[Emerging-Sigs] Daily Ruleset Update Summary 2019/08/21

Jack Mott jmott at emergingthreats.net
Wed Aug 21 14:10:51 HDT 2019


[***]            Summary:            [***]

4 new Open, 19 new Pro (4 + 15).  MyKings Bootloader, Smokeloader, Various
Phishing, Coinminers.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

 [+++]          Added rules:          [+++]

 Open:

  2027899 - ET CURRENT_EVENTS Possible Phishing Landing Obfuscation Mar 17
(current_events.rules)
  2027900 - ET TROJAN MyKings Bootloader Variant Requesting Payload M1
(trojan.rules)
  2027901 - ET TROJAN MyKings Bootloader Variant Requesting Payload M2
(trojan.rules)
  2027902 - ET TROJAN MyKings Bootloader Variant Requesting Payload M3
(trojan.rules)

Pro:

  2838106 - ETPRO TROJAN Sharik/Smokeloader CnC Beacon 16 (trojan.rules)
  2838107 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-08-20) (current_events.rules)
  2838108 - ETPRO TROJAN Observed Malicious SSL Cert (PsiXBot CnC)
(trojan.rules)
  2838109 - ETPRO POLICY Google DNS Over HTTPS Certificate Inbound
(policy.rules)
  2838110 - ETPRO POLICY Observed Google DNS over HTTPS Domain (dns .google
.com in TLS SNI) (policy.rules)
  2838111 - ETPRO CURRENT_EVENTS Successful Microsoft Office 365 Phish
2019-08-21 (current_events.rules)
  2838112 - ETPRO CURRENT_EVENTS Successful Banco Estado Phish 2019-08-21
(current_events.rules)
  2838113 - ETPRO CURRENT_EVENTS Successful myGov Phish 2019-08-21
(current_events.rules)
  2838114 - ETPRO CURRENT_EVENTS Successful Mobile.de Phish 2019-08-21
(current_events.rules)
  2838115 - ETPRO CURRENT_EVENTS Successful HiNet Phish 2019-08-21
(current_events.rules)
  2838116 - ETPRO CURRENT_EVENTS Successful Impots Gouv FR Phish 2019-08-21
(current_events.rules)
  2838117 - ETPRO CURRENT_EVENTS Successful Sparkasse Phish 2019-08-21
(current_events.rules)
  2838118 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2019-08-21 (current_events.rules)
  2838119 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-21 1) (trojan.rules)
  2838120 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-21 2) (trojan.rules)

 [///]     Modified active rules:     [///]

  2821655 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 1 (GET)
(trojan.rules)
  2821669 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 1 (POST)
(trojan.rules)
  2837704 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-07-25
(current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20190821/21f85ca0/attachment.html>


More information about the Emerging-sigs mailing list