[Emerging-Sigs] Daily Ruleset Update Summary 2019/08/14

Brandon Murphy bmurphy at emergingthreats.net
Wed Aug 14 14:16:45 HDT 2019


[***]            Summary:            [***]

3 new Open, 20 new Pro (3 + 17). Win32/SafeNewTab, Android/Spy.Rasteal.A,
FortiOS SSL VPN, Various Phishing.

[+++]          Added rules:          [+++]

Open:

  2027883 - ET EXPLOIT FortiOS SSL VPN - Information Disclosure
(CVE-2018-13379) (exploit.rules)
  2027884 - ET EXPLOIT FortiOS SSL VPN - Pre-Auth Messages Payload Buffer
Overflow (CVE-2018-13381) (exploit.rules)
  2027885 - ET EXPLOIT FortiOS SSL VPN - Improper Authorization
Vulnerability (CVE-2018-13382) (exploit.rules)

Pro:

  2838017 - ETPRO MOBILE_MALWARE Android/Spy.Rasteal.A Contact Exfil via
SMTP (mobile_malware.rules)
  2838018 - ETPRO TROJAN MalDoc Dropper CnC Beacon M1 (trojan.rules)
  2838019 - ETPRO TROJAN MalDoc Dropper CnC Beacon M2 (trojan.rules)
  2838020 - ETPRO TROJAN Zeropadypt/Limbo/Ouroboros Ransomware CnC Checkin
(trojan.rules)
  2838021 - ETPRO POLICY External IP Address Lookup via libsfml-network
(policy.rules)
  2838022 - ETPRO TROJAN Win32/SafeNewTab Sending Screenshot (trojan.rules)
  2838023 - ETPRO TROJAN Win32/SafeNewTab Acticity (trojan.rules)
  2838024 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-08-14) (current_events.rules)
  2838025 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-08-14 2) (current_events.rules)
  2838026 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2838027 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-14 1) (trojan.rules)
  2838028 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-14 2) (trojan.rules)
  2838029 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-14 3) (trojan.rules)
  2838030 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-08-14
(current_events.rules)
  2838031 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-08-14
(current_events.rules)
  2838032 - ETPRO CURRENT_EVENTS Successful ABSA Phish 2019-08-14
(current_events.rules)
  2838033 - ETPRO CURRENT_EVENTS Successful eFax Phish 2019-08-14
(current_events.rules)

[///]     Modified active rules:     [///]

  2837947 - ETPRO TROJAN Koadic CnC Activity (trojan.rules)
  2838004 - ETPRO TROJAN Observed Malicious SSL Cert (Koadic CnC)
(trojan.rules)
  2838012 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-08-13 (current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20190814/03be7d61/attachment.html>


More information about the Emerging-sigs mailing list