS Successful AOL Phish 2019-04-22
(current_events.rules)
  2835985 - ETPRO CURRENT_EVENTS Successful 1&1 Webhosting Phish 2019-04-22
(current_events.rules)
  2835986 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-04-22
(current_events.rules)
  2835987 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-04-22
(current_events.rules)
  2835988 - ETPRO CURRENT_EVENTS Successful USAA Phish 2019-04-22
(current_events.rules)
  2835989 - ETPRO CURRENT_EVENTS Successful USAA Phish 2019-04-22
(current_events.rules)
  2835990 - ETPRO CURRENT_EVENTS Successful Natwest Phish 2019-04-22
(current_events.rules)
  2835991 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-04-22
(current_events.rules)
  2835992 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2019-04-22
(current_events.rules)
  2835993 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2018-04-22
(current_events.rules)
  2835994 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-04-22 (current_events.rules)

 [///]     Modified active rules:     [///]

  2026904 - ET CURRENT_EVENTS Possible Successful Generic Phish (set)
2019-02-13 (current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20190422/7f437174/attachment.html>

More information about the Emerging-sigs mailing list