[Emerging-updates] Daily Ruleset Update Summary 2017/11/20

Travis Green tgreen at emergingthreats.net
Mon Nov 20 14:20:45 EST 2017


[***]            Summary:            [***]

2 new Open, 14 new Pro (2 + 12). GootKit, MSIL/Agent.NJ RAT, Various
Phishing.

[+++]          Added rules:          [+++]

Open:

 2023137 - ET CURRENT_EVENTS Possible Successful Phish to .tk domain Aug 26
2016 (current_events.rules)
 2025013 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Nov 20
2017 (current_events.rules)

Pro:

 2828652 - ETPRO MALWARE LabTechAgent PUA CnC Checkin (malware.rules)
 2828653 - ETPRO TROJAN Beaugrit/Zegost CnC Beacon 8 (trojan.rules)
 2828654 - ETPRO TROJAN Malicious SSL certificate detected (TrickBot C2)
(trojan.rules)
 2828655 - ETPRO CURRENT_EVENTS Successful Paypal Phish Nov 20 2017
(current_events.rules)
 2828656 - ETPRO CURRENT_EVENTS Microsoft Live Account Verification
Phishing Landing Nov 20 2017 (current_events.rules)
 2828657 - ETPRO CURRENT_EVENTS Successful Netflix Phish Nov 20 2017
(current_events.rules)
 2828658 - ETPRO TROJAN MSIL/Agent.NJ RAT CnC Checkin (trojan.rules)
 2828659 - ETPRO TROJAN MSIL/Agent.NJ RAT EXE Payload Inbound (trojan.rules)
 2828661 - ETPRO TROJAN Gootkit Domain (sslsecure256 .com in DNS Lookup)
(trojan.rules)
 2828662 - ETPRO TROJAN Gootkit Domain (ssl256cert .com in DNS Lookup)
(trojan.rules)
 2828663 - ETPRO TROJAN Gootkit Domain (sslsecure256 .com in SNI)
(trojan.rules)
 2828664 - ETPRO TROJAN Gootkit Domain (ssl256cert .com in SNI)
(trojan.rules)


[///]     Modified active rules:     [///]

 2018784 - ET TROJAN Win32/Neurevt.A/Betabot Check-in 4 (trojan.rules)
 2019158 - ET TROJAN Possible Malicious Invoice EXE (trojan.rules)
 2024998 - ET CURRENT_EVENTS Successful Generic AES Phish M2 Oct 24 2017
(current_events.rules)
 2808793 - ETPRO TROJAN Win32.Androm.cxb Requesting PE (trojan.rules)
 2826043 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Apr 20
2017 (current_events.rules)


[---]         Removed rules:         [---]

 2023137 - ET INFO Suspicious POST to .tk domain with Password (info.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20171120/38ef4b86/attachment.html>


More information about the Emerging-updates mailing list