[Emerging-Sigs] Daily Ruleset Update Summary 2019/04/25

Jack Mott jmott at emergingthreats.net
Thu Apr 25 14:58:41 HDT 2019 

[***]            Summary:            [***]

6 new Open, 48 new Pro (6 + 42). Powershell Empire, Fin7, Various SSL,
JakyllHyde, Various Mobile, Various Phishing.

 [+++]          Added rules:          [+++]

Open:

  2027283 - ET TROJAN Suspected Powershell Empire POST M1 (trojan.rules)
  2027284 - ET TROJAN Suspected Powershell Empire GET M1 (trojan.rules)
  2027285 - ET POLICY Monero Mining Pool DNS Lookup (policy.rules)
  2027286 - ET USER_AGENTS Aria2 User-Agent (user_agents.rules)
  2027287 - ET INFO DYNAMIC_DNS Query to *.myddns.me Domain (info.rules)
  2027288 - ET INFO DYNAMIC_DNS HTTP Request to a *.myddns.me Domain
(info.rules)

Pro:

  2836033 - ETPRO MOBILE_MALWARE Andr.Trojan.FakeTelegram-6736160-2 Checkin
(mobile_malware.rules)
  2836034 - ETPRO MOBILE_MALWARE Android/Hiddad.FCD Checkin
(mobile_malware.rules)
  2836035 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-25 1) (trojan.rules)
  2836036 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-25 2) (trojan.rules)
  2836037 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-25 3) (trojan.rules)
  2836038 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-25 4) (trojan.rules)
  2836039 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-04-25
(current_events.rules)
  2836040 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-04-25
(current_events.rules)
  2836041 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-04-25 (current_events.rules)
  2836042 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-04-25 (current_events.rules)
  2836043 - ETPRO CURRENT_EVENTS Successful American Express Phish
2019-04-25 (current_events.rules)
  2836044 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-04-25 (current_events.rules)
  2836045 - ETPRO CURRENT_EVENTS Successful TWC Webmail Phish 2019-04-25
(current_events.rules)
  2836046 - ETPRO CURRENT_EVENTS Successful Luno Phish 2019-04-25
(current_events.rules)
  2836047 - ETPRO CURRENT_EVENTS Successful OX App Suite Phish 2019-04-25
(current_events.rules)
  2836048 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-04-25
(current_events.rules)
  2836049 - ETPRO CURRENT_EVENTS Successful S-Pankki Phish 2019-04-25
(current_events.rules)
  2836050 - ETPRO CURRENT_EVENTS Successful Excel Phish 2019-04-25
(current_events.rules)
  2836051 - ETPRO CURRENT_EVENTS Successful Discover Phish 2019-04-25
(current_events.rules)
  2836052 - ETPRO CURRENT_EVENTS Successful Online Virus Scan Phish
2019-04-25 (current_events.rules)
  2836053 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-04-25 (current_events.rules)
  2836054 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-04-25 (current_events.rules)
  2836055 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-04-25
(current_events.rules)
  2836056 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-04-25
(current_events.rules)
  2836057 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-04-25
(current_events.rules)
  2836058 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-04-25
(current_events.rules)
  2836059 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-04-25 (current_events.rules)
  2836060 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-04-25
(current_events.rules)
  2836061 - ETPRO CURRENT_EVENTS Successful American Express Phish
2019-04-25 (current_events.rules)
  2836062 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7 GRIFFON CnC)
(trojan.rules)
  2836063 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi v3 Worker CnC)
(trojan.rules)
  2836064 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi v3 Worker CnC)
(trojan.rules)
  2836065 - ETPRO TROJAN Gozi v3 Worker CnC Domain in DNS Lookup
(trojan.rules)
  2836066 - ETPRO TROJAN Gozi v3 Worker CnC Domain in DNS Lookup
(trojan.rules)
  2836067 - ETPRO TROJAN FIN7 GRIFFON CnC Domain in DNS Lookup
(trojan.rules)
  2836068 - ETPRO TROJAN Win32/Kryptik.GSLS CnC Checkin (trojan.rules)
  2836069 - ETPRO TROJAN Observed Malicious SSL Cert (APT SideWinder CnC)
(trojan.rules)
  2836070 - ETPRO TROJAN APT SideWinder CnC Domain in DNS Lookup
(trojan.rules)
  2836071 - ETPRO TROJAN APT SideWinder CnC Domain in DNS Lookup
(trojan.rules)
  2836072 - ETPRO TROJAN APT28 Zebrocy/Zekapab CnC Checkin (trojan.rules)
  2836073 - ETPRO MALWARE Win32/JakyllHyde C2 Activity (malware.rules)
  2836074 - ETPRO MALWARE Win32/JakyllHyde C2 Activity M2 (malware.rules)


 [///]     Modified active rules:     [///]

  2027147 - ET TROJAN Win32/Beapy CnC Checkin (trojan.rules)
  2027148 - ET TROJAN PS/Beapy CnC Checkin (trojan.rules)
  2027149 - ET TROJAN Py/Beapy CnC Checkin (trojan.rules)
  2835978 - ETPRO TROJAN Win32.Raccoon Stealer Password Exfil (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20190425/bc0050cc/attachment.html>

More information about the Emerging-sigs mailing list