[Emerging-updates] Daily Ruleset Update Summary 2019/12/19

Brandon Murphy bmurphy at emergingthreats.net
Thu Dec 19 15:39:13 HST 2019


[***]            Summary:            [***]

  0 new Open, 22 new Pro (0 + 22). Android/Hiddad.AIX, Powershell.WC,
Win32/Remcos, and Various Phish

  Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Pro:

  2840006 - ETPRO MOBILE_MALWARE Android/Hiddad.AIX CnC Beacon
(mobile_malware.rules)
  2840007 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-18 1) (trojan.rules)
  2840008 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-18 2) (trojan.rules)
  2840009 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-19
(current_events.rules)
  2840010 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-12-19
(current_events.rules)
  2840011 - ETPRO CURRENT_EVENTS Successful Spotify Phish 2019-12-19
(current_events.rules)
  2840012 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-12-19
(current_events.rules)
  2840013 - ETPRO CURRENT_EVENTS Successful KBC Bank Phish 2019-12-19
(current_events.rules)
  2840014 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-19
(current_events.rules)
  2840015 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-19
(current_events.rules)
  2840016 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-12-19
(current_events.rules)
  2840017 - ETPRO TROJAN Powershell.WC CnC Initial Checkin (trojan.rules)
  2840018 - ETPRO TROJAN Powershell.WC CnC - Heartbeat (trojan.rules)
  2840019 - ETPRO TROJAN Powershell.WC CnC - Report (trojan.rules)
  2840020 - ETPRO TROJAN Powershell.WC CnC - Upload (trojan.rules)
  2840021 - ETPRO TROJAN Powershell.WC CnC Activity (trojan.rules)
  2840022 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2840023 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound)
(trojan.rules)
  2840024 - ETPRO TROJAN Win32/Remcos RAT Checkin 284 (trojan.rules)
  2840025 - ETPRO TROJAN Win32/Remcos RAT Checkin 285 (trojan.rules)
  2840026 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC)
(trojan.rules)
  2840027 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC)
2019-12-19 (trojan.rules)


[///]     Modified active rules:     [///]

  2008311 - ET SCAN Watchfire AppScan Web App Vulnerability Scanner
(scan.rules)
  2024991 - ET TROJAN Win32/TinyNuke CnC Checkin (trojan.rules)
  2832577 - ETPRO TROJAN Win32/TinyNuke CnC Checkin (trojan.rules)
  2833514 - ETPRO TROJAN Win32/TinyNuke CnC Checkin M2 (trojan.rules)


[---]         Removed rules:         [---]

  2811507 - ETPRO CURRENT_EVENTS Angler or Nuclear EK Flash Exploit (IE)
Jun 16 M1 (current_events.rules)
  2811829 - ETPRO CURRENT_EVENTS Angler or Nuclear EK Flash Exploit (IE)
Jun 16 M1 T2 (current_events.rules)
  2811871 - ETPRO CURRENT_EVENTS Angler Possible EK Landing URI Struct Jul
09 M3 T3 (current_events.rules)
  2811937 - ETPRO CURRENT_EVENTS Angler Possible EK Landing URI Struct Jul
14 M3 T3 (current_events.rules)
  2811987 - ETPRO CURRENT_EVENTS Angler Possible EK Landing URI Struct Jul
15 M3 T3 (current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20191219/37a4e90c/attachment.html>


More information about the Emerging-updates mailing list