[Emerging-updates] Daily Ruleset Update Summary 2018/07/03

Travis Green tgreen at emergingthreats.net
Tue Jul 3 13:39:02 HDT 2018


[***]            Summary:            [***]

4 new Open, 27 new Pro (4 + 23). Win32/SpyAgent.Raptor, Cobalt Strike
Beacon, Various Nagios.

Thanks: @AttackDetection, @eSentire ‏

[+++]          Added rules:          [+++]

Open:

 2025633 - ET TROJAN [PTsecurity] Win32/SpyAgent.Raptor (realtime-spy) CnC
activity 1 (trojan.rules)
 2025634 - ET TROJAN [PTsecurity] Win32/SpyAgent.Raptor (realtime-spy) CnC
activity 2 (trojan.rules)
 2025635 - ET TROJAN [eSentire] Cobalt Strike Beacon (trojan.rules)
 2025636 - ET TROJAN Cobalt Strike Exfiltration (trojan.rules)

Pro:

 2831518 - ETPRO EXPLOIT Nagios XI SQL Injection (exploit.rules)
 2831519 - ETPRO EXPLOIT Nagios XI Remote Code Execution (exploit.rules)
 2831520 - ETPRO EXPLOIT Nagios XI Remote Code Execution 2 (exploit.rules)
 2831521 - ETPRO EXPLOIT Nagios XI SQL Injection 2 (exploit.rules)
 2831522 - ETPRO EXPLOIT Nagios XI Remote Code Execution 3 (exploit.rules)
 2831523 - ETPRO EXPLOIT Nagios XI Set DB User Root (exploit.rules)
 2831524 - ETPRO EXPLOIT Nagios XI Adding Administrative User
(exploit.rules)
 2831525 - ETPRO TROJAN W32.Unk.Stealer Checkin M1 (trojan.rules)
 2831526 - ETPRO TROJAN W32.Unk.Stealer Checkin M2 (trojan.rules)
 2831527 - ETPRO EXPLOIT FTPShell client Stack Buffer Overflow
(exploit.rules)
 2831528 - ETPRO SCAN ntop-ng Authentication Bypass via Session ID Guessing
(scan.rules)
 2831529 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2018-07-03 Domain
(windowsexec .s3 .amazonaws .com in TLS SNI) (current_events.rules)
 2831530 - ETPRO EXPLOIT Possible ModSecurity 3.0.0 Cross-Site Scripting
(exploit.rules)
 2831531 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-03 1) (trojan.rules)
 2831532 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-03 2) (trojan.rules)
 2831533 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-03 3) (trojan.rules)
 2831534 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-03 4) (trojan.rules)
 2831535 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-03 5) (trojan.rules)
 2831536 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-03 6) (trojan.rules)
 2831537 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-03 7) (trojan.rules)
 2831538 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-03 8) (trojan.rules)
 2831539 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-03 9) (trojan.rules)
 2831540 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-03 10) (trojan.rules)


[///]     Modified active rules:     [///]

 2831460 - ETPRO TROJAN Win32/RovnixLoader CnC Checkin 1 (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20180703/8341970c/attachment.html>


More information about the Emerging-updates mailing list