[Emerging-updates] Daily Ruleset Update Summary 2018/11/28

Jason Williams jwilliams at emergingthreats.net
Wed Nov 28 13:41:05 HST 2018


[***]            Summary:            [***]

3 new Open, 22 new Pro (3 + 19). L0rdix, Sarwent, Ursnif, Various Phishing.

[+++]          Added rules:          [+++]

Open:

  2026670 - ET TROJAN L0rdix Stealer CnC Sending Screenshot (trojan.rules)
  2026671 - ET TROJAN L0rdix Stealer CnC Data Exfil (trojan.rules)
  2026672 - ET TROJAN DNSpionage Commands Embedded in Webpage Inbound
(trojan.rules)

Pro:

  2833683 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
449 (mobile_malware.rules)
  2833684 - ETPRO POLICY WebDav Auth Request Outbound M2 (Possible NTLM
Hash Theft) (policy.rules)
  2833685 - ETPRO TROJAN W32.Sarwent Checkin -- count (trojan.rules)
  2833686 - ETPRO TROJAN W32.Sarwent Checkin -- add_bot (trojan.rules)
  2833687 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-28 1) (trojan.rules)
  2833688 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-28 2) (trojan.rules)
  2833689 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-28 3) (trojan.rules)
  2833690 - ETPRO CURRENT_EVENTS MalDoc Retrieving Evil exe/msi/doc
(current_events.rules)
  2833691 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2833692 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2833693 - ETPRO POLICY Observed SSL Cert (External IP Address Lookup (ip
.sb)) (policy.rules)
  2833694 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2018-11-28 2) (current_events.rules)
  2833695 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2018-11-28 Domain
(vevete22 .pw in TLS SNI) (current_events.rules)
  2833696 - ETPRO CURRENT_EVENTS Successful DHL Phish 2018-11-28
(current_events.rules)
  2833697 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-11-28
(current_events.rules)
  2833698 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2018-11-28 (current_events.rules)
  2833699 - ETPRO CURRENT_EVENTS Obfuscated Wide PowerShell Script Inbound
M1 2018-11-28 (current_events.rules)
  2833700 - ETPRO CURRENT_EVENTS Obfuscated Wide PowerShell Script Inbound
M2 2018-11-28 (current_events.rules)
  2833701 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Ursnif
Domain) (current_events.rules)

 [///]     Modified active rules:     [///]

  2008438 - ET TROJAN Possible Windows executable sent when remote host
claims to send a Text File (trojan.rules)
  2026557 - ET TROJAN DNSpionage - Payload Communicating with CnC via DNS
Tunneling (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20181128/a8811983/attachment.html>


More information about the Emerging-updates mailing list