[Emerging-Sigs] Daily Ruleset Update Summary 2019/12/02

James Emery-Callcott jcallcott at emergingthreats.net
Mon Dec 2 13:06:35 HST 2019


[***]            Summary:            [***]

  14 new Open, 28 new Pro (14 + 14).  PyXie, TickGroup, Remcos, Various
Android.

  Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2029077 - ET TROJAN Buer Loader Update Request (trojan.rules)
  2029078 - ET TROJAN Buer Loader Download Request (trojan.rules)
  2029079 - ET TROJAN Buer Loader Successful Payload Download (trojan.rules)
  2029080 - ET TROJAN SSL/TLS Certificate Observed (Buer Loader)
(trojan.rules)
  2029081 - ET TROJAN Tick Group Payload - Reporting Error to CnC
(trojan.rules)
  2029082 - ET TROJAN Tick Group Payload - Submitting Encrypted Data to CnC
(trojan.rules)
  2029083 - ET TROJAN Malicious SSL Certificate detected (PyXie)
(trojan.rules)
  2029084 - ET TROJAN Malicious SSL Certificate detected (PyXie)
(trojan.rules)
  2029085 - ET TROJAN Malicious SSL Certificate detected (PyXie)
(trojan.rules)
  2029086 - ET TROJAN Malicious SSL Certificate detected (PyXie)
(trojan.rules)
  2029087 - ET TROJAN Malicious SSL Certificate detected (PyXie)
(trojan.rules)
  2029088 - ET TROJAN Malicious SSL Certificate detected (PyXie)
(trojan.rules)
  2029089 - ET TROJAN Malicious SSL Certificate detected (PyXie)
(trojan.rules)
  2029090 - ET TROJAN Malicious SSL Certificate detected (PyXie)
(trojan.rules)

Pro:

  2839684 - ETPRO TROJAN Buer Loader Response (trojan.rules)
  2839685 - ETPRO MOBILE_MALWARE Android/Spy.Agent.APG CnC Beacon
(mobile_malware.rules)
  2839686 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.Bulgok.a CnC Beacon
(mobile_malware.rules)
  2839687 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Erop.a CnC Beacon
(mobile_malware.rules)
  2839688 - ETPRO MOBILE_MALWARE Android.Trojan.FakeTelegram-6736160-2 CnC
Beacon (mobile_malware.rules)
  2839691 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2839692 - ETPRO TROJAN JS/Agent.AP CnC Activity - Sending Client Info
(trojan.rules)
  2839693 - ETPRO TROJAN JS/Agent.AP CnC Activity - Sending Task Result
(trojan.rules)
  2839694 - ETPRO TROJAN Observed AZORult Domain in TLS SNI (trojan.rules)
  2839695 - ETPRO TROJAN Win32/Remcos RAT Checkin 267 (trojan.rules)
  2839696 - ETPRO TROJAN Win32/Remcos RAT Checkin 268 (trojan.rules)
  2839697 - ETPRO TROJAN Win32/Remcos RAT Checkin 269 (trojan.rules)
  2839698 - ETPRO TROJAN Win32/Remcos RAT Checkin 270 (trojan.rules)
  2839699 - ETPRO TROJAN Win32/Remcos RAT Checkin 271 (trojan.rules)

[///]     Modified active rules:     [///]

  2019310 - ET WEB_SERVER lwp-download Command Specifying Output in HTTP
Headers (web_server.rules)
  2838282 - ETPRO TROJAN Gh0stCringe CnC Activity M1 (trojan.rules)
  2838283 - ETPRO TROJAN Gh0stCringe CnC Activity M2 (trojan.rules)
  2838284 - ETPRO TROJAN Gh0stCringe CnC Activity M3 (trojan.rules)
  2838285 - ETPRO TROJAN Gh0stCringe CnC Activity M4 (trojan.rules)
  2838553 - ETPRO TROJAN Gh0stCringe CnC Activity M5 (trojan.rules)
  2839392 - ETPRO TROJAN VNCStartServer USR Variant CnC Beacon
(trojan.rules)
  2839593 - ETPRO TROJAN Gh0stCringe CnC Activity M6 (trojan.rules)
  2839672 - ETPRO TROJAN JS/Agent.AP CnC Activity - Sending Knock
(trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20191202/de81560b/attachment.html>


More information about the Emerging-sigs mailing list