[Emerging-Sigs] Daily Ruleset Update Summary 2019/11/27

Jason Williams jwilliams at emergingthreats.net
Wed Nov 27 13:00:16 HST 2019


[***]            Summary:            [***]

  18 new Open, 40 new Pro (18 + 22).  Emotet, Legion Loader, Magecart,
Various Phish.

  Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

 [+++]          Added rules:          [+++]

 Open:

  2029059 - ET TROJAN Win32/Emotet CnC Activity (POST) M5 (trojan.rules)
  2029060 - ET TROJAN Win32/Emotet CnC Activity (POST) M6 (trojan.rules)
  2029061 - ET TROJAN Legion Loader Activity Observed (Mylegion666)
(trojan.rules)
  2029062 - ET TROJAN Legion Loader Activity Observed (YourUserAgent)
(trojan.rules)
  2029063 - ET TROJAN Legion Loader Activity Observed (salmonella-symptome)
(trojan.rules)
  2029064 - ET TROJAN Legion Loader Activity Observed (suspira)
(trojan.rules)
  2029065 - ET TROJAN Legion Loader Activity Observed (lilith)
(trojan.rules)
  2029066 - ET TROJAN Legion Loader Activity Observed (legion)
(trojan.rules)
  2029067 - ET TROJAN Legion Loader Activity Observed (the devil)
(trojan.rules)
  2029068 - ET TROJAN Legion Loader Activity Observed (trojan.rules)
  2029069 - ET TROJAN Legion Loader Activity Observed (Amen) (trojan.rules)
  2029070 - ET TROJAN Legion Loader Activity Observed (satan) (trojan.rules)
  2029071 - ET TROJAN Legion Loader Activity Observed (neva-project)
(trojan.rules)
  2029072 - ET TROJAN SSL/TLS Certificate Observed (Magecart) (trojan.rules)
  2029073 - ET WEB_CLIENT Possible Magecart Credit Card Information JS
Script (web_client.rules)
  2029074 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
  2029075 - ET MALWARE Win32/Adware.Bang5mai.BB CnC Activity M1
(malware.rules)
  2029076 - ET MALWARE Win32/Adware.Bang5mai.BB CnC Activity M2
(malware.rules)

 Pro:

  2839654 - ETPRO MOBILE_MALWARE Android/Agent.BNX Checkin
(mobile_malware.rules)
  2839655 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC)
(trojan.rules)
  2839656 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-11-27) (current_events.rules)
  2839657 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-26 1) (trojan.rules)
  2839658 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-26 2) (trojan.rules)
  2839659 - ETPRO CURRENT_EVENTS Successful Minha BV Phish 2019-11-27
(current_events.rules)
  2839660 - ETPRO CURRENT_EVENTS Successful Minha BV Phish 2019-11-27
(current_events.rules)
  2839661 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2019-11-27
(current_events.rules)
  2839662 - ETPRO CURRENT_EVENTS Successful Microsoft OneCall Phish
2019-11-27 (current_events.rules)
  2839663 - ETPRO CURRENT_EVENTS Successful 1&1 Hosting Phish 2019-11-27
(current_events.rules)
  2839664 - ETPRO CURRENT_EVENTS Successful State Employees Credit Union
Phish 2019-11-27 (current_events.rules)
  2839665 - ETPRO CURRENT_EVENTS Successful Generic Session Expired Phish
2019-11-27 (current_events.rules)
  2839666 - ETPRO TROJAN Win32/Chapak Payload Request (trojan.rules)
  2839667 - ETPRO TROJAN Win32/Chapak Initial Response (trojan.rules)
  2839668 - ETPRO TROJAN Win32/Chapak Payload Downloaded (trojan.rules)
  2839669 - ETPRO TROJAN HorseHours Powershell Request (trojan.rules)
  2839670 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2839671 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound)
(trojan.rules)
  2839672 - ETPRO TROJAN JS/Agent.AP CnC Activity - Sending Knock
(trojan.rules)
  2839673 - ETPRO TROJAN Win32/Remcos RAT Checkin 264 (trojan.rules)
  2839674 - ETPRO TROJAN Win32/Remcos RAT Checkin 265 (trojan.rules)
  2839675 - ETPRO TROJAN Win32/Remcos RAT Checkin 266 (trojan.rules)

 [///]     Modified active rules:     [///]

  2014726 - ET POLICY Outdated Flash Version M1 (policy.rules)
  2024379 - ET POLICY Outdated Flash Version M2 (policy.rules
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20191127/fc816363/attachment.html>


More information about the Emerging-sigs mailing list