[Emerging-Sigs] Daily Ruleset Update Summary 2019/08/30

James Emery-Callcott jcallcott at emergingthreats.net
Fri Aug 30 15:07:00 HDT 2019


[***]            Summary:            [***]

  5 new Open, 13 new Pro (5 + 8).  Domen SocEng, Rig EK, TickGroup.

  Thanks @jeromesegura.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2027934 - ET CURRENT_EVENTS RIG EK - Unexpected Victim Location Server
Response (current_events.rules)
  2027935 - ET CURRENT_EVENTS Domen SocEng Redirect - Landing Page Observed
(current_events.rules)
  2027936 - ET TROJAN Domen SocEng CnC Observed in DNS Query (trojan.rules)
  2027937 - ET TROJAN Domen SocEng CnC Observed in DNS Query (trojan.rules)
  2027938 - ET TROJAN Domen SocEng CnC Observed in DNS Query (trojan.rules)

Pro:

  2838241 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (EvilVBS DL
2019-08-30) (current_events.rules)
  2838242 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2838243 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-08-29 1) (trojan.rules)
  2838244 - ETPRO TROJAN TickGroup Datper CnC Checkin M4 (trojan.rules)
  2838245 - ETPRO TROJAN TickGroup Datper CnC Checkin M5 (trojan.rules)
  2838246 - ETPRO TROJAN TickGroup Datper CnC Checkin M6 (trojan.rules)
  2838247 - ETPRO TROJAN Win32/QULAB Telegram Checkin (trojan.rules)
  2838248 - ETPRO TROJAN Win32/QULAB Telegram Exfiltration (trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20190831/f893644d/attachment.html>


More information about the Emerging-sigs mailing list