[Emerging-Sigs] Daily Ruleset Update Summary 2019/11/19

James Emery-Callcott jcallcott at emergingthreats.net
Tue Nov 19 14:23:45 HST 2019


[***]            Summary:            [***]

  3 new Open, 38 new Pro (3 + 35).  Ursnif, DonotGroup, Mirai, Various
Phish.

  Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
  Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2029002 - ET TROJAN Win32/Agent Tesla SMTP Clipboard Exfil (trojan.rules)
  2029003 - ET TROJAN SSL/TLS Certificate Observed (Wacatac.B)
(trojan.rules)
  2029004 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)

Pro:

  2839488 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-11-19) (current_events.rules)
  2839489 - ETPRO TROJAN ELF/Gafygt Variant CnC Server Response
(trojan.rules)
  2839490 - ETPRO TROJAN ELF/Gafygt Variant CnC Checkin M1 (trojan.rules)
  2839491 - ETPRO TROJAN ELF/Gafygt Variant CnC Checkin M2 (trojan.rules)
  2839492 - ETPRO TROJAN ELF/Gafygt Variant CnC Checkin M3 (trojan.rules)
  2839493 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2839494 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2839495 - ETPRO TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
  2839496 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-18 1) (trojan.rules)
  2839497 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-18 2) (trojan.rules)
  2839498 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-18 3) (trojan.rules)
  2839499 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-18 4) (trojan.rules)
  2839500 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-18 5) (trojan.rules)
  2839501 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-18 6) (trojan.rules)
  2839502 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-18 7) (trojan.rules)
  2839503 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-18 8) (trojan.rules)
  2839504 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-18 9) (trojan.rules)
  2839505 - ETPRO CURRENT_EVENTS Successful Microsoft Onedrive Phish
2019-11-19 (current_events.rules)
  2839506 - ETPRO CURRENT_EVENTS Successful American Express Phish
2019-11-19 (current_events.rules)
  2839507 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2019-11-19
(current_events.rules)
  2839508 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-11-19
(current_events.rules)
  2839509 - ETPRO CURRENT_EVENTS Successful Microsoft Excel Phish
2019-11-19 (current_events.rules)
  2839510 - ETPRO CURRENT_EVENTS Successful Generic Account Update Phish
2019-11-19 (current_events.rules)
  2839511 - ETPRO CURRENT_EVENTS Successful Outlook Web Access Phish
2019-11-19 (current_events.rules)
  2839512 - ETPRO CURRENT_EVENTS Successful Charles Schwab Phish 2019-11-19
(current_events.rules)
  2839513 - ETPRO TROJAN Win32/Erjan Loader CnC Activity (trojan.rules)
  2839514 - ETPRO TROJAN W32/Kanatara CnC Activity (trojan.rules)
  2839515 - ETPRO TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
  2839516 - ETPRO TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
  2839517 - ETPRO TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
  2839518 - ETPRO TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
  2839519 - ETPRO TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
  2839520 - ETPRO TROJAN DonotGroup YTY 2.0 URI Observed (trojan.rules)
  2839521 - ETPRO TROJAN DonotGroup YTY 2.0 CnC Checkin (trojan.rules)
  2839522 - ETPRO TROJAN Win32/Remcos RAT Checkin 253 (trojan.rules)

[///]     Modified active rules:     [///]

  2839453 - ETPRO TROJAN Mirai Variant Exploit Scanner User-Agent
(Outbound) (trojan.rules)
  2839471 - ETPRO TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
  2839473 - ETPRO TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20191120/2ef1f7d4/attachment.html>


More information about the Emerging-sigs mailing list