[Emerging-Sigs] Daily Ruleset Update Summary 2020/03/27

Brandon Murphy bmurphy at emergingthreats.net
Fri Mar 27 14:25:17 HDT 2020


[***]            Summary:            [***]

3 new Open, 17 new Pro (3 + 14). Win32/PCAcceleratorPro, Win32/Remcos,
Various User-Agents, VARIOUS PHISHING.

Suricata 2/3 Support from Emerging Threats will be become End-Of-Life on
April 15th, 2020.

Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html


[+++]          Added rules:          [+++]

Open:

  2029748 - ET USER_AGENTS Observed Suspicious UA (xPCAP)
(user_agents.rules)
  2029749 - ET USER_AGENTS Suspicious User Agent (explorersvc)
(user_agents.rules)
  2029750 - ET USER_AGENTS Suspicious User Agent (KtulhuBrowser)
(user_agents.rules)

Pro:

  2841734 - ETPRO INFO Observed Suspicious Reversed String Inbound
(schtasks /create) (info.rules)
  2841735 - ETPRO MALWARE Win32/PCAcceleratorPro Activity (malware.rules)
  2841736 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-26 1) (trojan.rules)
  2841737 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-26 2) (trojan.rules)
  2841738 - ETPRO CURRENT_EVENTS Successful HSBC Phish 2020-03-27
(current_events.rules)
  2841739 - ETPRO CURRENT_EVENTS Successful Discover Phish 2020-03-27
(current_events.rules)
  2841740 - ETPRO CURRENT_EVENTS Successful Discover Phish 2020-03-27
(current_events.rules)
  2841741 - ETPRO CURRENT_EVENTS Successful DHL Phish 2020-03-27
(current_events.rules)
  2841742 - ETPRO CURRENT_EVENTS Successful Generic Webmail Validation
Phish 2020-03-27 (current_events.rules)
  2841743 - ETPRO TROJAN Trojan.Win32.Wecod.izpu CnC actiivty (trojan.rules)
  2841744 - ETPRO TROJAN Win32/Trojan.Click1.27351 Checkin (trojan.rules)
  2841745 - ETPRO TROJAN Win32/Remcos RAT Checkin 376 (trojan.rules)
  2841746 - ETPRO TROJAN Win32/Remcos RAT Checkin 377 (trojan.rules)
  2841747 - ETPRO TROJAN Win32/Remcos RAT Checkin 378 (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200327/692a2c81/attachment.html>


More information about the Emerging-sigs mailing list