[Emerging-Sigs] Daily Ruleset Update Summary 2019/12/04

James Emery-Callcott jcallcott at emergingthreats.net
Wed Dec 4 13:48:13 HST 2019


[***]            Summary:            [***]

  17 new Open, 48 new Pro (17 + 31).  TickGroup, Parallax, Various Android,
Various Phish.

  Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2029015 - ET SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
  2029016 - ET SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
  2029017 - ET SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
  2029018 - ET SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
  2029019 - ET SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
  2029020 - ET SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
  2029021 - ET SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
  2029022 - ET SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
  2029023 - ET SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
  2029024 - ET SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
  2029025 - ET SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
  2029026 - ET SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
  2029092 - ET TROJAN TickGroup BROLER.F CnC Check-in (trojan.rules)
  2029093 - ET TROJAN TickGroup ABK Backdoor CnC Check-in (trojan.rules)
  2029094 - ET TROJAN Possible TickGroup Snack CnC Activity (trojan.rules)
  2029095 - ET TROJAN Possible TickGroup Coolbee/Avenger CnC Activity
(trojan.rules)
  2029096 - ET TROJAN Possible TickGroup Casper CnC Activity (trojan.rules)

Pro:

  2839515 - ETPRO SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
  2839516 - ETPRO SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
  2839517 - ETPRO SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
  2839518 - ETPRO SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
  2839519 - ETPRO SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
  2839725 - ETPRO MOBILE_MALWARE Android/Hiddad.AHN Checkin
(mobile_malware.rules)
  2839726 - ETPRO MOBILE_MALWARE Riskware.Android.Irajah Reporting Device
Info/App list (mobile_malware.rules)
  2839727 - ETPRO MOBILE_MALWARE Android/Spy.Agent.ASR Contact/Device Info
Exfil (mobile_malware.rules)
  2839728 - ETPRO MOBILE_MALWARE Android/Datacollector.A CnC Beacon
(mobile_malware.rules)
  2839729 - ETPRO MOBILE_MALWARE Riskware.Android.Gexin.fivxlh Reporting
Device Info (mobile_malware.rules)
  2839730 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.LZUS-5 CnC Beacon
(mobile_malware.rules)
  2839731 - ETPRO TROJAN HawkeyeReborn Keylogger SMTP Exfil (trojan.rules)
  2839732 - ETPRO TROJAN Unk.MalDoc Payload CnC Checkin (trojan.rules)
  2839733 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2839734 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-03 1) (trojan.rules)
  2839735 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-03 2) (trojan.rules)
  2839736 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-04 (current_events.rules)
  2839737 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-04
(current_events.rules)
  2839738 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-04
(current_events.rules)
  2839739 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-12-04
(current_events.rules)
  2839740 - ETPRO CURRENT_EVENTS Successful Adobe Secured PDF Phish
2019-12-04 (current_events.rules)
  2839741 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-12-04
(current_events.rules)
  2839742 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-12-04
(current_events.rules)
  2839743 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-12-04 (current_events.rules)
  2839744 - ETPRO CURRENT_EVENTS Successful La Banque Postale Phish
2019-12-04 (current_events.rules)
  2839745 - ETPRO TROJAN Parallax CnC Activity M2 (set) (trojan.rules)
  2839746 - ETPRO TROJAN Parallax CnC Response Activity M2 (trojan.rules)
  2839747 - ETPRO TROJAN Parallax CnC Activity M3 (set) (trojan.rules)
  2839748 - ETPRO TROJAN Parallax CnC Response Activity M3 (trojan.rules)
  2839749 - ETPRO TROJAN Win32/Unk Stealer - FTP Exfil (trojan.rules)
  2839750 - ETPRO TROJAN Win32/Remcos RAT Checkin 272 (trojan.rules)

[///]     Modified active rules:     [///]

  2803810 - ETPRO TROJAN Win32/Unruy.R Checkin (trojan.rules)
  2829849 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Egat.d Checkin
(mobile_malware.rules)
  2839262 - ETPRO CURRENT_EVENTS Possible GreenFlash Sundown EK Flash
Artifact (current_events.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20191204/015c3bea/attachment.html>


More information about the Emerging-sigs mailing list