[Emerging-Sigs] Daily Ruleset Update Summary 2019/10/10

Brandon Murphy bmurphy at emergingthreats.net
Thu Oct 10 14:57:39 HDT 2019


[***]            Summary:            [***]

  4 new Open, 30 new Pro (4 + 26). Ursnif, More_eggs,
Android/FakePlayer.AU, Win32/MrFireman Keylogger, Various Phishing.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2028662 - ET TROJAN CASHY200 CnC Domain in DNS Lookup (trojan.rules)
  2028663 - ET TROJAN CASHY200 CnC Domain in DNS Lookup (trojan.rules)
  2028664 - ET TROJAN CASHY200 CnC Domain in DNS Lookup (trojan.rules)
  2028665 - ET TROJAN CASHY200 CnC Domain in DNS Lookup (trojan.rules)

Pro:

  2838855 - ETPRO MOBILE_MALWARE Android/FakePlayer.AU Checkin
(mobile_malware.rules)
  2838856 - ETPRO MOBILE_MALWARE Android/AdDisplay.Kuguo.H Reporting
Location (mobile_malware.rules)
  2838857 - ETPRO CURRENT_EVENTS MalDoc Requesting Payload 2019-10-09
(current_events.rules)
  2838858 - ETPRO CURRENT_EVENTS MalDoc Requesting Payload 2019-10-10
(current_events.rules)
  2838859 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2838860 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
  2838861 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2838862 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2838863 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
  2838864 - ETPRO TROJAN KrugBOT CnC Checkin (trojan.rules)
  2838865 - ETPRO CURRENT_EVENTS Successful Davivienda Phish 2019-10-10
(current_events.rules)
  2838866 - ETPRO CURRENT_EVENTS Successful Davivienda Phish 2019-10-10
(current_events.rules)
  2838867 - ETPRO CURRENT_EVENTS Successful Generic XBALTI Phish
(current_events.rules)
  2838868 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2019-10-10 (current_events.rules)
  2838869 - ETPRO CURRENT_EVENTS Successful ICS Phish 2019-10-10
(current_events.rules)
  2838870 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2019-10-10
(current_events.rules)
  2838871 - ETPRO CURRENT_EVENTS Successful Microsoft Excel Phish
2019-10-10 (current_events.rules)
  2838872 - ETPRO CURRENT_EVENTS Successful Microsoft Excel Phish
2019-10-10 (current_events.rules)
  2838873 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2019-10-10 (current_events.rules)
  2838874 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-10-10 (current_events.rules)
  2838875 - ETPRO CURRENT_EVENTS Successful Luno Cryptocurrency Phish
2019-10-10 (current_events.rules)
  2838876 - ETPRO CURRENT_EVENTS Successful Google Account Phish 2019-10-10
(current_events.rules)
  2838877 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-10 1) (trojan.rules)
  2838878 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-10 2) (trojan.rules)
  2838879 - ETPRO TROJAN Possible Quassar RAT Server Response via WebSocket
(trojan.rules)
  2838880 - ETPRO TROJAN Win32/MrFireman Keylogger SMTP Exfil (trojan.rules)


[///]     Modified active rules:     [///]

  2014288 - ET TROJAN Java Archive sent when remote host claims to send an
image (trojan.rules)
  2018635 - ET TROJAN Common Upatre Header Structure 2 (trojan.rules)
  2831962 - ETPRO TROJAN Ursnif Variant CnC Beacon 8 M1 (trojan.rules)
  2831963 - ETPRO TROJAN Ursnif Variant CnC Beacon 8 M2 (trojan.rules)
  2837233 - ETPRO TROJAN Possible Unk JSP WebShell Access M4 (trojan.rules)


[---]         Removed rules:         [---]

  2022480 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gootkit CnC) (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20191010/96dc21bf/attachment.html>


More information about the Emerging-sigs mailing list