[Emerging-updates] Daily Ruleset Update Summary 2019/12/20

Brandon Murphy bmurphy at emergingthreats.net
Fri Dec 20 13:17:28 HST 2019


[***]            Summary:            [***]

  3 new Open, 22 new Pro (3 + 19). Win32/AgentTesla, Sifrelendi Ransomware,
RuntimeB, and Various Phish

  Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2029184 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
  2029185 - ET POLICY External IP Lookup - free .ipwhois .io  (policy.rules)
  2029186 - ET TROJAN Win32/Unknown SMTP Checkin (trojan.rules)

Pro:

  2840028 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC)
(trojan.rules)
  2840029 - ETPRO TROJAN Win32/Borr CnC Checkin (trojan.rules)
  2840030 - ETPRO TROJAN Sifrelendi Ransomware Checkin via FTP
(trojan.rules)
  2840031 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC)
(trojan.rules)
  2840032 - ETPRO TROJAN Win32/AgentTesla/OriginLogger Data Exfil via SMTP
M2 (trojan.rules)
  2840033 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-19 1) (trojan.rules)
  2840034 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-19 2) (trojan.rules)
  2840035 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish
2019-12-20 (current_events.rules)
  2840036 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-12-20
(current_events.rules)
  2840037 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-20
(current_events.rules)
  2840038 - ETPRO CURRENT_EVENTS Successful Docusign Phish 2019-12-20
(current_events.rules)
  2840039 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-12-20
(current_events.rules)
  2840040 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-12-20
(current_events.rules)
  2840041 - ETPRO TROJAN RuntimeB CnC Initial Checkin (trojan.rules)
  2840042 - ETPRO TROJAN RuntimeB CnC Heartbeat (trojan.rules)
  2840043 - ETPRO TROJAN Win32.Unwaders.C CnC Activity (trojan.rules)
  2840044 - ETPRO TROJAN Win32/Remcos RAT Checkin 286 (trojan.rules)
  2840045 - ETPRO TROJAN Win32/Remcos RAT Checkin 287 (trojan.rules)
  2840046 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC)
(trojan.rules)


[---]         Removed rules:         [---]

  2024759 - ET WEB_SERVER Possible OptionsBleed (CVE-2017-9798)
(web_server.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20191220/9317fb93/attachment.html>


More information about the Emerging-updates mailing list