[Emerging-Sigs] Daily Ruleset Update Summary 2019/08/19

Jack Mott jmott at emergingthreats.net
Mon Aug 19 14:45:10 HDT 2019


[***]            Summary:            [***]

1 new Open, 25 new Pro (1 + 24).  Amadey, PlugX, Various Coinminers,
DonotGroup, Remcos.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

 [+++]          Added rules:          [+++]

 Open:

  2027897 - ET TROJAN BalkanDoor CnC Checkin (trojan.rules)

Pro:

  2838063 - ETPRO TROJAN Amadey CnC Server Payload Response (exe)
(trojan.rules)
  2838064 - ETPRO TROJAN Amadey CnC Server Payload Response (dll)
(trojan.rules)
  2838065 - ETPRO TROJAN Observed DNS Query for PlugX CnC Domain
(trojan.rules)
  2838067 - ETPRO TROJAN Observed DNS Query for PlugX CnC Domain
(trojan.rules)
  2838068 - ETPRO TROJAN Observed DNS Query for PlugX CnC Domain
(trojan.rules)
  2838069 - ETPRO TROJAN Observed DNS Query for PlugX CnC Domain
(trojan.rules)
  2838070 - ETPRO TROJAN Observed DNS Query for PlugX CnC Domain
(trojan.rules)
  2838071 - ETPRO POLICY Observed DNS Query to Canary Token Service
(policy.rules)
  2838072 - ETPRO TROJAN Possible DarkHotel Related DNS Lookup
(trojan.rules)
  2838073 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-19 1) (trojan.rules)
  2838074 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-19 2) (trojan.rules)
  2838075 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-19 3) (trojan.rules)
  2838076 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-19 4) (trojan.rules)
  2838077 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-19 5) (trojan.rules)
  2838078 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-19 6) (trojan.rules)
  2838079 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-19 7) (trojan.rules)
  2838080 - ETPRO TROJAN Possible DarkHotel VBS CnC Activity M1
(trojan.rules)
  2838081 - ETPRO TROJAN Possible DarkHotel VBS CnC Activity M2
(trojan.rules)
  2838082 - ETPRO TROJAN Possible DarkHotel VBS CnC Activity M3
(trojan.rules)
  2838083 - ETPRO TROJAN Win32/Remcos RAT Checkin 121 (trojan.rules)
  2838084 - ETPRO TROJAN DonotGroup Maldoc/Stage 1 CnC Domain in DNS Query
(trojan.rules)
  2838085 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
  2838086 - ETPRO TROJAN DonotGroup Maldoc Stage 1 CnC Checkin M1
(trojan.rules)
  2838087 - ETPRO TROJAN DonotGroup Maldoc Stage 1 CnC Checkin M2
(trojan.rules)


  [///]     Modified active rules:     [///]

  2027349 - ET WEB_SPECIFIC_APPS Jenkins Chained Exploits CVE-2018-1000861
and CVE-2019-1003000 M1 (web_specific_apps.rules)
  2027700 - ET TROJAN Amadey CnC Check-In (trojan.rules)
  2027892 - ET TROJAN Win32/Dostre CnC Activity (trojan.rules)
  2836790 - ETPRO POLICY Observed SSL Cert (Canarytokens) (policy.rules)
  2836791 - ETPRO POLICY Observed HTTP Request to Canary Token Service
(policy.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20190819/7ad3c6c5/attachment.html>


More information about the Emerging-sigs mailing list