[Emerging-Sigs] Daily Ruleset Update Summary 2019/04/26

Jack Mott jmott at emergingthreats.net
Fri Apr 26 13:45:53 HDT 2019 

[***]            Summary:            [***]

24 new Pro. Vidar/Arkei, Informer Stealer, Oracle Weblogic Vulns, Various
Phishing.

TIIF

 [+++]          Added rules:          [+++]

Pro:

  2836075 - ETPRO POLICY Consolone Management Windows Agent Checkin
(policy.rules)
  2836076 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-26 1) (trojan.rules)
  2836077 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-26 2) (trojan.rules)
  2836078 - ETPRO TROJAN Win32.Informer Stealer Checkin (trojan.rules)
  2836079 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-04-26) (current_events.rules)
  2836080 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-04-26
(current_events.rules)
  2836081 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-04-26
(current_events.rules)
  2836082 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-04-26 (current_events.rules)
  2836083 - ETPRO CURRENT_EVENTS Successful Squarespace Phish 2019-04-26
(current_events.rules)
  2836084 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-04-26 (current_events.rules)
  2836085 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-04-26 (current_events.rules)
  2836086 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-04-26
(current_events.rules)
  2836087 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-04-26
(current_events.rules)
  2836088 - ETPRO CURRENT_EVENTS Successful Banco de Chile Phish 2019-04-26
(current_events.rules)
  2836089 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-04-26 (current_events.rules)
  2836090 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-04-26 (current_events.rules)
  2836091 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-04-26 (current_events.rules)
  2836092 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-04-26
(current_events.rules)
  2836093 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-04-26
(current_events.rules)
  2836094 - ETPRO TROJAN Vidar/Arkei Stealer Task Request (trojan.rules)
  2836095 - ETPRO TROJAN Vidar/Arkei Stealer Checkin (trojan.rules)
  2836096 - ETPRO TROJAN SSL/TLS Certificate Observed (Win32/CoinMiner.C)
(trojan.rules)
  2836097 - ETPRO WEB_CLIENT Possible Oracle Weblogic wls9-async
Deserialization RCE M1 (web_client.rules)
  2836098 - ETPRO WEB_CLIENT Possible Oracle Weblogic wls9-async
Deserialization RCE M2 (web_client.rules)

 [///]     Modified active rules:     [///]

  2836073 - ETPRO MALWARE Win32/JakyllHyde C2 Activity (malware.rules)

 [---]         Disabled rules:        [---]

  2828933 - ETPRO TROJAN PowerRatankba DNS Lookup 13 (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20190426/58cf74d0/attachment.html>

More information about the Emerging-sigs mailing list