[Emerging-Sigs] Daily Ruleset Update Summary 2019/08/23

Jack Mott jmott at emergingthreats.net
Fri Aug 23 13:54:15 HDT 2019


[***]            Summary:            [***]

7 new Open, 40 new Pro (7 + 33).  Various Router DNS Changer Exploits,
GlitchPOS, ProkLoader, Cob(?:alt|int), Remcos, Various Phish.

Tks: @james_inthe_box

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

 [+++]          Added rules:          [+++]

 Open:

  2027906 - ET EXPLOIT D-Link Router DNS Changer Exploit Attempt
(exploit.rules)
  2027907 - ET EXPLOIT ARG-W4 ASDL Router DNS Changer Exploit Attempt
(exploit.rules)
  2027908 - ET EXPLOIT DSLink 260E Router DNS Changer Exploit Attempt
(exploit.rules)
  2027909 - ET EXPLOIT Secutech Router DNS Changer Exploit Attempt
(exploit.rules)
  2027910 - ET EXPLOIT TOTOLINK Router DNS Changer Exploit Attempt
(exploit.rules)
  2027911 - ET CURRENT_EVENTS Successful Generic Phish (set) 2019-08-23
(current_events.rules)
  2027912 - ET TROJAN GlitchPOS CnC Checkin (trojan.rules)

Pro:

  2838140 - ETPRO TROJAN ProkLoader CnC Activity (trojan.rules)
  2838143 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-08-23
(current_events.rules)
  2838144 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-08-23
(current_events.rules)
  2838145 - ETPRO CURRENT_EVENTS Successful SunTrust Phish 2019-08-23
(current_events.rules)
  2838146 - ETPRO CURRENT_EVENTS Successful Daum Phish 2019-08-23
(current_events.rules)
  2838147 - ETPRO CURRENT_EVENTS Successful Spotify Phish 2019-08-23
(current_events.rules)
  2838148 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2019-08-23
(current_events.rules)
  2838149 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2019-08-23 (current_events.rules)
  2838150 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2019-08-23 (current_events.rules)
  2838151 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2019-08-23 (current_events.rules)
  2838152 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-23 1) (trojan.rules)
  2838153 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-23 2) (trojan.rules)
  2838154 - ETPRO TROJAN SSL/TLS Certificate Observed (CobInt)
(trojan.rules)
  2838155 - ETPRO TROJAN SSL/TLS Certificate Observed (Cobalt Group
Downloader) (trojan.rules)
  2838156 - ETPRO TROJAN Win32/Socks.NAL CnC Checkin (trojan.rules)
  2838157 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
  2838158 - ETPRO TROJAN Win32/Remcos RAT Checkin 122 (trojan.rules)
  2838159 - ETPRO TROJAN Win32/Remcos RAT Checkin 123 (trojan.rules)
  2838160 - ETPRO TROJAN Win32/Remcos RAT Checkin 124 (trojan.rules)
  2838161 - ETPRO TROJAN Win32/Remcos RAT Checkin 125 (trojan.rules)
  2838162 - ETPRO TROJAN Win32/Remcos RAT Checkin 126 (trojan.rules)
  2838163 - ETPRO TROJAN Win32/Remcos RAT Checkin 127 (trojan.rules)
  2838164 - ETPRO TROJAN Win32/Remcos RAT Checkin 128 (trojan.rules)
  2838165 - ETPRO TROJAN Win32/Remcos RAT Checkin 129 (trojan.rules)
  2838166 - ETPRO TROJAN Win32/Remcos RAT Checkin 130 (trojan.rules)
  2838167 - ETPRO TROJAN Win32/Remcos RAT Checkin 131 (trojan.rules)
  2838168 - ETPRO TROJAN Win32/Remcos RAT Checkin 132 (trojan.rules)
  2838169 - ETPRO TROJAN Win32/Remcos RAT Checkin 133 (trojan.rules)
  2838170 - ETPRO TROJAN Win32/Remcos RAT Checkin 134 (trojan.rules)
  2838171 - ETPRO TROJAN Win32/Remcos RAT Checkin 135 (trojan.rules)
  2838172 - ETPRO TROJAN Win32/Remcos RAT Checkin 136 (trojan.rules)

 [///]     Modified active rules:     [///]

  2002402 - ET MALWARE Spyware Related User-Agent (UtilMind HTTPGet)
(malware.rules)
  2027771 - ET TROJAN Win32/ArtraDownloader Checkin (trojan.rules)
  2836280 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-05-10
(current_events.rules)
  2838109 - ETPRO POLICY Google DNS Over HTTPS Certificate Inbound
(policy.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20190823/5e23b8e4/attachment.html>


More information about the Emerging-sigs mailing list