[Emerging-updates] Daily Ruleset Update Summary 2018/11/14

James Emery-Callcott jcallcott at emergingthreats.net
Wed Nov 14 10:28:57 HST 2018


[***]            Summary:            [***]

2 new Open, 16 new Pro (2 + 14). GhostDNS, Muhstik Bot, MalDoc SSL Cert.
CnC Domain.

[+++]          Added rules:          [+++]

  2026607 - ET TROJAN Muhstik Bot Reporting Vulnerable Server to CnC
(trojan.rules)
  2026608 - ET TROJAN JunkMiner Downloader Communicating with CnC
(trojan.rules)
  2833554 - ETPRO CURRENT_EVENTS MalDoc Retrieving Ursnif Payload
2018-11-14 (current_events.rules)
  2833555 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2018-11-14) (current_events.rules)
  2833556 - ETPRO TROJAN TeleGbot Exfiltrating Credit Card and Cookie Data
(trojan.rules)
  2833557 - ETPRO CURRENT_EVENTS GhostDNS JS DNSChanger Initial Landing
Page 2018-11-14 (current_events.rules)
  2833558 - ETPRO CURRENT_EVENTS GhostDNS JS DNSChanger Base64 Attack
Modules Landing Page 2018-11-14 (current_events.rules)
  2833559 - ETPRO CURRENT_EVENTS Possible GhostDNS Attempting Intranet
Router Compromise M1 (current_events.rules)
  2833560 - ETPRO CURRENT_EVENTS Possible GhostDNS Attempting Intranet
Router Compromise M2 (current_events.rules)
  2833561 - ETPRO CURRENT_EVENTS Possible GhostDNS Attempting Intranet
Router Compromise M3 (current_events.rules)
  2833562 - ETPRO CURRENT_EVENTS Possible GhostDNS Attempting Intranet
Router Compromise M4 (current_events.rules)
  2833563 - ETPRO CURRENT_EVENTS Possible GhostDNS Attempting Intranet
Router Compromise M5 (current_events.rules)
  2833564 - ETPRO CURRENT_EVENTS Possible GhostDNS Attempting Intranet
Router Compromise M6 (Bruteforce) (current_events.rules)
  2833565 - ETPRO CURRENT_EVENTS Possible GhostDNS Attempting Intranet
Router Compromise M7 (Bruteforce) (current_events.rules)
  2833566 - ETPRO CURRENT_EVENTS Possible GhostDNS Attempting Intranet
Router Compromise M8 (Bruteforce) (current_events.rules)
  2833567 - ETPRO CURRENT_EVENTS Possible GhostDNS Attempting Intranet
Router Compromise M9 (Bruteforce) (current_events.rules)

[///]     Modified active rules:     [///]

  2833543 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-13 1) (trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20181114/d2ccb238/attachment.html>


More information about the Emerging-updates mailing list