[Emerging-Sigs] Daily Ruleset Update Summary 2019/08/26

Jason Williams jwilliams at emergingthreats.net
Mon Aug 26 13:23:28 HDT 2019


[***]            Summary:            [***]

7 new Open, 27 new Pro (20 + 7). Nemty Ransomware, Alpha Stealer,
Coinminers, Various PHISHING

 [+++]          Added rules:          [+++]

 Open:

  2027913 - ET TROJAN Win32/Nemty Ransomware Style Geo IP Check M1
(trojan.rules)
  2027914 - ET TROJAN Win32/Nemty Ransomware Style Geo IP Check M2
(trojan.rules)
  2027915 - ET POLICY External Geo IP Lookup (api .db-ip .com)
(policy.rules)
  2027916 - ET USER_AGENTS Observed Suspicious UA (Chrome)
(user_agents.rules)
  2027917 - ET TROJAN Win32/Alpha Stealer v1.5 PWS Exfil via HTTP
(trojan.rules)
  2027918 - ET POLICY Quad9 DNS Over TLS Certificate Inbound (policy.rules)
  2027919 - ET POLICY Observed External IP Lookup Domain (ipconfig .cf in
TLS SNI) (policy.rules)

 Pro:

  2838173 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-08-26) (current_events.rules)
  2838174 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-08-26 2) (current_events.rules)
  2838175 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-08-26
(current_events.rules)
  2838176 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-08-26 (current_events.rules)
  2838177 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-08-26 (current_events.rules)
  2838178 - ETPRO CURRENT_EVENTS Successful Sparkasse Phish 2019-08-26
(current_events.rules)
  2838179 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-08-26 (current_events.rules)
  2838180 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2019-08-26
(current_events.rules)
  2838181 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-08-26
(current_events.rules)
  2838182 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-08-26
(current_events.rules)
  2838183 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-08-26
(current_events.rules)
  2838184 - ETPRO CURRENT_EVENTS Successful SF Express CN Phish 2019-08-26
(current_events.rules)
  2838185 - ETPRO CURRENT_EVENTS SocEng Redirect Chain - Evil Keitaro
Set-Cookie Inbound (36281) (current_events.rules)
  2838187 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-26 1) (trojan.rules)
  2838188 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-26 2) (trojan.rules)
  2838189 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-26 3) (trojan.rules)
  2838190 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-26 4) (trojan.rules)
  2838191 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-26 5) (trojan.rules)
  2838192 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-26 6) (trojan.rules)
  2838193 - ETPRO TROJAN Win32/Remcos RAT Checkin 137 (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20190826/9e6c4aad/attachment.html>


More information about the Emerging-sigs mailing list