[Emerging-Sigs] Daily Ruleset Update Summary 2019/08/16

Brandon Murphy bmurphy at emergingthreats.net
Fri Aug 16 14:28:14 HDT 2019


[***]            Summary:            [***]

3 new Open, 15 new Pro (3 + 12).  Clipsa, More_eggs,
Trojan-Banker.AndroidOS.Cerberus,  MalDoc SSL Certs

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback


 [+++]          Added rules:          [+++]

 Open:

  2027893 - ET TROJAN Clipsa Stealer - CnC Checkin (trojan.rules)
  2027894 - ET TROJAN Clipsa Stealer - Coinminer Download (trojan.rules)
  2027895 - ET TROJAN Clipsa Stealer - Exfiltration Activity (trojan.rules)

Pro:

  2838050 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Cerberus Checkin
(mobile_malware.rules)
  2838051 - ETPRO TROJAN MalDoc Retrieving Ursnif Payload (trojan.rules)
  2838052 - ETPRO TROJAN Win32/Origin Logger SMTP Account Exfil
(trojan.rules)
  2838053 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-08-16) (current_events.rules)
  2838054 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-08-16 2) (current_events.rules)
  2838055 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
  2838056 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
  2838057 - ETPRO TROJAN Unknown BR W32/Downloader CnC Host Checkin
(trojan.rules)
  2838059 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-15 1) (trojan.rules)
  2838060 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-15 2) (trojan.rules)
  2838061 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-16 1) (trojan.rules)
  2838062 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2019-08-16 (current_events.rules)


 [///]     Modified active rules:     [///]


  2027693 - ET TROJAN Inter Skimmer CnC Domain in DNS Lookup (trojan.rules)
  2025931 - ET TROJAN Aurora Ransomware CnC Checkin (trojan.rules)


 [---]  Disabled and modified rules:  [---]

  2027890 - ET SNMP Cisco Non-Trap PDU request on SNMPv1 trap port
(snmp.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20190816/4a52a2f3/attachment.html>


More information about the Emerging-sigs mailing list