[Emerging-Sigs] Daily Ruleset Update Summary 2019/12/16

Brandon Murphy bmurphy at emergingthreats.net
Mon Dec 16 14:06:43 HST 2019


[***]            Summary:            [***]

  27 new Open, 64 new Pro (27 + 37). Cyborg Keylogger, Win32/Tdata Stealer,
Various Exploits, ELF/Mirai UA and Phish

  Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

 [+++]          Added rules:          [+++]

Open:

  2029151 - ET TROJAN Observed DNS Query for APT40 Possible DADSTACHE CnC
Domain (trojan.rules)
  2029152 - ET EXPLOIT Yachtcontrol Webservers RCE CVE-2019-17270
(Outbound) (exploit.rules)
  2029153 - ET EXPLOIT Yachtcontrol Webservers RCE CVE-2019-17270 (Inbound)
(exploit.rules)
  2029154 - ET EXPLOIT Technicolor TD5130v2/TD5336 Router RCE
CVE-2019-118396/CVE-2017-14127 (Outbound) (exploit.rules)
  2029155 - ET EXPLOIT Technicolor TD5130v2/TD5336 Router RCE
CVE-2019-118396/CVE-2017-14127 (Inbound) (exploit.rules)
  2029156 - ET EXPLOIT Possible AVCON6 Video Conferencing System RCE
(Outbound) (exploit.rules)
  2029157 - ET EXPLOIT Possible AVCON6 Video Conferencing System RCE
(Inbound) (exploit.rules)
  2029158 - ET EXPLOIT Enigma Network Management Systems v65.0.0
CVE-2019-16072 (Outbound) (exploit.rules)
  2029159 - ET EXPLOIT Enigma Network Management Systems v65.0.0
CVE-2019-16072 (Inbound) (exploit.rules)
  2029160 - ET EXPLOIT Possible Sar2HTML plotting tool for Linux servers
v3.2.1 (Outbound) (exploit.rules)
  2029161 - ET EXPLOIT Possible Sar2HTML plotting tool for Linux servers
v3.2.1 (Inbound) (exploit.rules)
  2029162 - ET EXPLOIT NetGain Systems Enterprise Manager CVE-2017-16602
(Outbound) (exploit.rules)
  2029163 - ET EXPLOIT NetGain Systems Enterprise Manager CVE-2017-16602
(Inbound) (exploit.rules)
  2029164 - ET EXPLOIT Citrix NetScaler SD-WAN 9.1.2.26.561201 Devices
CVE-2017-6316 (Outbound) (exploit.rules)
  2029165 - ET EXPLOIT Citrix NetScaler SD-WAN 9.1.2.26.561201 Devices
CVE-2017-6316 (Inbound) (exploit.rules)
  2029166 - ET EXPLOIT Thomson Reuters Velocity Analytics Vhayu Analytic
Servers 6.94 build 2995 CVE-2013-5912 (Outbound) (exploit.rules)
  2029167 - ET EXPLOIT Thomson Reuters Velocity Analytics Vhayu Analytic
Servers 6.94 build 2995 CVE-2013-5912 (Inbound) (exploit.rules)
  2029168 - ET EXPLOIT ACTi ASOC 2200 Web Configurators versions <2.6 RCE
(Outbound) (exploit.rules)
  2029169 - ET EXPLOIT ACTi ASOC 2200 Web Configurators versions <2.6 RCE
(Inbound) (exploit.rules)
  2029170 - ET EXPLOIT 3Com Office Connect Remote Code Execution (Outbound)
(exploit.rules)
  2029171 - ET EXPLOIT 3Com Office Connect Remote Code Execution (Inbound)
(exploit.rules)
  2029172 - ET EXPLOIT Barracuda Spam Firewall 3.3.x RCE 2006-4000
(Outbound) (exploit.rules)
  2029173 - ET EXPLOIT Barracuda Spam Firewall 3.3.x RCE 2006-4000
(Inbound) (exploit.rules)
  2029174 - ET EXPLOIT CCBill Online Payment Systems RCE (Outbound)
(exploit.rules)
  2029175 - ET EXPLOIT CCBill Online Payment Systems RCE (Inbound)
(exploit.rules)
  2029176 - ET TROJAN Observed Buran Ransomware UA (trojan.rules)

Pro:

  2839917 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.ZUGE-6 Checkin
(mobile_malware.rules)
  2839918 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Jocker.snt
(1001frivjuegos .info in TLS SNI) (mobile_malware.rules)
  2839919 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Jocker.snt (owbe .com in
TLS SNI) (mobile_malware.rules)
  2839920 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Jocker.snt
(dailymahjonggames .com in TLS SNI) (mobile_malware.rules)
  2839921 - ETPRO TROJAN Cyborg Keylogger Checkin via FTP (trojan.rules)
  2839922 - ETPRO TROJAN Cyborg Keylogger FTP STOR Command (trojan.rules)
  2839923 - ETPRO TROJAN Win32/Tdata Stealer CnC Checkin (trojan.rules)
  2839924 - ETPRO TROJAN Win32/Tdata Stealer FTP STOR Command (trojan.rules)
  2839925 - ETPRO TROJAN Banload Variant Request (trojan.rules)
  2839926 - ETPRO TROJAN Banload Variant Credential Theft (trojan.rules)
  2839927 - ETPRO TROJAN Banload Variant Checkin (trojan.rules)
  2839928 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-13 1) (trojan.rules)
  2839929 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-13 2) (trojan.rules)
  2839930 - ETPRO CURRENT_EVENTS Successful Generic Fix Email Account Phish
2019-12-16 (current_events.rules)
  2839931 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-12-16 (current_events.rules)
  2839932 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-12-16
(current_events.rules)
  2839933 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-16 (current_events.rules)
  2839934 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-16 (current_events.rules)
  2839935 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-12-16 (current_events.rules)
  2839936 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-12-16
(current_events.rules)
  2839937 - ETPRO CURRENT_EVENTS Successful Western Union Phish 2019-12-16
(current_events.rules)
  2839938 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-16 (current_events.rules)
  2839939 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2839940 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound)
(trojan.rules)
  2839941 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2839942 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound)
(trojan.rules)
  2839943 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2839944 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound)
(trojan.rules)
  2839945 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2839946 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound)
(trojan.rules)
  2839947 - ETPRO TROJAN Cliper Stealer UA (trojan.rules)
  2839948 - ETPRO TROJAN Win32/Agima.o CnC Activity (trojan.rules)
  2839949 - ETPRO MALWARE Bandook v0.5FM TCP CnC Beacon (malware.rules)
  2839950 - ETPRO TROJAN Win32/Remcos RAT Checkin 278 (trojan.rules)
  2839951 - ETPRO TROJAN Win32/Remcos RAT Checkin 279 (trojan.rules)
  2839952 - ETPRO TROJAN Win32/Remcos RAT Checkin 280 (trojan.rules)
  2839953 - ETPRO TROJAN Win32/Remcos RAT Checkin 281 (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20191216/f1dbe72c/attachment.html>


More information about the Emerging-sigs mailing list