[Emerging-updates] Daily Ruleset Update Summary 2019/12/12

Jack Mott jmott at emergingthreats.net
Thu Dec 12 13:47:18 HST 2019


[***]            Summary:            [***]

  28 new Open, 46 new Pro (28 + 18). Dreambot CnC SSL Certs, BottleEK,
AZORult v3.X, CrownAdPro CnC Activity, Cyborg Keylogger, Coinminers,
Various Phish.

  Thanks to: Travis Green (via @401TRG), @nao_sec, @ViriBack

  Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2029116 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
  2029117 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
  2029118 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
  2029119 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
  2029120 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
  2029130 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
  2029131 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
  2029132 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
  2029133 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
  2029134 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
  2029135 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
  2029121 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
  2029122 - ET WEB_CLIENT BottleEK Landing (web_client.rules)
  2029123 - ET WEB_CLIENT BottleEK Plugin Check JS (web_client.rules)
  2029124 - ET CURRENT_EVENTS BottleEK Plugin Check Response
(current_events.rules)
  2029125 - ET WEB_CLIENT Suspicious VBS Encoding Observed in BottleEK
(web_client.rules)
  2029126 - ET WEB_CLIENT BottleEK Payload Request (web_client.rules)
  2029127 - ET CURRENT_EVENTS Successful Generic Phish (set) 2019-12-12
(current_events.rules)
  2029128 - ET TROJAN Malicious SSL Cert (Magecart) (trojan.rules)
  2029136 - ET TROJAN AZORult v3.3 Server Response M1 (trojan.rules)
  2029137 - ET TROJAN AZORult v3.3 Server Response M2 (trojan.rules)
  2029138 - ET TROJAN AZORult v3.3 Server Response M3 (trojan.rules)
  2029139 - ET TROJAN AZORult v3.2 Server Response M1 (trojan.rules)
  2029140 - ET TROJAN AZORult v3.2 Server Response M2 (trojan.rules)
  2029141 - ET TROJAN AZORult v3.2 Server Response M3 (trojan.rules)
  2029142 - ET TROJAN MalDoc Exfil (2019-12-12) (trojan.rules)
  2029143 - ET TROJAN CrownAdPro CnC Activity M1 (trojan.rules)
  2029144 - ET TROJAN DiamondFox HTTP Post CnC Checkin M3 (trojan.rules)

Pro:

  2839876 - ETPRO TROJAN Win32/Cyborg Keylogger FTP STOR Command
(trojan.rules)
  2839877 - ETPRO TROJAN Win32/Cyborg Keylogger Data Exfil via FTP
(trojan.rules)
  2839878 - ETPRO TROJAN Win32/AgentTesla FTP STOR Command M2 (trojan.rules)
  2839879 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC)
(trojan.rules)
  2839881 - ETPRO TROJAN 404 Keylogger Exfil (trojan.rules)
  2839886 - ETPRO TROJAN Observed Magecart CnC Domain in TLS SNI
(trojan.rules)
  2839882 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-11 1) (trojan.rules)
  2839883 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-11 2) (trojan.rules)
  2839880 - ETPRO CURRENT_EVENTS Evil Keitaro Set-Cookie Inbound (eaebe)
(current_events.rules)
  2839884 - ETPRO CURRENT_EVENTS Successful Apple iCloud Phish 2019-12-12
(current_events.rules)
  2839885 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish
2019-12-12 (current_events.rules)
  2839887 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-12-12 (current_events.rules)
  2839888 - ETPRO CURRENT_EVENTS Successful US Bank Phish 2019-12-12
(current_events.rules)
  2839889 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-12
(current_events.rules)
  2839890 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-12
(current_events.rules)
  2839891 - ETPRO CURRENT_EVENTS Successful Mobile DE Phish 2019-12-12
(current_events.rules)
  2839892 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-12-12
(current_events.rules)
  2839893 - ETPRO TROJAN Win32/Remcos RAT Checkin 277 (trojan.rules)

[///]     Modified active rules:     [///]

  2822801 - ETPRO TROJAN DiamondFox HTTP POST CnC Checkin M1 (trojan.rules)
  2839790 - ETPRO INFO Windows BITS UA Retreiving EXE (info.rules)

 [---]         Removed rules:         [---]

  2839854 - ETPRO TROJAN Observed Malicious SSL Cert (SDBbot CnC)
(trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20191212/e3b30f77/attachment.html>


More information about the Emerging-updates mailing list