[Emerging-updates] Daily Ruleset Update Summary 2018/11/27

Jason Williams jwilliams at emergingthreats.net
Tue Nov 27 14:16:45 HST 2018


[***]            Summary:            [***]

7 new Open, 39 new Pro (7 + 32). Strongpity, Powershell Empire, Coinminers,
Various Phishing.

[+++]          Added rules:          [+++]

Open:

  2026657 - ET INFO Observed Free Hosting Domain (*.000webhostapp .com in
DNS Lookup) (info.rules)
  2026658 - ET INFO Observed SSL Cert for Free Hosting Domain
(*.000webhostapp .com) (info.rules)
  2026659 - ET CURRENT_EVENTS Observed Malicious SSL Cert (BrushaLoader
Domain) (current_events.rules)
  2026666 - ET CURRENT_EVENTS Observed Malicious SSL Cert (StrongPity
Domain) (current_events.rules)
  2026667 - ET CURRENT_EVENTS Observed Malicious SSL Cert (StrongPity
Domain) (current_events.rules)
  2026668 - ET CURRENT_EVENTS Observed Malicious SSL Cert (StrongPity
Domain) (current_events.rules)
  2026669 - ET CURRENT_EVENTS Observed Malicious SSL Cert (StrongPity
Domain) (current_events.rules)

Pro:

  2833651 - ETPRO TROJAN PowerShell/BlasterEgg Checkin (trojan.rules)
  2833652 - ETPRO TROJAN Neozhvnc CnC Beacon (trojan.rules)
  2833653 - ETPRO POLICY WebDav Auth Request Outbound (Possible NTLM Hash
Theft) (policy.rules)
  2833654 - ETPRO ATTACK_RESPONSE Responder NTLM Authentication HTTP
Response (attack_response.rules)
  2833655 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-27 1) (trojan.rules)
  2833656 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-27 2) (trojan.rules)
  2833657 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-27 3) (trojan.rules)
  2833658 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-27 4) (trojan.rules)
  2833659 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-27 5) (trojan.rules)
  2833660 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-27 6) (trojan.rules)
  2833661 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-27 7) (trojan.rules)
  2833662 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-27 8) (trojan.rules)
  2833663 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-27 9) (trojan.rules)
  2833664 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-27 10) (trojan.rules)
  2833665 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-27 11) (trojan.rules)
  2833666 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-27 12) (trojan.rules)
  2833667 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-27 13) (trojan.rules)
  2833668 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-27 14) (trojan.rules)
  2833669 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-27 15) (trojan.rules)
  2833670 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-27 16) (trojan.rules)
  2833671 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2018-11-27) (current_events.rules)
  2833672 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2018-11-27 2) (current_events.rules)
  2833673 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2018-11-27 3) (current_events.rules)
  2833674 - ETPRO TROJAN PowerShell Empire Proxy Hop Request (trojan.rules)
  2833675 - ETPRO CURRENT_EVENTS Successful USAA Phish 2018-11-27
(current_events.rules)
  2833676 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-11-27
(current_events.rules)
  2833677 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2018-11-27 M1 (current_events.rules)
  2833678 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2018-11-27 M2 (current_events.rules)
  2833679 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2018-11-27
(current_events.rules)
  2833680 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2018-11-27 (current_events.rules)
  2833681 - ETPRO CURRENT_EVENTS Successful Workday Phish 2018-11-27 M1
(current_events.rules)
  2833682 - ETPRO CURRENT_EVENTS Successful Workday Phish 2018-11-27
(current_events.rules)

 [+++]  Enabled and modified rules:   [+++]

  2013490 - ET POLICY NetBIOS nbtstat Type Query Outbound (policy.rules)
  2013491 - ET POLICY NetBIOS nbtstat Type Query Inbound (policy.rules)

 [///]     Modified active rules:     [///]

  2832606 - ETPRO TROJAN Spytector PWS FTP Exfil (trojan.rules)
  2832759 - ETPRO CURRENT_EVENTS MalDoc Requesting Ursnif Payload
2018-09-24 (current_events.rules)
  2832815 - ETPRO TROJAN Spytector PWS FTP Exfil M2 (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20181127/ffed2163/attachment.html>


More information about the Emerging-updates mailing list