[Emerging-Sigs] Daily Ruleset Update Summary 2019/10/24

James Emery-Callcott jcallcott at emergingthreats.net
Thu Oct 24 14:39:57 HDT 2019


[***]            Summary:            [***]

  9 new Open, 23 new Pro (9 + 14).  Remcos, Win32/Orion, Various SSL/TLS,
Various Phish.

  Thanks James Lay (@james_inthe_box).

  We have a blog up now outlining the new Suricata 5.0 ruleset information
as well information regarding our upcoming plans to EOL rule support for
Suricata 2.0/3.0 Rulesets.

  Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
  Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2028896 - ET TROJAN Observed Win32/Orion Logger SMTP Exfil Subject Line
(trojan.rules)
  2028897 - ET TROJAN Win32/Orion Logger SMTP Base64 Exfil (trojan.rules)
  2028898 - ET TROJAN Observed Malicious SSL Cert (APT32 CnC) (trojan.rules)
  2028899 - ET TROJAN Lazarus CnC Domain Observed in DNS Query
(trojan.rules)
  2028900 - ET TROJAN Lazarus CnC Domain Observed in DNS Query
(trojan.rules)
  2028901 - ET TROJAN Lazarus CnC Domain Observed in DNS Query
(trojan.rules)
  2028902 - ET TROJAN Lazarus CnC Domain Observed in DNS Query
(trojan.rules)
  2028903 - ET TROJAN Lazarus CnC Domain Observed in DNS Query
(trojan.rules)
  2028904 - ET TROJAN Lazarus CnC Domain Observed in DNS Query
(trojan.rules)

Pro:

  2839110 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.p CnC
Beacon (mobile_malware.rules)
  2839111 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.acl Checkin
(mobile_malware.rules)
  2839112 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2839113 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC)
(trojan.rules)
  2839114 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC)
(trojan.rules)
  2839115 - ETPRO CURRENT_EVENTS Successful Naver Phish 2019-10-24
(current_events.rules)
  2839116 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-10-24 (current_events.rules)
  2839117 - ETPRO CURRENT_EVENTS Successful Softbank JP Phish 2019-10-24
(current_events.rules)
  2839118 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-10-24
(current_events.rules)
  2839119 - ETPRO TROJAN Win32/Spy.Socelars.S CnC Activity M1 (trojan.rules)
  2839120 - ETPRO TROJAN Win32/Spy.Socelars.S CnC Activity M2 (trojan.rules)
  2839121 - ETPRO MALWARE VKontakteDJ PUP Activity M2 (malware.rules)
  2839122 - ETPRO MALWARE VKontakteDJ PUP Activity M3 (malware.rules)
  2839123 - ETPRO TROJAN Win32/Remcos RAT Checkin 227 (trojan.rules)

[///]     Modified active rules:     [///]

  2022977 - ET TROJAN Cknife Shell Command Struct Inbound (aspx)
(trojan.rules)
  2023035 - ET TROJAN Linux/Lady CnC Beacon 2 (trojan.rules)
  2027364 - ET TROJAN BlackTech Plead Encrypted Payload Inbound
(trojan.rules)
  2028883 - ET TROJAN APT 41 LOWKEY Backdoor - Ping Command Inbound
(trojan.rules)
  2816369 - ETPRO MOBILE_MALWARE Android.Trojan.HiddenApp.AW Checkin
(mobile_malware.rules)
  2822031 - ETPRO TROJAN Win32.Unknown Updateinfo Command (trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20191025/567aa997/attachment.html>


More information about the Emerging-sigs mailing list