[Emerging-Sigs] Daily Ruleset Update Summary 2019/11/28

James Emery-Callcott jcallcott at emergingthreats.net
Thu Nov 28 13:33:48 HST 2019


[***]            Summary:            [***]

  8 new Pro (0 + 8).  Gh0stCringe, Remcos, Various Android, Various Phish.

  Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Pro:

 [+++]          Added rules:          [+++]

  2839676 - ETPRO TROJAN Observed Malicious SSL Cert (Delf.BJP CnC)
(trojan.rules)
  2839677 - ETPRO TROJAN Observed Malicious SSL Cert (Delf.BJP CnC)
(trojan.rules)
  2839678 - ETPRO TROJAN Observed Malicious SSL Cert (Delf.BJP CnC)
(trojan.rules)
  2839679 - ETPRO TROJAN Observed Malicious SSL Cert (Delf.BJP CnC)
(trojan.rules)
  2839680 - ETPRO TROJAN Observed Malicious SSL Cert (Delf.BJP CnC)
(trojan.rules)
  2839681 - ETPRO TROJAN Observed Malicious SSL Cert (SmokeLoader CnC)
(trojan.rules)
  2839682 - ETPRO TROJAN Observed Malicious SSL Cert (Unk CnC - Targeted
Phishing) (trojan.rules)
  2839683 - ETPRO POLICY Inbound PowerShell Querying Processor Arch
(policy.rules)

[///]     Modified active rules:     [///]

  2029003 - ET TROJAN SSL/TLS Certificate Observed (Buer Loader)
(trojan.rules)
  2839395 - ETPRO TROJAN Buer Loader Update Request (trojan.rules)
  2839396 - ETPRO TROJAN Buer Loader Download Request (trojan.rules)
  2839397 - ETPRO TROJAN Buer Loader Response (trojan.rules)
  2839398 - ETPRO TROJAN Buer Loader Successful Payload Download
(trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20191128/50610962/attachment.html>


More information about the Emerging-sigs mailing list