[Emerging-Sigs] Daily Ruleset Update Summary 2019/08/01

Jason Williams jwilliams at emergingthreats.net
Thu Aug 1 14:09:59 HDT 2019


[***]            Summary:            [***]

  16 new Open, 33 new Pro (16 + 17). ArtraDownloader, AmendMiner, Ursnif,
Various Phish.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

 [+++]          Added rules:          [+++]

 Open:

  2027771 - ET TROJAN Win32/ArtraDownloader Checkin (trojan.rules)
  2027772 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
  2027773 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
  2027774 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
  2027775 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
  2027776 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
  2027777 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
  2027778 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
  2027779 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
  2027780 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
  2027781 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
  2027782 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
  2027783 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
  2027784 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
  2027785 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
  2027786 - ET POLICY External IP Lookup (www .net .cn) (policy.rules)

 Pro:

  2837802 - ETPRO MALWARE Win32/NetFilter.A PUP/PUA Activity (malware.rules)
  2837803 - ETPRO TROJAN ELF/AmendMiner CnC Activity (trojan.rules)
  2837804 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2837805 - ETPRO CURRENT_EVENTS Successful Global Sources Phish 2019-08-01
(current_events.rules)
  2837806 - ETPRO CURRENT_EVENTS Successful Banca Sella Phish 2019-08-01
(current_events.rules)
  2837807 - ETPRO CURRENT_EVENTS Successful Generic Email Settings Phish
2019-08-01 (current_events.rules)
  2837808 - ETPRO CURRENT_EVENTS Successful Capital One Phish 2019-08-01
(current_events.rules)
  2837809 - ETPRO CURRENT_EVENTS Successful Netease 163 Webmail Phish
2019-08-01 (current_events.rules)
  2837810 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-08-01
(current_events.rules)
  2837811 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-08-01
(current_events.rules)
  2837812 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-08-01 (current_events.rules)
  2837813 - ETPRO CURRENT_EVENTS Successful United Airlines Phish
2019-08-01 (current_events.rules)
  2837814 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-08-01
(current_events.rules)
  2837815 - ETPRO CURRENT_EVENTS Successful Google Phish 2019-08-01
(current_events.rules)
  2837816 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-01 1) (trojan.rules)
  2837817 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-01 2) (trojan.rules)
  2837818 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-01 3) (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20190801/2d325462/attachment.html>


More information about the Emerging-sigs mailing list