[Emerging-Sigs] Daily Ruleset Update Summary 2019/08/02

Jason Williams jwilliams at emergingthreats.net
Fri Aug 2 14:14:32 HDT 2019


[***]            Summary:            [***]

  5 new Open, 25 new Pro (5 + 20). LordEK, Fallout EK, Wexw Backdoor,
Various Phish.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

 [+++]          Added rules:          [+++]

 Open:

  2027787 - ET CURRENT_EVENTS Obfuscated LordEK Landing M1
(current_events.rules)
  2027788 - ET CURRENT_EVENTS Observed LordEK HTTP POST Request
(current_events.rules)
  2027789 - ET EXPLOIT Possible Inbound Flash Exploit (CVE-2018-15982)
(exploit.rules)
  2027790 - ET EXPLOIT Possible Inbound Flash Exploit with Stack-Based
wininet (exploit.rules)
  2027791 - ET CURRENT_EVENTS Obfuscated LordEK Landing M2
(current_events.rules)

 Pro:

  2837822 - ETPRO MALWARE Win32/SoftFire PUP/PUA Downloader Checkin
(malware.rules)
  2837823 - ETPRO TROJAN Win32/Wexw Backdoor Checkin (trojan.rules)
  2837825 - ETPRO MALWARE Observed Malicious SSL Cert (PUP/PUA Toolbar
Helper) (malware.rules)
  2837826 - ETPRO USER_AGENTS Observed Suspicious UA (QueryServiceConfigA)
(user_agents.rules)
  2837827 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-08-02
(current_events.rules)
  2837828 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-02 1) (trojan.rules)
  2837829 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-02 2) (trojan.rules)
  2837830 - ETPRO CURRENT_EVENTS Successful OTP Group Bank Phish 2019-08-02
(current_events.rules)
  2837831 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-08-02 (current_events.rules)
  2837832 - ETPRO CURRENT_EVENTS Successful Geneneric Credit Card
Information Phish 2019-08-02 (current_events.rules)
  2837833 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-08-02 (current_events.rules)
  2837834 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-08-02
(current_events.rules)
  2837835 - ETPRO CURRENT_EVENTS Successful Keybank Phish 2019-08-02
(current_events.rules)
  2837836 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Fallout EK
CnC) (current_events.rules)
  2837837 - ETPRO CURRENT_EVENTS Fallout EK HTTP GET Request Observed
(current_events.rules)
  2837838 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
  2837839 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
  2837840 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
  2837841 - ETPRO POLICY Observed KonturVNC Domain (help kontur .ru in TLS
SNI) (policy.rules)
  2837842 - ETPRO POLICY KonturVNC Version Check Activity (policy.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20190802/ca8ef0b5/attachment.html>


More information about the Emerging-sigs mailing list