[Emerging-updates] Daily Ruleset Update Summary 2018/11/08

Travis Green tgreen at emergingthreats.net
Thu Nov 8 16:08:16 HST 2018


[***]            Summary:            [***]

19 new Pro. MSIL/JasRAT, SentryPC, Amadey CnC Check-In.


[+++]          Added rules:          [+++]

2833495 - ETPRO EXPLOIT UPnP SOAP Preauth RCE 1 (exploit.rules)
2833496 - ETPRO EXPLOIT UPnP SOAP Preauth RCE 2 (exploit.rules)
2833497 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-08 1) (trojan.rules)
2833498 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-08 2) (trojan.rules)
2833499 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-08 3) (trojan.rules)
2833500 - ETPRO TROJAN MSIL/JasRAT CnC Checkin (trojan.rules)
2833501 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-11-08
(current_events.rules)
2833502 - ETPRO TROJAN Amadey CnC Check-In (trojan.rules)
2833503 - ETPRO TROJAN Win32/Remcos RAT Checkin 77 (trojan.rules)
2833504 - ETPRO TROJAN Win32/Remcos RAT Checkin 78 (trojan.rules)
2833505 - ETPRO POLICY SentryPC Host Monitor Software - Adding System
to Inventory (policy.rules)
2833506 - ETPRO POLICY SentryPC Host Monitor Software - Requesting
Config (set) (policy.rules)
2833507 - ETPRO POLICY SentryPC Host Monitor Software - Config Inbound
(policy.rules)
2833508 - ETPRO POLICY SentryPC Host Monitor Software - External IP
Lookup (policy.rules)
2833509 - ETPRO POLICY SentryPC Host Monitor Software - Reporting
User/Pass over HTTP (policy.rules)
2833510 - ETPRO POLICY SentryPC Host Monitor Software - Screenshot
POST (policy.rules)
2833511 - ETPRO TROJAN MSIL/JasRAT Set Persistence Command Inbound
(trojan.rules)
2833512 - ETPRO TROJAN MSIL/JasRAT Reporting Time and Version to CnC
(trojan.rules)
2833513 - ETPRO TROJAN MSIL/JasRAT Confirming Persistence Location
with CnC (trojan.rules)


[///]     Modified active rules:     [///]

2026528 - ET TROJAN ArrobarLoader CnC Checkin M1 (trojan.rules)
2810276 - ETPRO TROJAN AZORult CnC Beacon (trojan.rules)
2833268 - ETPRO TROJAN ArrobarLoader CnC Checkin M2 (trojan.rules)
2833269 - ETPRO USER_AGENTS ArrobarLoader User-Agent Observed 1
(user_agents.rules)
2833270 - ETPRO USER_AGENTS ArrobarLoader User-Agent Observed 2
(user_agents.rules)
2833324 - ETPRO TROJAN ArrobarLoader Requesting Payload (trojan.rules)


-- 
PGP: 0xBED7B297


More information about the Emerging-updates mailing list