[Emerging-Sigs] Daily Ruleset Update Summary 2019/08/27

James Emery-Callcott jcallcott at emergingthreats.net
Tue Aug 27 15:51:33 HDT 2019


[***]            Summary:            [***]

  1 new Open, 17 new Pro (1 + 17).  Agent.IZ InfoStealer, AlphaStealer,
Spy.Agent.AOX, Various Phish.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2027920 - ET MOBILE_MALWARE Android/Spy.Agent.AOX Checkin
(mobile_malware.rules)

Pro:

  2838194 - ETPRO MALWARE Observed Malicious SSL Cert (PsiXBot CnC)
(malware.rules)
  2838195 - ETPRO TROJAN Terse Request for .ps1 - Likely Hostile
(trojan.rules)
  2838196 - ETPRO TROJAN SSL/TLS Certificate Observed (Unknown BR
W32/Downloader) (trojan.rules)
  2838197 - ETPRO TROJAN Observed DNS Query for CobInt/Cobalt Group CnC
Domain (trojan.rules)
  2838198 - ETPRO CURRENT_EVENTS Successful Desjardins Phish 2019-08-27
(current_events.rules)
  2838199 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2019-08-27
(current_events.rules)
  2838200 - ETPRO CURRENT_EVENTS Successful Turkey GOV TR Phish 2019-08-27
(current_events.rules)
  2838201 - ETPRO CURRENT_EVENTS Successful Banco Bradesco Phish 2019-08-27
(current_events.rules)
  2838202 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-08-27
(current_events.rules)
  2838203 - ETPRO CURRENT_EVENTS Successful Docusign Phish 2019-08-27
(current_events.rules)
  2838204 - ETPRO TROJAN SSL/TLS Certificate Observed (GRIFFON)
(trojan.rules)
  2838205 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-27 1) (trojan.rules)
  2838206 - ETPRO CURRENT_EVENTS Successful Generic Bank Update Phish
2019-08-27 (current_events.rules)
  2838207 - ETPRO MALWARE MSIL/AlphaStealer PWS Exfil via HTTP M2
(malware.rules)
  2838208 - ETPRO TROJAN Java/Agent.IZ InfoStealer CnC Activitiy M1
(trojan.rules)
  2838209 - ETPRO TROJAN Java/Agent.IZ InfoStealer CnC Activitiy M2 (set)
(trojan.rules)
  2838210 - ETPRO TROJAN Java/Agent.IZ InfoStealer CnC Activity M2
(trojan.rules)

[///]     Modified active rules:     [///]

  2815938 - ETPRO TROJAN Win32.Banbra.bkbw Checkin (trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20190828/ece3d7c2/attachment.html>


More information about the Emerging-sigs mailing list