[Emerging-updates] Daily Ruleset Update Summary 2019/12/09

Jack Mott jmott at emergingthreats.net
Mon Dec 9 14:17:20 HST 2019


[***]            Summary:            [***]

  3 new Open, 37 new Pro (3 + 34). Buran, Various SSL Certs, Win32/Snojan
Variant, Remcos, Various Phish.

  Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2029100 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
  2029101 - ET TROJAN Observed Buran Ransomware UA (trojan.rules)
  2029102 - ET TROJAN Observed Malicious SSL Cert (MageCart) (trojan.rules)

Pro:

  2839786 - ETPRO INFO Observed SSL Cert (Suspicious CN Value) (info.rules)
  2839787 - ETPRO TROJAN Win32/Unk.Ransomware Retrieving External IP
Address (trojan.rules)
  2839788 - ETPRO USER_AGENTS Observed Suspicious UA (WebParser)
(user_agents.rules)
  2839789 - ETPRO POLICY External IP Lookup - 126 .net (policy.rules)
  2839790 - ETPRO INFO Windows BITS UA Retreiving EXE (info.rules)
  2839791 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
  2839792 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC)
(trojan.rules)
  2839793 - ETPRO TROJAN Observed Malicious SSL Cert (SDBbot CnC)
(trojan.rules)
  2839794 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC)
(trojan.rules)
  2839795 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-12-09)
(trojan.rules)
  2839796 - ETPRO TROJAN Observed Malicious SSL Cert (GRIFFON CnC)
(trojan.rules)
  2839797 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish
2019-12-09 (current_events.rules)
  2839798 - ETPRO CURRENT_EVENTS Successful Paylocity Phish 2019-12-09
(current_events.rules)
  2839799 - ETPRO CURRENT_EVENTS Successful Paylocity Phish 2019-12-09
(current_events.rules)
  2839800 - ETPRO INFO Suspicious Obfuscated Executable Downloaded from
Paste.ee (info.rules)
  2839801 - ETPRO INFO Suspicious Powershell Downloaded from Paste.ee
(info.rules)
  2839802 - ETPRO TROJAN Win32/Snojan Variant CnC Checkin (trojan.rules)
  2839803 - ETPRO CURRENT_EVENTS Successful PKO Bank PL Phish 2019-12-09
(current_events.rules)
  2839804 - ETPRO CURRENT_EVENTS Successful Gov TR TK Phish 2019-12-09
(current_events.rules)
  2839805 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-12-09
(current_events.rules)
  2839806 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-09 (current_events.rules)
  2839807 - ETPRO CURRENT_EVENTS Successful Rakuten Phish 2019-12-09
(current_events.rules)
  2839808 - ETPRO CURRENT_EVENTS Successful Netease 163 Phish 2019-12-09
(current_events.rules)
  2839809 - ETPRO CURRENT_EVENTS Successful Americanas Phish 2019-12-09
(current_events.rules)
  2839810 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-09 (current_events.rules)
  2839811 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2019-12-09 (current_events.rules)
  2839812 - ETPRO CURRENT_EVENTS Successful Amazon Seller Central Phish
2019-12-09 (current_events.rules)
  2839813 - ETPRO CURRENT_EVENTS Successful Amazon Seller Central OTP Phish
2019-12-09 (current_events.rules)
  2839814 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi CnC)
(trojan.rules)
  2839815 - ETPRO TROJAN Win32/Trojan.GQJP-7779 CnC Activity M1
(trojan.rules)
  2839816 - ETPRO TROJAN Win32/Trojan.GQJP-7779 CnC Activity M2
(trojan.rules)
  2839817 - ETPRO TROJAN Win32/Snojan CnC Activity (trojan.rules)
  2839818 - ETPRO TROJAN Win32/Remcos RAT Checkin 275 (trojan.rules)
  2839819 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC)
2019-12-09 (trojan.rules)

[///]     Modified active rules:     [///]

  2001562 - ET INFO Suspected PUP/PUA User-Agent (OSSProxy) (info.rules)
  2001564 - ET INFO PUP/PUA OSSProxy HTTP Header (info.rules)
  2014726 - ET POLICY Outdated Flash Version M1 (policy.rules)
  2807144 - ETPRO POLICY PUP DomainIQ (policy.rules)
  2807178 - ETPRO POLICY PUP DomainIQ 2 (policy.rules)
  2809705 - ETPRO POLICY PUP SilenceInstaller Checkin (policy.rules)
  2812129 - ETPRO POLICY SpyHunter Spyware Removal Tool PUP Checkin
(policy.rules)
  2812130 - ETPRO POLICY SpyHunter Spyware Removal Tool PUP User-Agent
(SpyHunter) (policy.rules)
  2814542 - ETPRO POLICY WebBar PUA IP Lookup (policy.rules)
  2821364 - ETPRO TROJAN Trojan.Win32.Agentb.jwp CnC Beacon (trojan.rules)
  2835931 - ETPRO POLICY SuperAntiSpyware PUA/PUP Install Phone Home
(policy.rules)
  2839262 - ETPRO CURRENT_EVENTS Possible GreenFlash Sundown EK Flash
Artifact (current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20191209/c77c5bb3/attachment.html>


More information about the Emerging-updates mailing list