[Emerging-Sigs] Daily Ruleset Update Summary 2019/10/01

Jason Williams jwilliams at emergingthreats.net
Tue Oct 1 14:32:46 HDT 2019


[***]            Summary:            [***]

  5 new Open, 41 new Pro (5 + 36).  DNSChanger, Presenoker, Various
Android, Coinminers, Various Phish.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

 [+++]          Added rules:          [+++]

 Open:

  2028637 - ET TROJAN DNSChanger CnC Domain in DNS Lookup (trojan.rules)
  2028638 - ET TROJAN DNSChanger CnC Domain in DNS Lookup (trojan.rules)
  2028639 - ET TROJAN DNSChanger CnC Domain in DNS Lookup (trojan.rules)
  2028640 - ET TROJAN DNSChanger CnC Domain in DNS Lookup (trojan.rules)
  2028641 - ET TROJAN DNSChanger CnC Domain in DNS Lookup (trojan.rules)

 Pro:

  2838540 - ETPRO TROJAN Win32/Presenoker UA Observed (trojan.rules)
  2838651 - ETPRO TROJAN Win32/Presenoker UA Observed (trojan.rules)
  2838652 - ETPRO TROJAN Win32/Presenoker UA Observed (trojan.rules)
  2838667 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.FakeDep.a Checkin
(mobile_malware.rules)
  2838668 - ETPRO MOBILE_MALWARE Android/Clicker.KN CnC Beacon 4
(mobile_malware.rules)
  2838669 - ETPRO MOBILE_MALWARE Android/Clicker.KN CnC Beacon 5
(mobile_malware.rules)
  2838670 - ETPRO MOBILE_MALWARE Android/Clicker.KN CnC Beacon 6
(mobile_malware.rules)
  2838671 - ETPRO MOBILE_MALWARE AndroidOS/Skymobi.B CnC Beacon
(mobile_malware.rules)
  2838672 - ETPRO MOBILE_MALWARE Android/Clicker.KN CnC Beacon 7
(mobile_malware.rules)
  2838673 - ETPRO MOBILE_MALWARE Android/FakePlayer.AT CnC Beacon
(mobile_malware.rules)
  2838674 - ETPRO MOBILE_MALWARE Android/FakePlayer.AT CnC Beacon 2
(mobile_malware.rules)
  2838675 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Dowgin.a Checkin 2
(mobile_malware.rules)
  2838676 - ETPRO MOBILE_MALWARE Android Monitor KgTracker Reporting
Location (mobile_malware.rules)
  2838677 - ETPRO MOBILE_MALWARE Android-Trojan/Gobo.4926 Checkin
(mobile_malware.rules)
  2838678 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC)
(trojan.rules)
  2838679 - ETPRO CURRENT_EVENTS Successful Airbnb Phish 2019-10-01
(current_events.rules)
  2838680 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-10-01 (current_events.rules)
  2838681 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-09-30 1) (trojan.rules)
  2838682 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-09-30 2) (trojan.rules)
  2838683 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-09-30 3) (trojan.rules)
  2838684 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-09-30 4) (trojan.rules)
  2838685 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-09-30 5) (trojan.rules)
  2838686 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-09-30 6) (trojan.rules)
  2838687 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-09-30 7) (trojan.rules)
  2838688 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-09-30 8) (trojan.rules)
  2838689 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-09-30 9) (trojan.rules)
  2838690 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-09-30 10) (trojan.rules)
  2838691 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-09-30 11) (trojan.rules)
  2838692 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-09-30 12) (trojan.rules)
  2838693 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-09-30 13) (trojan.rules)
  2838694 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-09-30 14) (trojan.rules)
  2838695 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-09-30 15) (trojan.rules)
  2838696 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-09-30 16) (trojan.rules)
  2838697 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-09-30 17) (trojan.rules)
  2838698 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-10-01
(current_events.rules)
  2838699 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-10-01
(current_events.rules)

 [///]     Modified active rules:     [///]

  2028636 - ET EXPLOIT Possible EXIM DoS (CVE-2019-16928) (exploit.rules)
  2836370 - ETPRO TROJAN MSIL/Spy.Agent.BXY Variant CnC Checkin
(trojan.rules)

 [---]         Removed rules:         [---]

  2838121 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Agent.af CnC
Beacon (mobile_malware.rules)
  2838540 - ETPRO USER_AGENTS Win32/Presenoker UA Observed
(user_agents.rules)
  2838651 - ETPRO USER_AGENTS Win32/Presenoker UA Observed
(user_agents.rules)
  2838652 - ETPRO USER_AGENTS Win32/Presenoker UA Observed
(user_agents.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20191001/5c9c9a95/attachment-0001.html>


More information about the Emerging-sigs mailing list