[Emerging-Sigs] Daily Ruleset Update Summary 2019/04/24

Jack Mott jmott at emergingthreats.net
Wed Apr 24 14:10:48 HDT 2019 

[***]            Summary:            [***]

10 new Open, 37 new Pro (10 + 27). DNSpionage/Karkoff, GitHub based Phish,
Sidewinder, Various Mobile.

 [+++]          Added rules:          [+++]

Open:

  2027273 - ET TROJAN Baldr Stealer Checkin M2 (trojan.rules)
  2027274 - ET POLICY Request for Possible Microsoft Phishing Hosted on
Github.io (policy.rules)
  2027275 - ET POLICY Request for Possible Facebook Phishing Hosted on
Github.io (policy.rules)
  2027276 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request
(google_chrome_default_) M1 (trojan.rules)
  2027277 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request
(google_chrome_default_) M2 (trojan.rules)
  2027278 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request
(Mozilla_Firefox_Cookies) M1 (trojan.rules)
  2027279 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request
(Mozilla_Firefox_Cookies) M2 (trojan.rules)
  2027280 - ET TROJAN APT DNSpionage/Karkoff CnC Domain in DNS Lookup
(trojan.rules)
  2027281 - ET TROJAN APT DNSpionage/Karkoff CnC Domain in DNS Lookup
(trojan.rules)
  2027282 - ET TROJAN APT DNSpionage/Karkoff CnC Domain in DNS Lookup
(trojan.rules)

Pro:

  2836006 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.DRNE-8 CnC Beacon
(mobile_malware.rules)
  2836007 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Hiddad.an Location Exfil
(mobile_malware.rules)
  2836008 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Koomer.A Checkin
(mobile_malware.rules)
  2836009 - ETPRO TROJAN Observed Malicious SSL Cert (APT SideWinder CnC)
(trojan.rules)
  2836010 - ETPRO CURRENT_EVENTS Successful Microsoft Sharepoint Phish
2019-04-24 (current_events.rules)
  2836011 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-04-24 (current_events.rules)
  2836012 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-04-24 (current_events.rules)
  2836013 - ETPRO CURRENT_EVENTS Successful 126 Webmail Phish 2019-04-24
(current_events.rules)
  2836014 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-04-24
(current_events.rules)
  2836015 - ETPRO CURRENT_EVENTS Successful Simplii Phish 2019-04-24
(current_events.rules)
  2836016 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-04-24 (current_events.rules)
  2836017 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-04-24
(current_events.rules)
  2836018 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-04-24 (current_events.rules)
  2836019 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-04-24 (current_events.rules)
  2836020 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-04-24 (current_events.rules)
  2836021 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-04-24 (current_events.rules)
  2836022 - ETPRO CURRENT_EVENTS Successful Delta Phish 2019-04-24
(current_events.rules)
  2836023 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-04-24
(current_events.rules)
  2836024 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-04-24
(current_events.rules)
  2836025 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-04-24 (current_events.rules)
  2836026 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-04-24 (current_events.rules)
  2836027 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-04-24 (current_events.rules)
  2836028 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-04-24 (current_events.rules)
  2836029 - ETPRO TROJAN APT DNSpionage/Karkoff XORed Config Inbound (0x46)
(trojan.rules)
  2836030 - ETPRO TROJAN APT SideWinder CnC Domain in DNS Lookup
(trojan.rules)
  2836031 - ETPRO TROJAN APT SideWinder CnC Domain in DNS Lookup
(trojan.rules)
  2836032 - ETPRO TROJAN APT SideWinder JS Loader Inbound (trojan.rules)

 [///]     Modified active rules:     [///]

  2018959 - ET POLICY PE EXE or DLL Windows file download HTTP
(policy.rules)
  2026114 - ET MALWARE Luxsoft Win32/ICLoader User-Agent (malware.rules)
  2835998 - ETPRO TROJAN Win32/SideWinder.PreBOT Stealer Checkin
(trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20190424/30c01f94/attachment-0001.html>

More information about the Emerging-sigs mailing list