[Emerging-Sigs] Daily Ruleset Update Summary 2019/10/23

James Emery-Callcott jcallcott at emergingthreats.net
Wed Oct 23 14:42:46 HDT 2019


[***]            Summary:            [***]

  1 new Open, 32 new Pro (1 + 31).  Remcos, Ave Maria, Various SSL/TLS,
Various Phish.

  We have a blog up now outlining the new Suricata 5.0 ruleset information
as well information regarding our upcoming plans to EOL rule support for
Suricata 2.0/3.0 Rulesets.

  Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
  Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2028895 - ET WEB_SERVER Possible PHP Remote Code Execution CVE-2019-11043
PoC (Inbound) (web_server.rules)

Pro:

  2839072 - ETPRO TROJAN Win32/Bancteian.A Variant CnC Activity
(trojan.rules)
  2839080 - ETPRO MALWARE Win32/Adload.B!MSR Install Checkin (malware.rules)
  2839081 - ETPRO POLICY External IP Lookup - myip ipip .net  (policy.rules)
  2839082 - ETPRO TROJAN Orion Logger Exfil via SMTP (trojan.rules)
  2839083 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2839084 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
  2839085 - ETPRO TROJAN Observed Malicious SSL Cert (SONE CnC)
(trojan.rules)
  2839086 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC)
(trojan.rules)
  2839087 - ETPRO TROJAN Ave Maria RAT Encrypted CnC KeepAlive Inbound (2)
(trojan.rules)
  2839088 - ETPRO TROJAN Ave Maria RAT Encrypted CnC KeepAlive Outbound (2)
(trojan.rules)
  2839089 - ETPRO TROJAN Ave Maria RAT Encrypted CnC Checkin (2)
(trojan.rules)
  2839090 - ETPRO TROJAN Observed Malicious SSL Certificate (IcedID CnC)
(trojan.rules)
  2839091 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-10-23 (current_events.rules)
  2839092 - ETPRO CURRENT_EVENTS Successful Generic Verify Email Phish
2019-10-23 (current_events.rules)
  2839093 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-10-23
(current_events.rules)
  2839094 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2019-10-23
(current_events.rules)
  2839095 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-10-23
(current_events.rules)
  2839096 - ETPRO CURRENT_EVENTS Successful Postbank Phish 2019-10-23
(current_events.rules)
  2839097 - ETPRO CURRENT_EVENTS Successful Postbank Phish 2019-10-23
(current_events.rules)
  2839098 - ETPRO CURRENT_EVENTS Successful Postbank Phish 2019-10-23
(current_events.rules)
  2839099 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-10-23
(current_events.rules)
  2839100 - ETPRO CURRENT_EVENTS Successful Aruba IT Phish 2019-10-23
(current_events.rules)
  2839101 - ETPRO CURRENT_EVENTS Successful MWeb Webmail Phish 2019-10-23
(current_events.rules)
  2839102 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish
2019-10-23 (current_events.rules)
  2839103 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-10-23
(current_events.rules)
  2839104 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-23 1) (trojan.rules)
  2839105 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-23 2) (trojan.rules)
  2839106 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-23 3) (trojan.rules)
  2839107 - ETPRO TROJAN Win32/Phoenix Keylogger - Telegram Exfiltration
(trojan.rules)
  2839108 - ETPRO TROJAN Win32/Remcos RAT Checkin 225 (trojan.rules)
  2839109 - ETPRO TROJAN Win32/Remcos RAT Checkin 226 (trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20191024/7b24643a/attachment.html>


More information about the Emerging-sigs mailing list