[Emerging-updates] Daily Ruleset Update Summary 2018/11/16

James Emery-Callcott jcallcott at emergingthreats.net
Fri Nov 16 10:55:53 HST 2018


[***]            Summary:            [***]

5 new Open, 13 new Pro (5 + 8). CVE-2018-15981, Various Malicious SSL
Certs, Various APT.

[+++]          Added rules:          [+++]

  2026616 - ET CURRENT_EVENTS Observed Malicious SSL Cert (HuadhServHelper
CnC) (current_events.rules)
  2026617 - ET TROJAN APT29 Domain in DNS Lookup (pandorasong .com)
(trojan.rules)
  2026618 - ET CURRENT_EVENTS Observed Malicious SSL Cert (APT29)
(current_events.rules)
  2026619 - ET TROJAN Hades APT Downloader Attempting to Retrieve Stage 2
Payload (trojan.rules)
  2026620 - ET TROJAN Hades APT Domain in DNS Lookup (findupdatems .com)
(trojan.rules)
  2833575 - ETPRO MOBILE_MALWARE Android.Monitor.Puma.C (mobilegate .net in
DNS Lookup) (mobile_malware.rules)
  2833576 - ETPRO TROJAN WEB_CLIENT Possible Adobe Flash Type Confusion
Vulnerability (CVE-2018-15981) (trojan.rules)
  2833577 - ETPRO TROJAN Banload Variant CnC Activity (trojan.rules)
  2833578 - ETPRO CURRENT_EVENTS PowerShell with Base64 Encoded Wide
Strings Inbound (Anti-VM Related) (current_events.rules)
  2833579 - ETPRO CURRENT_EVENTS PowerShell Downloader with Base64 Encoded
Wscript.Shell Wide String Inbound (current_events.rules)
  2833580 - ETPRO TROJAN ExtremeDownloader CnC Checkin (trojan.rules)
  2833581 - ETPRO MALWARE Win32/InstallMonster Requesting File M1
(malware.rules)
  2833582 - ETPRO MALWARE Win32/InstallMonster Requesting File M2
(malware.rules)


 [///]     Modified active rules:     [///]

  2026611 - ET TROJAN TEMP.Periscope APT Domain in DNS Lookup (trojan.rules)
  2026612 - ET TROJAN TEMP.Periscope APT Domain in DNS Lookup (trojan.rules)
  2824248 - ETPRO TROJAN Zeus Panda Banker / Ursnif Malicious SSL
Certificate Detected (trojan.rules)


---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20181116/8594ed65/attachment.html>


More information about the Emerging-updates mailing list