[Emerging-updates] Daily Ruleset Update Summary 2018/11/30

Jason Williams jwilliams at emergingthreats.net
Fri Nov 30 13:59:51 HST 2018


[***]            Summary:            [***]

1 new Open, 40 new Pro (1 + 39). Nemours RAT, Zebrocy, Various Mobile,
Various Phishing.

[+++]          Added rules:          [+++]

Open:

  2026683 - ET TROJAN MSIL APT28 Zebrocy/Zekapab Reporting to CnC
(trojan.rules)

Pro:

  2833722 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.GZ Contact
Exfil via SMTP (mobile_malware.rules)
  2833723 - ETPRO MOBILE_MALWARE Android.Trojan.SmsSpy.AW Contact Exfil via
SMTP (mobile_malware.rules)
  2833724 - ETPRO MOBILE_MALWARE Android.Trojan.SmsSpy.bj Contact Exfil via
SMTP (mobile_malware.rules)
  2833725 - ETPRO MOBILE_MALWARE Android/GoldenTouch.A!tr Reporting
Infection via SMTP 2 (mobile_malware.rules)
  2833726 - ETPRO MOBILE_MALWARE Android.Spy.120.origin Reporting Infection
via SMTP (mobile_malware.rules)
  2833727 - ETPRO MOBILE_MALWARE Android/Spy.Agent.FX Reporting Infection
via SMTP (mobile_malware.rules)
  2833728 - ETPRO MOBILE_MALWARE Android.Trojan.AutoSMS.AW Reporting
Infection via SMTP (mobile_malware.rules)
  2833729 - ETPRO MOBILE_MALWARE Android.Trojan.JSmsHider.n Reporting
Infection via SMTP (mobile_malware.rules)
  2833730 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.AE Reporting Infection
via SMTP (mobile_malware.rules)
  2833731 - ETPRO TROJAN Win32/LittleTimmy CnC Beacon (trojan.rules)
  2833732 - ETPRO MOBILE_MALWARE Android.Monitor.Cansy.A CnC Beacon
(mobile_malware.rules)
  2833733 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
450 (mobile_malware.rules)
  2833734 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-30 1) (trojan.rules)
  2833735 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-30 2) (trojan.rules)
  2833736 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-30 3) (trojan.rules)
  2833737 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-30 4) (trojan.rules)
  2833738 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-30 5) (trojan.rules)
  2833739 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-30 6) (trojan.rules)
  2833740 - ETPRO TROJAN Nemours RAT CnC Checkin (trojan.rules)
  2833741 - ETPRO TROJAN Nemours RAT Command - Start (trojan.rules)
  2833742 - ETPRO TROJAN Unk.Stealer Checkin via FTP (trojan.rules)
  2833743 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2018-11-30) (current_events.rules)
  2833744 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2018-11-30 2) (current_events.rules)
  2833745 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2833746 - ETPRO MALWARE AdPoshel Adware Variant (malware.rules)
  2833747 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-11-30
(current_events.rules)
  2833748 - ETPRO CURRENT_EVENTS Successful Maersk Phish 2018-11-30
(current_events.rules)
  2833749 - ETPRO CURRENT_EVENTS Successful Fedex Phish 2018-11-30
(current_events.rules)
  2833750 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2018-11-30 (current_events.rules)
  2833751 - ETPRO CURRENT_EVENTS Successful Adobe Document Cloud Phish
2018-11-30 (current_events.rules)
  2833752 - ETPRO CURRENT_EVENTS Successful Credit Card Information Phish
2018-11-30 (current_events.rules)
  2833753 - ETPRO CURRENT_EVENTS Successful Paypal Credit Card Information
Phish 2018-11-30 (current_events.rules)
  2833754 - ETPRO CURRENT_EVENTS Hex Encoded PowerShell Command Containing
Base64 Payload Inbound 2018-11-30 (current_events.rules)
  2833755 - ETPRO CURRENT_EVENTS PowerShell Command with Hex Encoded Spaces
Inbound (current_events.rules)
  2833756 - ETPRO TROJAN MSIL/PartsMiner Downloader CnC Checkin
(trojan.rules)
  2833757 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (BrushaLoader
CnC) (current_events.rules)
  2833758 - ETPRO CURRENT_EVENTS BrushaLoader CnC Domain in SNI
(current_events.rules)
  2833759 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (CobaltStrike
CnC) (current_events.rules)
  2833760 - ETPRO CURRENT_EVENTS PowerShell Reflective Shellcode Loader
Inbound 2018-11-30 (current_events.rules)


 [///]     Modified active rules:     [///]

  2831005 - ETPRO POLICY Observed Suspicious SSL Cert (Possible KnowBe4
Phish Training) (policy.rules)
  2832865 - ETPRO POLICY KnowBe4 Phish Training HTTP Request (policy.rules)
  2833613 - ETPRO CURRENT_EVENTS Invoke Obfuscated PowerShell Inbound
2018-11-23 (current_events.rules)

 [---]  Disabled and modified rules:  [---]

  2801369 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER
ELECTION Buffer Overflow Inbound Netbios 138 1 (netbios.rules)
  2801370 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER
ELECTION Buffer Overflow Inbound Netbios 138 2 (netbios.rules)
  2801371 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER
ELECTION Buffer Overflow Inbound Netbios 139 (netbios.rules)
  2801372 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER
ELECTION Buffer Overflow SMB (netbios.rules)
  2801374 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER
ELECTION Buffer Overflow Internal Netbios 138 1 (netbios.rules)
  2801375 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER
ELECTION Buffer Overflow Internal Netbios 138 2 (netbios.rules)
  2801376 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER
ELECTION Buffer Overflow Internal Netbios 139 (netbios.rules)
  2801377 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER
ELECTION Buffer Overflow Internal SMB (netbios.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20181130/c579bae0/attachment.html>


More information about the Emerging-updates mailing list