[Emerging-Sigs] Daily Ruleset Update Summary 2019/12/17

Brandon Murphy bmurphy at emergingthreats.net
Tue Dec 17 13:37:36 HST 2019


[***]            Summary:            [***]

  5 new Open, 22 new Pro (5 + 17). Win32/BlackNET, ShivaGood Ransomware,
Win32/Aspire, and Various Phish

  Thanks @malwrhunterteam

  Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

 [+++]          Added rules:          [+++]

Open:

  2029177 - ET TROJAN ShivaGood Ransomware CnC Checkin (trojan.rules)
  2029178 - ET TROJAN Win32/BlackNET CnC Checkin (trojan.rules)
  2029179 - ET TROJAN Win32/BlackNET CnC Keep-Alive (trojan.rules)
  2029180 - ET TROJAN Win32/BlackNET CnC Requesting Command (trojan.rules)
  2029181 - ET EXPLOIT TP-LINK Archer C5 v4 (CVE-2019-7405) (exploit.rules)

Pro:

  2839954 - ETPRO TROJAN Win32/Aspire Stealer CnC Checkin (trojan.rules)
  2839955 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-16 1) (trojan.rules)
  2839956 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-16 2) (trojan.rules)
  2839957 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-16 3) (trojan.rules)
  2839958 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-16 4) (trojan.rules)
  2839959 - ETPRO CURRENT_EVENTS Successful Swedbank Phish 2019-12-17
(current_events.rules)
  2839960 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-12-17 (current_events.rules)
  2839961 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-12-17 (current_events.rules)
  2839962 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-12-17 (current_events.rules)
  2839963 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-12-17
(current_events.rules)
  2839964 - ETPRO CURRENT_EVENTS Successful Mobile DE Phish 2019-12-17
(current_events.rules)
  2839965 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-17 (current_events.rules)
  2839966 - ETPRO CURRENT_EVENTS Successful Visa Phish 2019-12-17
(current_events.rules)
  2839967 - ETPRO CURRENT_EVENTS Successful Visa Phish 2019-12-17
(current_events.rules)
  2839968 - ETPRO CURRENT_EVENTS Successful Dash Cryptocurrency Bank
Information Phish 2019-12-17 (current_events.rules)
  2839969 - ETPRO CURRENT_EVENTS Successful Microsoft Office 365 Phish
2019-12-17 (current_events.rules)
  2839970 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)


 [///]     Modified active rules:     [///]

  2028967 - ET TROJAN Possible Gamaredon HEAD Request for .dot file on
ddns.net (trojan.rules)
  2839889 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-12
(current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20191217/984707b9/attachment.html>


More information about the Emerging-sigs mailing list