[Emerging-updates] Daily Ruleset Update Summary 2019/12/03

James Emery-Callcott jcallcott at emergingthreats.net
Tue Dec 3 13:17:41 HST 2019


[***]            Summary:            [***]

  1 new Open, 26 new Pro (1 + 25).  AgentTesla, Android/Gustuff,
CoinMiners, Various Phish.

  Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2029091 - ET EXPLOIT Observed Orange LiveBox Router Information Leakage
Attempt (CVE-2018-20377) (exploit.rules)

Pro:

  2839700 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Rootnik.k CnC Beacon
(mobile_malware.rules)
  2839701 - ETPRO MOBILE_MALWARE Android/TrojanSMS.FakeInst.RA Checkin
(mobile_malware.rules)
  2839702 - ETPRO MOBILE_MALWARE Android Gustuff Header
(mobile_malware.rules)
  2839703 - ETPRO INFO Observed GET for .txt with Minimal Headers
(info.rules)
  2839704 - ETPRO INFO Observed EXE with Content-Type Mismatch (text/plain)
(info.rules)
  2839705 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-27 1) (trojan.rules)
  2839706 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-27 2) (trojan.rules)
  2839707 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-02 1) (trojan.rules)
  2839708 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-02 2) (trojan.rules)
  2839709 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-02 3) (trojan.rules)
  2839710 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-02 4) (trojan.rules)
  2839711 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-02 5) (trojan.rules)
  2839712 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-02 6) (trojan.rules)
  2839713 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-02 7) (trojan.rules)
  2839714 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-12-03 (current_events.rules)
  2839715 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-03 (current_events.rules)
  2839716 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2019-12-03 (current_events.rules)
  2839717 - ETPRO CURRENT_EVENTS Successful Adobe Reader Phish 2019-12-03
(current_events.rules)
  2839718 - ETPRO CURRENT_EVENTS Successful Microsoft File Received Phish
2019-12-03 (current_events.rules)
  2839719 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-12-03 (current_events.rules)
  2839720 - ETPRO CURRENT_EVENTS Successful WeChat Phish 2019-12-03
(current_events.rules)
  2839721 - ETPRO CURRENT_EVENTS Successful WeChat Phish 2019-12-03
(current_events.rules)
  2839722 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-12-03 (current_events.rules)
  2839723 - ETPRO TROJAN Win32/Agent Tesla SMTP Activity (trojan.rules)
  2839724 - ETPRO TROJAN Win32/Delf.BBD Variant CnC Activity (trojan.rules)

[///]     Modified active rules:     [///]

  2833021 - ETPRO CURRENT_EVENTS Possible Trickbot MalDoc DL 2018-09-26
(set) (current_events.rules)
  2836271 - ETPRO TROJAN Win32/QULAB Telegram Exfiltration via Proxy
(trojan.rules)
  2839684 - ETPRO TROJAN Buer Loader Response (trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20191203/51093b49/attachment.html>


More information about the Emerging-updates mailing list