[Emerging-Sigs] Daily Ruleset Update Summary 2019/08/06

James Emery-Callcott jcallcott at emergingthreats.net
Tue Aug 6 13:56:49 HDT 2019


[***]            Summary:            [***]

  9 new Open, 35 new Pro (9 + 26).  Win32/Onliner, AndroidOS.TimpDoor,
Various SSL/TLS, Various Phish.

  Thanks @401TRG.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2027803 - ET MOBILE_MALWARE Trojan.AndroidOS.TimpDoor Module Download
Request (mobile_malware.rules)
  2027804 - ET MOBILE_MALWARE Trojan.AndroidOS.TimpDoor (purple .itraffic
.click in DNS Lookup) (mobile_malware.rules)
  2027805 - ET MOBILE_MALWARE Trojan.AndroidOS.TimpDoor (purple .m-ads .net
in DNS Lookup) (mobile_malware.rules)
  2027806 - ET MOBILE_MALWARE Trojan.AndroidOS.TimpDoor (drproxy .pro in
DNS Lookup) (mobile_malware.rules)
  2027807 - ET TROJAN Win32/Onliner CnC Checkin (trojan.rules)
  2027808 - ET TROJAN Win32/Onliner Receiving Commands from CnC
(trojan.rules)
  2027809 - ET TROJAN Win32/Onliner Requesting Additional Modules
(trojan.rules)
  2027810 - ET TROJAN Win32/Onliner Mailer Module Communicating with CnC
(trojan.rules)
  2027811 - ET TROJAN Win32/Onliner Template 1 Active - Malicious Outbound
Email Spam (trojan.rules)

Pro:

  2837874 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi Injects Server)
(trojan.rules)
  2837875 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi Injects Server)
(trojan.rules)
  2837876 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi Injects Server)
(trojan.rules)
  2837877 - ETPRO TROJAN Possible Predator the Thief CnC Activity
(trojan.rules)
  2837878 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-08-06
(current_events.rules)
  2837879 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2019-08-06 (current_events.rules)
  2837880 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2019-08-06 (current_events.rules)
  2837881 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-08-06
(current_events.rules)
  2837882 - ETPRO CURRENT_EVENTS Successful Banca Sella Phish 2019-08-06
(current_events.rules)
  2837883 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-08-06
(current_events.rules)
  2837884 - ETPRO CURRENT_EVENTS Successful Globalance Bank Phish
2019-08-06 (current_events.rules)
  2837885 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-08-06 (current_events.rules)
  2837886 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2019-08-06
(current_events.rules)
  2837887 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-08-06
(current_events.rules)
  2837888 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2019-08-06
(current_events.rules)
  2837892 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-06 1) (trojan.rules)
  2837893 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-06 2) (trojan.rules)
  2837894 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-06 3) (trojan.rules)
  2837895 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-06 4) (trojan.rules)
  2837896 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-06 5) (trojan.rules)
  2837897 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Injects CnC)
(trojan.rules)
  2837898 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2837899 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Injects CnC)
(trojan.rules)

 [///]     Modified active rules:     [///]

  2014435 - ET TROJAN Infostealer.Banprox Proxy.pac Download (trojan.rules)
  2016922 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20190806/ac730372/attachment.html>


More information about the Emerging-sigs mailing list