[Emerging-updates] Daily Ruleset Update Summary 2018/11/15

James Emery-Callcott jcallcott at emergingthreats.net
Thu Nov 15 14:04:19 HST 2018


[***]            Summary:            [***]

7 new Open, 14 new Pro (7 + 7). DragonFly APT, Mylobot, Various MalDoc SSL
Certs.
CnC Domain.

[+++]          Added rules:          [+++]

  2026609 - ET TROJAN Operation Baby Coin syschk CnC Communication
(trojan.rules)
  2026610 - ET TROJAN ELF/Muhstik Scanner Module Activity (trojan.rules)
  2026611 - ET TROJAN DragonFly APT Domain in DNS Lookup (trojan.rules)
  2026612 - ET TROJAN DragonFly APT Domain in DNS Lookup (trojan.rules)
  2026613 - ET TROJAN Mylobot Receiving XOR Encrypted Config (0xde)
(trojan.rules)
  2026614 - ET TROJAN Operation Mystery Baby syschk CnC Communication
(trojan.rules)
  2026615 - ET CURRENT_EVENTS Observed Malicious SSL Cert (Ursnif Inject
Domain) (current_events.rules)
  2833568 - ETPRO MOBILE_MALWARE Android.Trojan.Rootnik.gNACV CNC Beacon
(mobile_malware.rules)
  2833569 - ETPRO MOBILE_MALWARE Android.Trojan.Rootnik.gNACV CNC Beacon 2
(mobile_malware.rules)
  2833570 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2018-11-15) (current_events.rules)
  2833571 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2018-11-15 2) (current_events.rules)
  2833572 - ETPRO TROJAN Observed Malicious SSL Cert (GRIFFON CnC)
(trojan.rules)
  2833573 - ETPRO TROJAN PhanapikalBot Setting Module (trojan.rules)
  2833574 - ETPRO TROJAN PhanapikalBot getModule Request (trojan.rules)


[///]     Modified active rules:     [///]

  2026607 - ET TROJAN ELF/Muhstik Bot Reporting Vulnerable Server to CnC
(trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20181116/3cdca319/attachment.html>


More information about the Emerging-updates mailing list