[Emerging-Sigs] Daily Ruleset Update Summary 2019/12/13

Jack Mott jmott at emergingthreats.net
Fri Dec 13 13:45:20 HST 2019


[***]            Summary:            [***]

  5 new Open, 28 new Pro (5 + 23). Win32/Unk.BrowserStealer,
Win32/DevilRecovery, Coinminers, Various Phish. TIIF.

  Thanks to: @malwrhunterteam

  Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2029145 - ET TROJAN Win32/Unk.BrowserStealer CnC Keep-Alive (trojan.rules)
  2029146 - ET TROJAN Win32/Unk.BrowserStealer CnC Checkin (trojan.rules)
  2029147 - ET TROJAN Win32/Unk.BrowserStealer Data Exfil M1 (trojan.rules)
  2029148 - ET TROJAN Win32/Unk.BrowserStealer Data Exfil M2 (trojan.rules)
  2029149 - ET TROJAN Win32/Unk.BrowserStealer Data Exfil M3 (trojan.rules)

Pro:

  2839894 - ETPRO TROJAN Win32/PWS.Vbinder Exfil via SMTP (trojan.rules)
  2839895 - ETPRO TROJAN Win32/DevilRecovery PWS Exfil via SMTP
(trojan.rules)
  2839896 - ETPRO TROJAN Possible Temp.Trident APT DNS Lookup Observed
(trojan.rules)
  2839897 - ETPRO TROJAN Possible Temp.Trident APT DNS Lookup Observed
(trojan.rules)
  2839898 - ETPRO TROJAN Possible Temp.Trident APT DNS Lookup Observed
(trojan.rules)
  2839899 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-12 1) (trojan.rules)
  2839900 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-12 2) (trojan.rules)
  2839901 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-12-13
(current_events.rules)
  2839902 - ETPRO CURRENT_EVENTS Successful Generic Charles Schwab Phish
2019-12-13 (current_events.rules)
  2839903 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-12-13
(current_events.rules)
  2839904 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-12-13
(current_events.rules)
  2839905 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-13
(current_events.rules)
  2839906 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-13
(current_events.rules)
  2839907 - ETPRO CURRENT_EVENTS Successful Twitter Phish 2019-12-13
(current_events.rules)
  2839908 - ETPRO CURRENT_EVENTS Successful NatWest Phish 2019-12-13
(current_events.rules)
  2839909 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-13 (current_events.rules)
  2839910 - ETPRO CURRENT_EVENTS Successful American Express Phish
2019-12-13 (current_events.rules)
  2839911 - ETPRO CURRENT_EVENTS Successful Rackspace Phish 2019-12-13
(current_events.rules)
  2839912 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-12-13
(current_events.rules)
  2839913 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-12-13
(current_events.rules)
  2839914 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-12-13
(current_events.rules)
  2839915 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-12-13
(current_events.rules)
  2839916 - ETPRO CURRENT_EVENTS Successful Credicard Phish 2019-12-13
(current_events.rules)

 [///]     Modified active rules:     [///]

  2838228 - ETPRO CURRENT_EVENTS Successful Suntrust Phish 2019-08-29
(current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20191213/6e2a7da2/attachment.html>


More information about the Emerging-sigs mailing list