[Emerging-Sigs] Daily Ruleset Update Summary 2019/10/28

James Emery-Callcott jcallcott at emergingthreats.net
Mon Oct 28 13:56:58 HDT 2019


[***]            Summary:            [***]

  6 new Open, 22 new Pro (6 + 16).  Remcos, AZORult, BadPatch, Various
Phish.

  We have a blog up now outlining the new Suricata 5.0 ruleset information
as well information regarding our upcoming plans to EOL rule support for
Suricata 2.0/3.0 Rulesets.

  Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
  Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2028912 - ET USER_AGENTS Observed Suspicious UA (Client)
(user_agents.rules)
  2028913 - ET TROJAN BadPatch CnC Activity (trojan.rules)
  2028914 - ET POLICY TOR Consensus Data Requested (policy.rules)
  2028915 - ET TROJAN Instagram Like Bot (like4u) CnC Activity M1
(trojan.rules)
  2028916 - ET TROJAN Instagram Like Bot (like4u) CnC Activity M2
(trojan.rules)
  2028917 - ET TROJAN Instagram Like Bot (like4u) CnC Domain in DNS Lookup
(trojan.rules)

Pro:

  2839128 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-25 1) (trojan.rules)
  2839129 - ETPRO CURRENT_EVENTS Successful Citibank Loan Phish 2019-10-28
(current_events.rules)
  2839130 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-10-28
(current_events.rules)
  2839131 - ETPRO CURRENT_EVENTS Successful Generic Email Account Update
Phish 2019-10-28 (current_events.rules)
  2839132 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2019-10-28
(current_events.rules)
  2839133 - ETPRO TROJAN Win32/Presenoker Requesting Batch File M6
(trojan.rules)
  2839134 - ETPRO USER_AGENTS Win32/Presenoker UA Observed
(user_agents.rules)
  2839135 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT CnC)
(trojan.rules)
  2839136 - ETPRO TROJAN Zeropadypt/Limbo/Ouroboros Ransomware CnC Checkin
M2 (trojan.rules)
  2839137 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC Server)
2019-10-28 (trojan.rules)
  2839138 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC Server)
2019-10-22 (trojan.rules)
  2839139 - ETPRO TROJAN Win32/Remcos RAT Checkin 229 (trojan.rules)
  2839140 - ETPRO TROJAN Win32/Remcos RAT Checkin 230 (trojan.rules)
  2839141 - ETPRO TROJAN Win32/Remcos RAT Checkin 231 (trojan.rules)
  2839142 - ETPRO TROJAN Win32/Remcos RAT Checkin 232 (trojan.rules)
  2839143 - ETPRO TROJAN Win32/Remcos RAT Checkin 233 (trojan.rules)

[///]     Modified active rules:     [///]

  2838020 - ETPRO TROJAN Zeropadypt/Limbo/Ouroboros Ransomware CnC Checkin
(trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20191028/4e732b13/attachment.html>


More information about the Emerging-sigs mailing list