[Emerging-updates] Daily Ruleset Update Summary 2018/11/02

Travis Green tgreen at emergingthreats.net
Fri Nov 2 12:40:49 HDT 2018


[***]            Summary:            [***]

3 new Open, 20 new Pro (3 + 17). GET to Puu.sh, MSIL/Lordix Stealer,
Supreme Logger, Various Phishing, Various Mobile.


[+++]          Added rules:          [+++]

Open:

2026569 - ET INFO GET to Puu.sh for TXT File with Minimal Headers (info.rules)
2026570 - ET INFO Possibly Suspicious Request for Putty.exe from
Non-Standard Download Location (info.rules)
2026571 - ET TROJAN MSIL/Lordix Stealer Exfiltrating Data (trojan.rules)

Pro:

2833422 - ETPRO TROJAN MSIL.BackNet Checkin (trojan.rules)
2833423 - ETPRO TROJAN W32.LJDox Checkin (trojan.rules)
2833424 - ETPRO TROJAN W32.Zpevdo.A Variant Checkin (trojan.rules)
2833425 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-02 1) (trojan.rules)
2833426 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-02 2) (trojan.rules)
2833427 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-02 3) (trojan.rules)
2833428 - ETPRO TROJAN Zebrocy CnC System Info/Screenshot Exfil M2
(trojan.rules)
2833429 - ETPRO CURRENT_EVENTS Successful Generic Phish 2018-11-02
(current_events.rules)
2833430 - ETPRO CURRENT_EVENTS Successful Apple ID Phish 2018-11-02
(current_events.rules)
2833431 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2018-11-02 (current_events.rules)
2833432 - ETPRO CURRENT_EVENTS Successful Chase Phish 2018-11-02
(current_events.rules)
2833433 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-11-02
(current_events.rules)
2833434 - ETPRO CURRENT_EVENTS Successful Fedex Phish 2018-11-02
(current_events.rules)
2833435 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2018-11-02 (current_events.rules)
2833436 - ETPRO TROJAN Supreme Logger - Client Information Check-In
(trojan.rules)
2833437 - ETPRO TROJAN Supreme Logger - CnC Command Output (trojan.rules)
2833438 - ETPRO TROJAN Unknown Coinstealer CnC Activity (trojan.rules)


[///]     Modified active rules:     [///]

2810276 - ETPRO TROJAN Azorult CnC Beacon (trojan.rules)
2833411 - ETPRO TROJAN MSIL/Lordix Stealer Communicating with CnC M1
(trojan.rules)


-- 
PGP: 0xBED7B297


More information about the Emerging-updates mailing list