[Emerging-updates] Daily Ruleset Update Summary 2018/11/26

Jason Williams jwilliams at emergingthreats.net
Mon Nov 26 14:01:15 HST 2018


[***]            Summary:            [***]

8 new Open, 39 new Pro (8 + 31). Strongpity, Powerstats, Coinminers,
Various Phishing.

[+++]          Added rules:          [+++]

Open:

  2026649 - ET INFO Certificate with Unknown Content (info.rules)
  2026650 - ET CURRENT_EVENTS Generic Xbalti Phishing Landing 2018-11-26
(current_events.rules)
  2026651 - ET CURRENT_EVENTS Observed Malicious SSL Cert (StrongPity
Domain) (current_events.rules)
  2026652 - ET CURRENT_EVENTS Observed Malicious SSL Cert (StrongPity
Domain) (current_events.rules)
  2026653 - ET CURRENT_EVENTS Observed Malicious SSL Cert (StrongPity
Domain) (current_events.rules)
  2026654 - ET CURRENT_EVENTS Observed Malicious SSL Cert (StrongPity
Domain) (current_events.rules)
  2026655 - ET CURRENT_EVENTS Observed Malicious SSL Cert (StrongPity
Domain) (current_events.rules)
  2026656 - ET CURRENT_EVENTS Observed Malicious SSL Cert (StrongPity
Domain) (current_events.rules)

Pro:

  2833620 - ETPRO TROJAN Powerstats/Muddywater CnC 2nd Stage Activity
Checkin (trojan.rules)
  2833621 - ETPRO TROJAN Powerstats/Muddywater CnC 2nd Stage Activity
(info) (trojan.rules)
  2833622 - ETPRO TROJAN Powerstats/Muddywater CnC 2nd Stage Activity (OK)
(trojan.rules)
  2833623 - ETPRO TROJAN W32.HTTP.Stager Checkin M1 (trojan.rules)
  2833624 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-26 1) (trojan.rules)
  2833625 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-26 2) (trojan.rules)
  2833626 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-26 3) (trojan.rules)
  2833627 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-26 4) (trojan.rules)
  2833628 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-26 5) (trojan.rules)
  2833629 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-26 6) (trojan.rules)
  2833630 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-26 7) (trojan.rules)
  2833631 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-26 8) (trojan.rules)
  2833632 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-26 9) (trojan.rules)
  2833633 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-26 10) (trojan.rules)
  2833634 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-26 11) (trojan.rules)
  2833635 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-26 12) (trojan.rules)
  2833636 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-26 13) (trojan.rules)
  2833637 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-26 14) (trojan.rules)
  2833638 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-26 15) (trojan.rules)
  2833639 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-26 16) (trojan.rules)
  2833640 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-26 17) (trojan.rules)
  2833641 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-26 18) (trojan.rules)
  2833642 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-26 19) (trojan.rules)
  2833643 - ETPRO TROJAN Cobalt Strike Malleable C2 JQuery Custom Profile
(trojan.rules)
  2833644 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2833645 - ETPRO CURRENT_EVENTS MalDoc Retrieving Ursnif Payload
2018-11-26 (current_events.rules)
  2833646 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2018-11-26 (current_events.rules)
  2833647 - ETPRO CURRENT_EVENTS Successful Docusign Phish 2018-11-26
(current_events.rules)
  2833648 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2018-11-26 (current_events.rules)
  2833649 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2018-11-26
(current_events.rules)
  2833650 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2018-11-26 (current_events.rules)


 [///]     Modified active rules:     [///]

  2814467 - ETPRO TROJAN ZxShell WinVNC Command (trojan.rules)
  2833520 - ETPRO TROJAN Observed Malicious SSL Cert (SocGholish Redirect)
(trojan.rules)


 [---]  Disabled and modified rules:  [---]

  2811213 - ETPRO TROJAN Trojan/Win32.Banload Config Download Response
(trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20181126/7379d8d0/attachment.html>


More information about the Emerging-updates mailing list