[Emerging-updates] Daily Ruleset Update Summary 2018/11/29

Jason Williams jwilliams at emergingthreats.net
Thu Nov 29 13:26:59 HST 2018


[***]            Summary:            [***]

9 new Open, 29 new Pro (9 + 20). Powerstats, SYSCON, Apoxas Stealer,
Various Phishing.

[+++]          Added rules:          [+++]

Open:

  2026673 - ET TROJAN IcedID WebSocket Request (trojan.rules)
  2026674 - ET INFO Minimal HTTP GET Request to Bit.ly (info.rules)
  2026675 - ET CURRENT_EVENTS Inbound PowerShell Saving Base64 Decoded
Payload to Temp M1 2018-11-29 (current_events.rules)
  2026676 - ET CURRENT_EVENTS Inbound PowerShell Saving Base64 Decoded
Payload to Temp M2 2018-11-29 (current_events.rules)
  2026677 - ET CURRENT_EVENTS Inbound PowerShell Executing Base64 Decoded
VBE from Temp 2018-11-29 (current_events.rules)
  2026678 - ET CURRENT_EVENTS Observed Malicious SSL Cert (POWERSTATS Proxy
CnC) (current_events.rules)
  2026679 - ET CURRENT_EVENTS Observed Malicious SSL Cert (POWERSTATS Proxy
CnC) (current_events.rules)
  2026680 - ET TROJAN DNS Query for DNSpionage CnC Domain (trojan.rules)
  2026681 - ET TROJAN DNSpionage Requesting Config (trojan.rules)

Pro:

  2833702 - ETPRO TROJAN Zebrocy CnC Checkin M3 (trojan.rules)
  2833703 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-29 1) (trojan.rules)
  2833704 - ETPRO TROJAN Observed Malicious SSL Cert (Zebrocy CnC)
(trojan.rules)
  2833705 - ETPRO TROJAN SYSCON FTP Retrieving Config (trojan.rules)
  2833706 - ETPRO TROJAN SYSCON FTP Config Inbound (trojan.rules)
  2833707 - ETPRO TROJAN SYSCON FTP Windows Log Exfil (trojan.rules)
  2833708 - ETPRO TROJAN SYSCON FTP Process Log Exfil (trojan.rules)
  2833709 - ETPRO TROJAN SYSCON FTP Screenshot Exfil (trojan.rules)
  2833710 - ETPRO TROJAN Apoxas Stealer Exfil via FTP (trojan.rules)
  2833711 - ETPRO CURRENT_EVENTS Successful Santander Phish 2018-11-29
(current_events.rules)
  2833712 - ETPRO CURRENT_EVENTS Successful Discover Phish 2018-11-29
(current_events.rules)
  2833713 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2018-11-29
(current_events.rules)
  2833714 - ETPRO CURRENT_EVENTS Successful Apple Phish 2018-11-29
(current_events.rules)
  2833715 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2018-11-29
(current_events.rules)
  2833716 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-11-29
(current_events.rules)
  2833717 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
2018-11-29 (current_events.rules)
  2833718 - ETPRO CURRENT_EVENTS Successful Credit Card Information Phish
2018-11-29 (current_events.rules)
  2833719 - ETPRO CURRENT_EVENTS Successful Apple Credit Card Information
Phish 2018-11-29 (current_events.rules)
  2833720 - ETPRO CURRENT_EVENTS Successful Credit Card Information Phish
2018-11-29 (current_events.rules)
  2833721 - ETPRO CURRENT_EVENTS Successful Facebook Credit Card
Information Phish 2018-11-29 (current_events.rules)

 [///]     Modified active rules:     [///]

  2026557 - ET TROJAN DNS Query for DNSpionage CnC Domain (trojan.rules)
  2829988 - ETPRO POLICY Observed MS Certutil User-Agent in HTTP Request
(policy.rules)
  2832030 - ETPRO TROJAN SYSCON Data Exfil via FTP (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20181129/df58b31a/attachment.html>


More information about the Emerging-updates mailing list