[Emerging-updates] Daily Ruleset Update Summary 2019/12/11

Jack Mott jmott at emergingthreats.net
Wed Dec 11 14:25:28 HST 2019


[***]            Summary:            [***]

  5 new Open, 32 new Pro (5 + 27). OSX/Bundalore, Win32/AgentTesla,
Zeropadypt/Limbo/Ouroboros Ransomware, Various SSL Certs, Coinminers,
Various Phish.

  Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2029106 - ET MALWARE OSX/Bundalore Loader Activity (malware.rules)
  2029107 - ET MALWARE Observed DNS Query to OSX/Bundalore Domain
(malware.rules)
  2029108 - ET TROJAN SSL/TLS Certificate Observed (Get2 CnC) (trojan.rules)
  2029114 - ET TROJAN Possible APT38 CnC Domain Observed in DNS Query
(trojan.rules)
  2029115 - ET TROJAN Possible APT38 CnC Domain Observed in DNS Query
(trojan.rules)

Pro:

  2839849 - ETPRO TROJAN JsOutProx CnC Activity - Inbound (trojan.rules)
  2839850 - ETPRO TROJAN Observed Malicious SSL Cert (PsiXBot CnC)
(trojan.rules)
  2839851 - ETPRO TROJAN Win32/AgentTesla FTP STOR Command (trojan.rules)
  2839852 - ETPRO TROJAN Win32/AgentTesla Data Exfil via FTP (trojan.rules)
  2839853 - ETPRO TROJAN Win32/AgentTesla/OriginLogger Data Exfil via SMTP
(trojan.rules)
  2839854 - ETPRO TROJAN Observed Malicious SSL Cert (SDBbot CnC)
(trojan.rules)
  2839855 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-10 1) (trojan.rules)
  2839856 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-10 2) (trojan.rules)
  2839857 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-11
(current_events.rules)
  2839858 - ETPRO CURRENT_EVENTS Successful Ebay Phish 2019-12-11
(current_events.rules)
  2839859 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2019-12-11
(current_events.rules)
  2839860 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2019-12-11
(current_events.rules)
  2839861 - ETPRO CURRENT_EVENTS Successful Davivienda Phish 2019-12-11
(current_events.rules)
  2839862 - ETPRO CURRENT_EVENTS Successful Davivienda Phish 2019-12-11
(current_events.rules)
  2839863 - ETPRO CURRENT_EVENTS Successful Generic Voicemail Phish
2019-12-11 (current_events.rules)
  2839864 - ETPRO CURRENT_EVENTS Successful Generic Voicemail Phish
2019-12-11 (current_events.rules)
  2839865 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-12-11
(current_events.rules)
  2839866 - ETPRO CURRENT_EVENTS Successful Snapchat Phish 2019-12-11
(current_events.rules)
  2839867 - ETPRO CURRENT_EVENTS Successful My3  Phish 2019-12-11
(current_events.rules)
  2839868 - ETPRO CURRENT_EVENTS Successful My3 Phish 2019-12-11
(current_events.rules)
  2839869 - ETPRO CURRENT_EVENTS Successful Generic Multi-Email Phish
2019-12-11 (current_events.rules)
  2839870 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-12-11
(current_events.rules)
  2839871 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-12-11
(current_events.rules)
  2839872 - ETPRO CURRENT_EVENTS Successful Clydesdale Bank Phish
2019-12-11 (current_events.rules)
  2839873 - ETPRO TROJAN Zeropadypt/Limbo/Ouroboros Ransomware CnC Checkin
M4 (trojan.rules)
  2839874 - ETPRO TROJAN Win32/Remcos RAT Checkin 276 (trojan.rules)
  2839875 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)

[///]     Modified active rules:     [///]

  2009897 - ET TROJAN Possible Windows executable sent when remote host
claims to send html content (trojan.rules)
  2822492 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phish Oct 07
2016 (current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20191211/0c69fcf6/attachment.html>


More information about the Emerging-updates mailing list