[Emerging-Sigs] Daily Ruleset Update Summary 2019/04/29
James Emery-Callcott
jcallcott at emergingthreats.net
Mon Apr 29 13:33:28 HDT 2019
[***] Summary: [***]
4 new Open, 33 new Pro (4 + 29). DonotGroup, Win32.Mokes, Various
SSL/TLS, Various Phish.
[+++] Added rules: [+++]
Open:
2027289 - ET TROJAN Novaloader Stage 2 VBS Request (trojan.rules)
2027290 - ET TROJAN DonotGroup CnC Domain in DNS Lookup (trojan.rules)
2027291 - ET TROJAN DonotGroup CnC Domain in DNS Lookup (trojan.rules)
2027292 - ET TROJAN DonotGroup CnC Domain in DNS Lookup (trojan.rules)
Pro:
2836099 - ETPRO TROJAN Win32/Vigorf.A Checkin 2 (trojan.rules)
2836100 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-29 1) (trojan.rules)
2836101 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-29 2) (trojan.rules)
2836102 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-29 3) (trojan.rules)
2836103 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-29 4) (trojan.rules)
2836104 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2836105 - ETPRO TROJAN DCRS Backdoor CnC Checkin (trojan.rules)
2836106 - ETPRO CURRENT_EVENTS Successful NatWest Phish 2019-04-29
(current_events.rules)
2836107 - ETPRO CURRENT_EVENTS Successful NatWest Phish 2019-04-29
(current_events.rules)
2836108 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-04-29
(current_events.rules)
2836109 - ETPRO CURRENT_EVENTS Successful Zimbra Phish 2019-04-29
(current_events.rules)
2836110 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-04-29 (current_events.rules)
2836111 - ETPRO CURRENT_EVENTS Successful Daum Phish 2019-04-29
(current_events.rules)
2836112 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-04-29
(current_events.rules)
2836113 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-04-29
(current_events.rules)
2836114 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-04-29 (current_events.rules)
2836115 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-04-29
(current_events.rules)
2836116 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-04-29
(current_events.rules)
2836117 - ETPRO CURRENT_EVENTS Successful Outlook Phish 2019-04-29
(current_events.rules)
2836118 - ETPRO CURRENT_EVENTS Successful Outlook Phish 2019-04-29
(current_events.rules)
2836119 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-04-29
(current_events.rules)
2836120 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-04-29
(current_events.rules)
2836121 - ETPRO TROJAN SSL/TLS Certificate Observed (PoshAdvisor)
(trojan.rules)
2836122 - ETPRO TROJAN Win32.Mokes Backdoor CnC Activity (trojan.rules)
2836125 - ETPRO TROJAN DonotGroup CnC Domain in SNI (trojan.rules)
2836126 - ETPRO TROJAN DonotGroup CnC Domain in DNS Lookup (trojan.rules)
2836127 - ETPRO TROJAN Possible DonotGroup Downloader CnC Checkin 1
(trojan.rules)
2836128 - ETPRO TROJAN Possible DonotGroup Downloader CnC Checkin 2
(trojan.rules)
2836129 - ETPRO TROJAN Observed Malicious SSL Cert (Possible DonotGroup
CnC) (trojan.rules)
[///] Modified active rules: [///]
2826931 - ETPRO TROJAN Idicaf CnC Beacon (trojan.rules)
2830910 - ETPRO TROJAN Win32/digimine/nigelthorn CnC Checkin via HTTP
(trojan.rules)
2836097 - ETPRO WEB_CLIENT Possible Oracle Weblogic wls9-async
Deserialization RCE M1 (web_client.rules)
2836098 - ETPRO WEB_CLIENT Possible Oracle Weblogic wls9-async
Deserialization RCE M2 (web_client.rules)
---------------------------------------
James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20190429/a065b0bd/attachment.html>
More information about the Emerging-sigs
mailing list