[Emerging-Sigs] Daily Ruleset Update Summary 2019/11/11

Jack Mott jmott at emergingthreats.net
Mon Nov 11 14:18:20 HST 2019


[***]            Summary:            [***]

6 new Open, 23 new Pro (6 + 17). Various User-Agents, Win32/IcedID, Remcos,
Various Phishing.

  Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
  Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2028957 - ET TROJAN Platinum APT - Titanium Payload CnC Checkin (x86)
(trojan.rules)
  2028958 - ET TROJAN Platinum APT - Titanium Payload CnC Checkin (x64)
(trojan.rules)
  2028959 - ET TROJAN Platinum APT Activity (trojan.rules)
  2028960 - ET TROJAN Platinum APT - Titanium Hardcoded String Observed
(trojan.rules)
  2028961 - ET TROJAN Gamaredon CnC Domain Observed in DNS Query
(trojan.rules)
  2028962 - ET TROJAN Gamaredon CnC Domain Observed in DNS Query
(trojan.rules)

Pro:

  2839344 - ETPRO POLICY CCleaner Update Agent User-Agent Observed
(policy.rules)
  2839349 - ETPRO POLICY External Geo IP Lookup - www. ip123 .pw
(policy.rules)
  2839350 - ETPRO CURRENT_EVENTS Successful Spectrum Phish 2019-11-11
(current_events.rules)
  2839351 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-11-11
(current_events.rules)
  2839352 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-11-11
(current_events.rules)
  2839353 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish 2019-11-11
(current_events.rules)
  2839354 - ETPRO CURRENT_EVENTS Successful Snapchat Phish 2019-11-11
(current_events.rules)
  2839355 - ETPRO CURRENT_EVENTS Successful Maersk Phish 2019-11-11
(current_events.rules)
  2839356 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-11-11
(current_events.rules)
  2839357 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-11 (current_events.rules)
  2839358 - ETPRO CURRENT_EVENTS Successful Facebook Messenger Phish
2019-11-11 (current_events.rules)
  2839359 - ETPRO CURRENT_EVENTS Successful Apple iCloud Phish 2019-11-11
(current_events.rules)
  2839360 - ETPRO CURRENT_EVENTS Successful WhatsApp Phish 2019-11-11
(current_events.rules)
  2839361 - ETPRO TROJAN Buran Ransomware Activity M3 (trojan.rules)
  2839366 - ETPRO MALWARE Win32/MailRu.E Checkin (malware.rules)
  2839367 - ETPRO TROJAN Win32/Remcos RAT Checkin 244 (trojan.rules)
  2839368 - ETPRO TROJAN Upatre CnC Domain in DNS Lookup (2019-11-11)
(trojan.rules)

 [///]     Modified active rules:     [///]

  2018302 - ET INFO Possible Phish - Mirrored Website Comment Observed
(info.rules)
  2018334 - ET INFO Possible Phish - Saved Website Comment Observed
(info.rules)
  2021128 - ET TROJAN Blue Bot DDoS Proxy Request (trojan.rules)
  2022729 - ET INFO PhishMe.com Phishing Exercise - Client Plugins
(info.rules)
  2023139 - ET INFO Form Data Submitted to yolasite.com - Possible Phishing
(info.rules)
  2027353 - ET TROJAN MSIL/Almashreq CnC Checkin (trojan.rules)
  2814850 - ETPRO INFO Data Submitted to Weebly.com - Possible Phishing
(info.rules)
  2820816 - ETPRO INFO Data Submitted to my-free.website - Possible
Phishing (info.rules)
  2820905 - ETPRO INFO Data Submitted to MyFreeSites.com - Possible
Phishing (info.rules)
  2821967 - ETPRO INFO Data Submitted to Webeden.co.uk - Possible Phishing
(info.rules)
  2821968 - ETPRO INFO Data Submitted to Weebly.com - Possible Phishing
(info.rules)
  2822038 - ETPRO INFO Suspicious Minimal HTTP Refresh to Googledrive.com -
Possible Phishing (info.rules)
  2838362 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-09-09
(current_events.rules)
  2839092 - ETPRO CURRENT_EVENTS Successful Generic Verify Email Phish
2019-10-23 (current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20191111/3e637c2f/attachment.html>


More information about the Emerging-sigs mailing list