[Emerging-Sigs] Daily Ruleset Update Summary 2019/11/13

Jack Mott jmott at emergingthreats.net
Wed Nov 13 13:57:44 HST 2019


[***]            Summary:            [***]

4 new Open, 24 new Pro (4 + 20). AnteFrigus, Gamaredon, Remcos, CoinMiners,
Various Phishing.

Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2028966 - ET TROJAN Win32/AnteFrigus Ransomware Activity (trojan.rules)
  2028967 - ET TROJAN Possible Gamaredon HEAD Request for .dot file on
ddns.net (trojan.rules)
  2028968 - ET TROJAN Observed Malicious SSL Cert (Possible APT33 CnC)
(trojan.rules)
  2028969 - ET TROJAN Gamaredon CnC Domain Observed in DNS Query
(trojan.rules)

Pro:

  2839402 - ETPRO TROJAN Observed DNS Query to Get2 Domain (trojan.rules)
  2839403 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-13 (current_events.rules)
  2839404 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-12 1) (trojan.rules)
  2839405 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-12 2) (trojan.rules)
  2839406 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-11-13 (current_events.rules)
  2839407 - ETPRO CURRENT_EVENTS Successful VDK Bank Phish 2019-11-13
(current_events.rules)
  2839408 - ETPRO CURRENT_EVENTS Successful Generic Administrator Login
Phish 2019-11-13 (current_events.rules)
  2839409 - ETPRO CURRENT_EVENTS Successful Trademe NZ Phish 2019-11-13
(current_events.rules)
  2839410 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-11-13 (current_events.rules)
  2839411 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-11-13
(current_events.rules)
  2839412 - ETPRO CURRENT_EVENTS Successful Apple ID Phish 2019-11-13
(current_events.rules)
  2839413 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2019-11-13
(current_events.rules)
  2839414 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-11-13
(current_events.rules)
  2839415 - ETPRO CURRENT_EVENTS Successful Hawaii National Bank Phish
2019-11-13 (current_events.rules)
  2839416 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-11-13
(current_events.rules)
  2839417 - ETPRO CURRENT_EVENTS Successful Spark Phish 2019-11-13
(current_events.rules)
  2839418 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-11-13
(current_events.rules)
  2839419 - ETPRO TROJAN Win32/Remcos RAT Checkin 245 (trojan.rules)
  2839420 - ETPRO TROJAN Win32/Remcos RAT Checkin 246 (trojan.rules)

 [///]     Modified active rules:     [///]

  2003555 - ET TROJAN Bandook v1.35 Initial Connection and Report
(trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20191113/e10f7a68/attachment.html>


More information about the Emerging-sigs mailing list