[Emerging-Sigs] Daily Ruleset Update Summary 2019/11/15

Jack Mott jmott at emergingthreats.net
Fri Nov 15 14:01:29 HST 2019


[***]            Summary:            [***]

6 new Open, 37 new Pro (6 + 31). Fallout EK, Win32/1xxbot, Various Mirai,
Remcos, CoinMiners, Various Phishing.

Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2028983 - ET USER_AGENTS Observed Suspicious UA (system_file/2.0)
(user_agents.rules)
  2028984 - ET TROJAN Win32/1xxbot CnC Checkin (trojan.rules)
  2028985 - ET CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-11-15) (current_events.rules)
  2028986 - ET TROJAN Observed Malicious SSL Cert (Sidewinder APT CnC)
(trojan.rules)
  2028987 - ET TROJAN Observed CobInt CnC Domain in TLS SNI (trojan.rules)
  2028988 - ET TROJAN Observed CobInt CnC Domain in TLS SNI (trojan.rules)

Pro:

  2839362 - ETPRO INFO Inbound Doc Containing WScript Shell (info.rules)
  2839363 - ETPRO INFO Inbound Doc Containing WScript Network (info.rules)
  2839365 - ETPRO INFO Inbound Doc Containing OS Shutdown Functionality
(info.rules)
  2839438 - ETPRO MOBILE_MALWARE Trojan.Ewind.Android.19 Checkin
(mobile_malware.rules)
  2839439 - ETPRO TROJAN Observed Mirai Variant UA (system_file/2.0)
(trojan.rules)
  2839440 - ETPRO TROJAN Observed DNS Query for MalDoc Payload Domain
2019-11-15 (trojan.rules)
  2839441 - ETPRO TROJAN Observed DNS Query to Known Queu Downloader Domain
(trojan.rules)
  2839442 - ETPRO TROJAN Observed DNS Query to Known Queu Downloader Sub
Domain (trojan.rules)
  2839443 - ETPRO TROJAN Observed DNS Query to Known Queu Downloader Sub
Domain (trojan.rules)
  2839444 - ETPRO TROJAN Observed DNS Query to Known Queu Downloader Sub
Domain (trojan.rules)
  2839445 - ETPRO TROJAN Observed DNS Query to Known Queu Downloader Sub
Domain (trojan.rules)
  2839446 - ETPRO TROJAN Observed DNS Query to Known Queu Downloader Domain
(trojan.rules)
  2839447 - ETPRO TROJAN SSL/TLS Certificate Observed (Fallout EK)
(trojan.rules)
  2839448 - ETPRO CURRENT_EVENTS Fallout EK JS Landing
(current_events.rules)
  2839449 - ETPRO CURRENT_EVENTS Fallout EK Adobe Flash JS
(current_events.rules)
  2839450 - ETPRO CURRENT_EVENTS Fallout EK Powershell
(current_events.rules)
  2839451 - ETPRO CURRENT_EVENTS Fallout EK Payload (current_events.rules)
  2839452 - ETPRO CURRENT_EVENTS Spelevo EK Landing 2019-11-15
(current_events.rules)
  2839453 - ETPRO MALWARE Mirai Variant Exploit Scanner User-Agent
(malware.rules)
  2839454 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-14 1) (trojan.rules)
  2839455 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-14 2) (trojan.rules)
  2839456 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-14 3) (trojan.rules)
  2839457 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-15 (current_events.rules)
  2839458 - ETPRO CURRENT_EVENTS Successful TD Bank Phish 2019-11-15
(current_events.rules)
  2839459 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-11-15
(current_events.rules)
  2839460 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-11-15
(current_events.rules)
  2839461 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-11-15
(current_events.rules)
  2839462 - ETPRO CURRENT_EVENTS Successful Nedbank Phish 2019-11-15
(current_events.rules)
  2839463 - ETPRO CURRENT_EVENTS Successful Onedrive Phish 2019-11-15
(current_events.rules)
  2839464 - ETPRO CURRENT_EVENTS Successful Update Personal Information
Phish 2019-11-15 (current_events.rules)
  2839465 - ETPRO TROJAN Win32/Remcos RAT Checkin 249 (trojan.rules)

[///]     Modified active rules:     [///]

  2028865 - ET CURRENT_EVENTS Spelevo VBS Payload Downloaded
(current_events.rules)
  2028866 - ET CURRENT_EVENTS Spelevo Download Payload Landing
(current_events.rules)
  2838994 - ETPRO CURRENT_EVENTS Spelevo VBS Cookie (current_events.rules)

 [---]         Removed rules:         [---]

  2837900 - ETPRO MOBILE_MALWARE Android Spy MoqHao CnC Beacon
(mobile_malware.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20191115/c4b9f53d/attachment.html>


More information about the Emerging-sigs mailing list