[Emerging-updates] Daily Ruleset Update Summary 2018/11/19

Jason Williams jwilliams at emergingthreats.net
Mon Nov 19 13:53:55 HST 2018


[***]            Summary:            [***]

14 new Open, 25 new Pro (14 + 11). Mikrotik Injects, Darkgate, Coinminers,
Various Mobile.

[+++]          Added rules:          [+++]

  2026621 - ET TROJAN JS.InfectedMikrotik Injects Domain Observed in DNS
Lookup (trojan.rules)
  2026622 - ET TROJAN JS.InfectedMikrotik Injects Domain Observed in DNS
Lookup (trojan.rules)
  2026623 - ET TROJAN JS.InfectedMikrotik Injects Domain Observed in DNS
Lookup (trojan.rules)
  2026624 - ET TROJAN JS.InfectedMikrotik Injects Domain Observed in DNS
Lookup (trojan.rules)
  2026625 - ET TROJAN JS.InfectedMikrotik Injects Domain Observed in DNS
Lookup (trojan.rules)
  2026626 - ET TROJAN JS.InfectedMikrotik Injects Domain Observed in DNS
Lookup (trojan.rules)
  2026627 - ET TROJAN JS.InfectedMikrotik Injects Domain Observed in TLS
SNI (trojan.rules)
  2026628 - ET TROJAN JS.InfectedMikrotik Injects Domain Observed in DNS
Lookup (trojan.rules)
  2026629 - ET TROJAN DarkGate CNC Checkin (trojan.rules)
  2026630 - ET TROJAN DarkGate CnC Requesting Data Exfiltration from Bot
(trojan.rules)
  2026631 - ET TROJAN DarkGate Domain in DNS Lookup (akamai .la)
(trojan.rules)
  2026632 - ET TROJAN DarkGate Domain in DNS Lookup (hardwarenet .cc)
(trojan.rules)
  2026633 - ET TROJAN DarkGate Domain in DNS Lookup (awsamazon.cc)
(trojan.rules)
  2026634 - ET TROJAN DarkGate Domain in DNS Lookup (battlenet .la)
(trojan.rules)
  2833583 - ETPRO MOBILE_MALWARE Android/Agent.BAA Checkin
(mobile_malware.rules)
  2833584 - ETPRO MOBILE_MALWARE Android/FakeAV.K CnC Beacon
(mobile_malware.rules)
  2833585 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-18 1) (trojan.rules)
  2833586 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-18 2) (trojan.rules)
  2833587 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-18 3) (trojan.rules)
  2833588 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-18 4) (trojan.rules)
  2833589 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-18 5) (trojan.rules)
  2833590 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-18 6) (trojan.rules)
  2833591 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-18 7) (trojan.rules)
  2833592 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-18 8) (trojan.rules)
  2833593 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-18 9) (trojan.rules)

 [///]     Modified active rules:     [///]

  2023611 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND)
107 (trojan.rules)
  2802963 - ETPRO TROJAN Suspicious User-Agent (Omega) (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20181119/629675b0/attachment.html>


More information about the Emerging-updates mailing list