[Emerging-Sigs] Daily Ruleset Update Summary 2019/11/14

Jack Mott jmott at emergingthreats.net
Thu Nov 14 14:40:26 HST 2019


[***]            Summary:            [***]

13 new Open, 30 new Pro (13 + 17). PurpleFox EK, MomentumBot,
CopperStealer, Remcos, CoinMiners, Various Phishing.

Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2028970 - ET WEB_CLIENT Tech Support Scam 2019-11-14 (web_client.rules)
  2028971 - ET WEB_CLIENT Tech Support Scam 2019-11-14 (web_client.rules)
  2028972 - ET CURRENT_EVENTS Possible PurpleFox/RIG EK Flash Request M1
(current_events.rules)
  2028973 - ET CURRENT_EVENTS Possible PurpleFox/RIG EK Flash Request M2
(current_events.rules)
  2028974 - ET CURRENT_EVENTS Possible PurpleFox EK Framework Landing
(current_events.rules)
  2028975 - ET CURRENT_EVENTS Possible PurpleFox EK Framework Landing -
Various Exploits (current_events.rules)
  2028976 - ET CURRENT_EVENTS Possible PurpleFox EK Framework Payload
(current_events.rules)
  2028977 - ET CURRENT_EVENTS Possible PurpleFox EK Framework Flash HEAD
Request (current_events.rules)
  2028978 - ET CURRENT_EVENTS Possible PurpleFox EK Framework Flash GET
Request (current_events.rules)
  2028979 - ET CURRENT_EVENTS Possible PurpleFox EK Framework URI Struct
Landing Request (current_events.rules)
  2028980 - ET CURRENT_EVENTS Possible PurpleFox EK Framework URI Struct
Flash Request (current_events.rules)
  2028981 - ET CURRENT_EVENTS Possible PurpleFox EK Framework Payload
(current_events.rules)
  2028982 - ET CURRENT_EVENTS Possible PurpleFox EK Framework Payload
(current_events.rules)

Pro:

  2839421 - ETPRO TROJAN ELF/MomentumBot IRC Checkin (trojan.rules)
  2839422 - ETPRO TROJAN Win32/CopperStealer CnC Activity (trojan.rules)
  2839423 - ETPRO CURRENT_EVENTS PurpleFox EK Framework Certificate
Observed (current_events.rules)
  2839424 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-13 1) (trojan.rules)
  2839425 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-13 2) (trojan.rules)
  2839426 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-13 3) (trojan.rules)
  2839427 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-11-14
(current_events.rules)
  2839428 - ETPRO CURRENT_EVENTS Successful University of Iowa Phish
2019-11-14 (current_events.rules)
  2839429 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-11-14
(current_events.rules)
  2839430 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-11-14
(current_events.rules)
  2839431 - ETPRO CURRENT_EVENTS Successful Desjardins Phish 2019-11-14
(current_events.rules)
  2839432 - ETPRO CURRENT_EVENTS Successful Desjardins Phish 2019-11-14
(current_events.rules)
  2839433 - ETPRO CURRENT_EVENTS Successful QNB Finansbank Phish 2019-11-14
(current_events.rules)
  2839434 - ETPRO CURRENT_EVENTS Successful Skype Phish 2019-11-14
(current_events.rules)
  2839435 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC)
(trojan.rules)
  2839436 - ETPRO TROJAN Win32/Remcos RAT Checkin 247 (trojan.rules)
  2839437 - ETPRO TROJAN Win32/Remcos RAT Checkin 248 (trojan.rules)

 [///]     Modified active rules:     [///]

  2832226 - ETPRO MOBILE_MALWARE Android.Riskware.Drolock.BK CnC Beacon
(mobile_malware.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20191114/2b7db2db/attachment.html>


More information about the Emerging-sigs mailing list