[Emerging-Sigs] Daily Ruleset Update Summary 2019/08/08

James Emery-Callcott jcallcott at emergingthreats.net
Thu Aug 8 13:39:20 HDT 2019


[***]            Summary:            [***]

  13 new Open, 31 new Pro (13 + 18).  Varenyky, DealPly,
Android/Hiddad.AAU, Various Phish.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2027818 - ET CURRENT_EVENTS XHR POST Request - Possible Form Grabber
Activity (current_events.rules)
  2027819 - ET TROJAN Win32/Varenyky Spambot CnC in DNS Query (trojan.rules)
  2027820 - ET TROJAN Win32/Varenyky Spambot CnC in DNS Query (trojan.rules)
  2027821 - ET TROJAN Win32/Varenyky Spambot CnC in DNS Query (trojan.rules)
  2027822 - ET TROJAN Win32/Varenyky Spambot CnC in DNS Query (trojan.rules)
  2027823 - ET TROJAN Win32/Varenyky Spambot CnC in DNS Query (trojan.rules)
  2027824 - ET TROJAN Win32/Varenyky Spambot CnC in DNS Query (trojan.rules)
  2027825 - ET TROJAN Win32/Varenyky Spambot CnC in DNS Query (trojan.rules)
  2027826 - ET TROJAN Win32/Varenyky Spambot CnC in DNS Query (trojan.rules)
  2027827 - ET TROJAN Win32/Varenyky Spambot CnC in DNS Query (trojan.rules)
  2027828 - ET MALWARE Win32/DealPly CnC Checkin (malware.rules)
  2027829 - ET MALWARE Win32/DealPly Configuration File Inbound
(malware.rules)
  2027830 - ET MALWARE Win32/DealPly Reporting Details to CnC
(malware.rules)

Pro:

  2837927 - ETPRO MOBILE_MALWARE Android.Trojan.FakeInst.MW Checkin
(mobile_malware.rules)
  2837928 - ETPRO MOBILE_MALWARE Android/Hiddad.AAU Checkin
(mobile_malware.rules)
  2837929 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-08-08 (current_events.rules)
  2837930 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-08 1) (trojan.rules)
  2837931 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-08 2) (trojan.rules)
  2837932 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-08 3) (trojan.rules)
  2837933 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-08-08 (current_events.rules)
  2837934 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-08-08 (current_events.rules)
  2837935 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-08-08
(current_events.rules)
  2837936 - ETPRO CURRENT_EVENTS Successful Luno Phish 2019-08-08
(current_events.rules)
  2837937 - ETPRO CURRENT_EVENTS Successful MCU Municipal Credit Union
Phish 2019-08-08 (current_events.rules)
  2837938 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-08-08
(current_events.rules)
  2837939 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-08-08 (current_events.rules)
  2837940 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-08-08
(current_events.rules)
  2837941 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-08-08 (current_events.rules)
  2837942 - ETPRO CURRENT_EVENTS Successful Cox Phish 2019-08-08
(current_events.rules)
  2837943 - ETPRO TROJAN QuasarRAT/Remcos CnC in DNS Query (trojan.rules)
  2837944 - ETPRO TROJAN Possible Win32/Varenyky Spambot CnC Checkin
(trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20190808/62cf0e7f/attachment.html>


More information about the Emerging-sigs mailing list