[Emerging-Sigs] Daily Ruleset Update Summary 2019/12/10

Jack Mott jmott at emergingthreats.net
Tue Dec 10 13:57:00 HST 2019


[***]            Summary:            [***]

  3 new Open, 33 new Pro (3 + 30). Snatch Ransomware, JsOutProx, Various
ELF/Mirai, Various SSL Certs, Coinminers, Various Phish.

  Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2029103 - ET TROJAN Win32/Snatch Ransomware - Encryption Started
(trojan.rules)
  2029104 - ET TROJAN Win32/Snatch Ransomware - Encryption Finished
(trojan.rules)
  2029105 - ET CURRENT_EVENTS Successful Generic Email Account Phish
2019-12-10 (current_events.rules)

Pro:

  2839820 - ETPRO POLICY External Geo IP Lookup - addr .cx (policy.rules)
  2839821 - ETPRO TROJAN Observed Malicious SSL Cert (FastLoader CnC)
(trojan.rules)
  2839822 - ETPRO CURRENT_EVENTS Successful Swedbank Phish 2019-12-10
(current_events.rules)
  2839823 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-09 1) (trojan.rules)
  2839824 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-09 2) (trojan.rules)
  2839825 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-09 3) (trojan.rules)
  2839826 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-09 4) (trojan.rules)
  2839827 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-09 5) (trojan.rules)
  2839828 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-09 6) (trojan.rules)
  2839829 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-09 7) (trojan.rules)
  2839830 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-09 8) (trojan.rules)
  2839831 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-12-10 (current_events.rules)
  2839832 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-12-10
(current_events.rules)
  2839833 - ETPRO CURRENT_EVENTS Successful NAB Phish 2019-12-10
(current_events.rules)
  2839834 - ETPRO CURRENT_EVENTS Successful NAB Phish 2019-12-10
(current_events.rules)
  2839835 - ETPRO CURRENT_EVENTS Successful NAB Phish 2019-12-10
(current_events.rules)
  2839836 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2839837 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound)
(trojan.rules)
  2839838 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2839839 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound)
(trojan.rules)
  2839840 - ETPRO TROJAN Generic Downloader Activity with Suspicious
User-Agent (64) (trojan.rules)
  2839841 - ETPRO TROJAN Generic Downloader Activity with Suspicious
User-Agent (32) (trojan.rules)
  2839842 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi CnC)
(trojan.rules)
  2839843 - ETPRO TROJAN Observed Malicious SSL Cert (Snowbot CnC)
(trojan.rules)
  2839844 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC)
(trojan.rules)
  2839845 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2839846 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2839847 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2839848 - ETPRO TROJAN JsOutProx CnC Activity - Outbound (trojan.rules)
  2839849 - ETPRO MALWARE JsOutProx CnC Activity - Inbound (malware.rules)

[///]     Modified active rules:     [///]

  2804089 - ETPRO TROJAN User-Agent with Compatible Typo (trojan.rules)

 [---]         Disabled rules:        [---]

  2028883 - ET TROJAN APT 41 LOWKEY Backdoor - Ping Command Inbound
(trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20191210/8678f6a6/attachment.html>


More information about the Emerging-sigs mailing list