[Emerging-updates] Daily Ruleset Update Summary 2019/12/26

Jason Williams jwilliams at emergingthreats.net
Thu Dec 26 14:25:48 HST 2019


[***]            Summary:            [***]

  3 new Open, 39 new Pro (3 + 36). Ursu Variant, Grandsteal, Various
Mobile, Coinminers, and Phish.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

 [+++]          Added rules:          [+++]

Open:

  2029198 - ET POLICY Suspicious ToTok Mobile Application DNS Request
(policy.rules)
  2029199 - ET POLICY Suspicious ToTok Mobile Application TLS Request
(policy.rules)
  2029200 - ET TROJAN Observed Malicious SSL Cert (jssLoader CnC)
(trojan.rules)

 Pro:

  2840081 - ETPRO MOBILE_MALWARE Android/Spy.Agent.BAK Checkin
(mobile_malware.rules)
  2840082 - ETPRO MOBILE_MALWARE Android/Spy.Agent.BAK Contact Exfil
(mobile_malware.rules)
  2840083 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-24 1) (trojan.rules)
  2840084 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-24 2) (trojan.rules)
  2840085 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-24 3) (trojan.rules)
  2840086 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-24 4) (trojan.rules)
  2840087 - ETPRO TROJAN Win32/Sisproc CnC Activity (trojan.rules)
  2840088 - ETPRO TROJAN Ursu Variant CnC Initial Checkin (trojan.rules)
  2840089 - ETPRO TROJAN Ursu Variant CnC Activity M1 (trojan.rules)
  2840090 - ETPRO TROJAN Ursu Variant CnC Activity M2 (trojan.rules)
  2840091 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-12-26
(current_events.rules)
  2840092 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2019-12-26
(current_events.rules)
  2840093 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-12-26
(current_events.rules)
  2840094 - ETPRO CURRENT_EVENTS Successful Generic Session Expired Phish
2019-12-26 (current_events.rules)
  2840095 - ETPRO CURRENT_EVENTS Successful USAA Phish 2019-12-26
(current_events.rules)
  2840096 - ETPRO CURRENT_EVENTS Successful PNC Phish 2019-12-26
(current_events.rules)
  2840097 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-26 (current_events.rules)
  2840098 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-12-26
(current_events.rules)
  2840099 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-12-26
(current_events.rules)
  2840100 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-12-26
(current_events.rules)
  2840101 - ETPRO CURRENT_EVENTS Successful Comcast Phish 2019-12-26
(current_events.rules)
  2840102 - ETPRO CURRENT_EVENTS Successful Ratuken Phish 2019-12-26
(current_events.rules)
  2840103 - ETPRO CURRENT_EVENTS Successful US Bank Phish 2019-12-26
(current_events.rules)
  2840104 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2019-12-26
(current_events.rules)
  2840105 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-12-26
(current_events.rules)
  2840106 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-26 (current_events.rules)
  2840107 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-26 (current_events.rules)
  2840108 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-26 (current_events.rules)
  2840109 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-26 (current_events.rules)
  2840110 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-26 (current_events.rules)
  2840111 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-26 (current_events.rules)
  2840112 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-26 (current_events.rules)
  2840113 - ETPRO TROJAN GrandSteal WebSocket Request (trojan.rules)
  2840114 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC)
(trojan.rules)
  2840115 - ETPRO TROJAN Win32/Remcos RAT Checkin 290 (trojan.rules)
  2840116 - ETPRO TROJAN Win32/Remcos RAT Checkin 291 (trojan.rules)

[///]     Modified active rules:     [///]

  2838879 - ETPRO TROJAN GrandSteal Server Response via WebSocket
(trojan.rules)
  2839676 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20191226/e501da5b/attachment.html>


More information about the Emerging-updates mailing list