[Emerging-Sigs] Daily Ruleset Update Summary 2019/11/12

Jack Mott jmott at emergingthreats.net
Tue Nov 12 14:58:39 HST 2019


[***]            Summary:            [***]

4 new Open, 36 new Pro (4 + 32). DADJOKE/Rail Tycoon, Ursnif,
VNCStartServer, Wacatac, Various Phishing.

Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
  Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2009545 - ET USER_AGENTS User-Agent (_TEST_) (user_agents.rules)
  2028963 - ET TROJAN DADJOKE/Rail Tycoon Initial Macro Execution
(trojan.rules)
  2028964 - ET TROJAN DADJOKE/Rail Tycoon Payload Extraction (trojan.rules)
  2028965 - ET TROJAN DADJOKE/Rail Tycoon Payload Execution (trojan.rules)

Pro:

  2839364 - ETPRO POLICY Inbound Doc Dropping Suspect Filetype
(exe/dll/vbs/bat) to Persistence Registry Location (policy.rules)
  2839369 - ETPRO TROJAN Win32/Snojan Variant Uploading EXE (trojan.rules)
  2839370 - ETPRO TROJAN ELF/Mirai Variant CnC Activity (trojan.rules)
  2839372 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2839373 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2839374 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-11 1) (trojan.rules)
  2839375 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-11 2) (trojan.rules)
  2839376 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-11 3) (trojan.rules)
  2839377 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-11 4) (trojan.rules)
  2839378 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-11 5) (trojan.rules)
  2839379 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-12 (current_events.rules)
  2839380 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-12 (current_events.rules)
  2839381 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-12 (current_events.rules)
  2839382 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-12 (current_events.rules)
  2839383 - ETPRO CURRENT_EVENTS Successful Xfinity/Comcast Phish
2019-11-12 (current_events.rules)
  2839384 - ETPRO CURRENT_EVENTS Successful Prima Banka Phish 2019-11-12
(current_events.rules)
  2839385 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-11-12 (current_events.rules)
  2839386 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-11-12
(current_events.rules)
  2839387 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-11-12
(current_events.rules)
  2839388 - ETPRO CURRENT_EVENTS Successful Stripe Phish 2019-11-12
(current_events.rules)
  2839389 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-12 (current_events.rules)
  2839390 - ETPRO CURRENT_EVENTS Successful Commbank Phish 2019-11-12
(current_events.rules)
  2839391 - ETPRO CURRENT_EVENTS Successful Instagram TK Phish 2019-11-12
(current_events.rules)
  2839392 - ETPRO TROJAN VNCStartServer USR Variant CnC Beacon
(trojan.rules)
  2839393 - ETPRO TROJAN VNCStartServer BOT Variant CnC Beacon
(trojan.rules)
  2839395 - ETPRO TROJAN Win32/Wacatac.B Variant Update Request
(trojan.rules)
  2839396 - ETPRO TROJAN Win32/Wacatac.B Variant Download Request
(trojan.rules)
  2839397 - ETPRO TROJAN Win32/Wacatac.B Variant Response (trojan.rules)
  2839398 - ETPRO TROJAN Win32/Wacatac.B Variant Successful Payload
Download (trojan.rules)
  2839399 - ETPRO TROJAN MSIL/Gen.Downloader - CnC Checkin via MySQL
(trojan.rules)
  2839400 - ETPRO TROJAN MSIL/Gen.Downloader Receiving Hex Encoded Payload
List M1 (trojan.rules)
  2839401 - ETPRO TROJAN MSIL/Gen.Downloader Receiving Hex Encoded Payload
List M2 (trojan.rules)

[///]     Modified active rules:     [///]

  2027325 - ET TROJAN CobaltStrike SMB P2P Default Msagent Named Pipe
Interaction (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20191112/99097d99/attachment.html>


More information about the Emerging-sigs mailing list