[Emerging-Sigs] Daily Ruleset Update Summary 2020/01/20

James Emery-Callcott jcallcott at emergingthreats.net
Mon Jan 20 15:09:07 HST 2020


[***]            Summary:            [***]

  1 new Open, 6 new Pro (1 + 5).  Canary Tokens, MageCart, Various SSL/TLS.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2029297 - ET MALWARE MageCart CnC Domain Observed in DNS Query
(malware.rules)

Pro:

  2840509 - ETPRO POLICY Possible Canary Token Service Domain Observed in
DNS Query (policy.rules)
  2840510 - ETPRO POLICY HTTP Request to Possible Canary Token Service
(policy.rules)
  2840511 - ETPRO MALWARE Observed Malicious SSL Cert (Unk CnC)
(malware.rules)
  2840512 - ETPRO MALWARE Observed Malicious SSL Cert (Unk/Xenon CnC)
(malware.rules)
  2840513 - ETPRO POLICY Observed Suspicious SSL Cert (NordVPN Domain
Fronting) (policy.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200121/e1c16673/attachment.html>


More information about the Emerging-sigs mailing list