[Emerging-Sigs] Daily Ruleset Update Summary 2019/08/28

James Emery-Callcott jcallcott at emergingthreats.net
Wed Aug 28 14:22:12 HDT 2019


[***]            Summary:            [***]

  10 new Open, 19 new Pro (10 + 9).  LYCEUM MSIL/DanBot, Spelevo EK, Remcos.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2027921 - ET TROJAN LYCEUM MSIL/DanBot CnC Checkin (trojan.rules)
  2027922 - ET TROJAN LYCEUM CnC Domain Observed in DNS Query (trojan.rules)
  2027923 - ET TROJAN LYCEUM CnC Domain Observed in DNS Query (trojan.rules)
  2027924 - ET TROJAN LYCEUM CnC Domain Observed in DNS Query (trojan.rules)
  2027925 - ET TROJAN LYCEUM CnC Domain Observed in DNS Query (trojan.rules)
  2027926 - ET TROJAN LYCEUM CnC Domain Observed in DNS Query (trojan.rules)
  2027927 - ET TROJAN LYCEUM CnC Domain Observed in DNS Query (trojan.rules)
  2027928 - ET TROJAN LYCEUM CnC Domain Observed in DNS Query (trojan.rules)
  2027929 - ET TROJAN LYCEUM CnC Domain Observed in DNS Query (trojan.rules)
  2027930 - ET TROJAN LYCEUM CnC Domain Observed in DNS Query (trojan.rules)

Pro:

  2838211 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Agent.em / BankBot
CnC Beacon 2 (mobile_malware.rules)
  2838212 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2838213 - ETPRO TROJAN Observed Malicious SSL Cert (PsiXBot CnC)
(trojan.rules)
  2838214 - ETPRO CURRENT_EVENTS Spelevo EK Landing 2019-08-28
(current_events.rules)
  2838215 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-28 1) (trojan.rules)
  2838216 - ETPRO TROJAN Win32/Remcos RAT Checkin 141 (trojan.rules)
  2838217 - ETPRO TROJAN Win32/Remcos RAT Checkin 138 (trojan.rules)
  2838218 - ETPRO TROJAN Win32/Remcos RAT Checkin 139 (trojan.rules)
  2838219 - ETPRO TROJAN Win32/Remcos RAT Checkin 140 (trojan.rules)


---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20190829/0e75dab1/attachment.html>


More information about the Emerging-sigs mailing list