[Emerging-updates] Daily Ruleset Update Summary 2019/12/18

Brandon Murphy bmurphy at emergingthreats.net
Wed Dec 18 14:15:13 HST 2019


[***]            Summary:            [***]

  2 new Open, 37 new Pro (2 + 35). Win32/BlackNET, ShivaGood Ransomware,
Win32/Aspire, and Various Phish

  Thanks @james_inthe_box

  Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2029182 - ET TROJAN Observed Malicious SSL Cert (Sidewinder APT CnC)
(trojan.rules)
  2029183 - ET TROJAN Win32/MailerBot CnC Activity (trojan.rules)

Pro:

  2839971 - ETPRO TROJAN Win32/njRAT Variant CnC Checkin (INF)
(trojan.rules)
  2839972 - ETPRO TROJAN Win32/njRAT Variant CnC Activity (GPL)
(trojan.rules)
  2839973 - ETPRO TROJAN Win32/njRAT Variant CnC Keep-Alive M1 (Outbound)
(trojan.rules)
  2839974 - ETPRO TROJAN Win32/njRAT Variant CnC Keep-Alive M2 (Outbound)
(trojan.rules)
  2839975 - ETPRO TROJAN Win32/njRAT Variant CnC Response (IE)
(trojan.rules)
  2839976 - ETPRO TROJAN Win32/njRAT Variant CnC Keep-Alive M1 (Inbound)
(trojan.rules)
  2839977 - ETPRO TROJAN Win32/njRAT Variant CnC Keep-Alive M2 (Inbound)
(trojan.rules)
  2839978 - ETPRO TROJAN Win32/njRAT Variant CnC Activity (OpenPasswords)
(trojan.rules)
  2839979 - ETPRO TROJAN Win32/njRAT Variant CnC Activity (PasswordsResult)
(trojan.rules)
  2839980 - ETPRO TROJAN Win32/njRAT Variant CnC Activity (KE)
(trojan.rules)
  2839981 - ETPRO TROJAN Win32/njRAT Variant CnC Activity (KE Logs)
(trojan.rules)
  2839982 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-17 1) (trojan.rules)
  2839983 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-17 2) (trojan.rules)
  2839984 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-17 3) (trojan.rules)
  2839985 - ETPRO CURRENT_EVENTS Successful SF Express CN Phish 2019-12-18
(current_events.rules)
  2839986 - ETPRO CURRENT_EVENTS Successful Godaddy Phish 2019-12-18
(current_events.rules)
  2839987 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-12-18
(current_events.rules)
  2839988 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-12-18
(current_events.rules)
  2839989 - ETPRO CURRENT_EVENTS Successful Natwest Phish 2019-12-18
(current_events.rules)
  2839990 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-12-18
(current_events.rules)
  2839991 - ETPRO CURRENT_EVENTS Successful Fifth Third Bank Phish
2019-12-18 (current_events.rules)
  2839992 - ETPRO CURRENT_EVENTS Successful Square Phish 2019-12-18
(current_events.rules)
  2839993 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-12-18
(current_events.rules)
  2839994 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-12-18 (current_events.rules)
  2839995 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-12-18
(current_events.rules)
  2839996 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-12-18
(current_events.rules)
  2839997 - ETPRO CURRENT_EVENTS Successful MKB Bank Phish 2019-12-18
(current_events.rules)
  2839998 - ETPRO CURRENT_EVENTS Successful MKB Bank Phish 2019-12-18
(current_events.rules)
  2839999 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-12-18
(current_events.rules)
  2840000 - ETPRO TROJAN DiamondFox HTTP POSTing JPEG M2 (trojan.rules)
  2840001 - ETPRO TROJAN DiamondFox HTTP POSTing PW (trojan.rules)
  2840002 - ETPRO TROJAN DiamondFox HTTP GET CnC Activity (trojan.rules)
  2840003 - ETPRO MALWARE Generic Clipper via User-Agent (malware.rules)
  2840004 - ETPRO TROJAN Win32/Remcos RAT Checkin 282 (trojan.rules)
  2840005 - ETPRO TROJAN Win32/Remcos RAT Checkin 283 (trojan.rules)


[///]     Modified active rules:     [///]

  2029144 - ET TROJAN DiamondFox HTTP Post CnC Checkin M3 (trojan.rules)


[---]         Disabled rules:        [---]

  2828314 - ETPRO TROJAN Magniber Ransomware Checkin 1 (trojan.rules)
  2828315 - ETPRO TROJAN Magniber Ransomware Checkin 2 (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20191218/b7342b16/attachment.html>


More information about the Emerging-updates mailing list