[Emerging-updates] Daily Ruleset Update Summary 2019/12/30

Jack Mott jmott at emergingthreats.net
Mon Dec 30 14:41:54 HST 2019


[***]            Summary:            [***]

  9 new Open, 30 new Pro (9 + 21). CVE-2019-19781, Dark Nexus, Win32/Namoo,
Remcos and Various Phish.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

 [+++]          Added rules:          [+++]

 Open:

  2029203 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
  2029204 - ET TROJAN Observed Magecart CnC Domain in TLS SNI (trojan.rules)
  2029205 - ET TROJAN Malicious SSL Cert (Magecart) (trojan.rules)
  2029206 - ET EXPLOIT Possible Citrix Application Delivery Controller
Arbitrary Code Execution Attempt (CVE-2019-19781) (exploit.rules)
  2029207 - ET EXPLOIT Linear eMerge E3 Unauthenticated Command Injection
(CVE-2019-7256) (exploit.rules)
  2029208 - ET SCAN Dark Nexus IoT Variant User-Agent (Inbound) (scan.rules)
  2029209 - ET TROJAN Dark Nexus IoT Variant User-Agent (Outbound)
(trojan.rules)
  2029210 - ET MALWARE Win32/DownloadAssistant.Q Variant Checkin
(malware.rules)
  2029211 - ET MALWARE Win32/DownloadAssistant.G Variant Error Report
(malware.rules)

 Pro:

  2840142 - ETPRO TROJAN Win32/BlackNET CnC Checkin M2 (trojan.rules)
  2840143 - ETPRO TROJAN Win32/Hawkeye ReBorn Stealer Style Screenshot
Upload (trojan.rules)
  2840144 - ETPRO CURRENT_EVENTS MalDoc Retrieving Evil exe/msi/doc M2
(current_events.rules)
  2840145 - ETPRO TROJAN Win32/Unk.Stealer Browser Passwords Exfil
(trojan.rules)
  2840146 - ETPRO TROJAN Win32/Unk.Stealer Screenshot Exfil (trojan.rules)
  2840147 - ETPRO TROJAN Win32/Unk.Stealer Clipboard Data Exfil
(trojan.rules)
  2840148 - ETPRO TROJAN Win32/Namoo CnC Initial Host Checkin (trojan.rules)
  2840149 - ETPRO TROJAN Win32/Namoo CnC Activity (trojan.rules)
  2840150 - ETPRO TROJAN Possible Win32/Namoo CnC Activity Response
(trojan.rules)
  2840151 - ETPRO TROJAN Win32/Unk.Spambot (trojan.rules)
  2840152 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2019-12-30
(current_events.rules)
  2840153 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2019-12-30
(current_events.rules)
  2840154 - ETPRO CURRENT_EVENTS Successful American Express Phish
2019-12-30 (current_events.rules)
  2840155 - ETPRO CURRENT_EVENTS Successful American Express Phish
2019-12-30 (current_events.rules)
  2840156 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish
2019-12-30 (current_events.rules)
  2840157 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
2019-12-30 (current_events.rules)
  2840158 - ETPRO CURRENT_EVENTS Successful Fidelity Phish 2019-12-30
(current_events.rules)
  2840159 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-12-30
(current_events.rules)
  2840160 - ETPRO TROJAN Shasaizi CnC Host Checkin (trojan.rules)
  2840161 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-30 (current_events.rules)
  2840162 - ETPRO TROJAN Win32/Remcos RAT Checkin 294 (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20191230/223596e8/attachment.html>


More information about the Emerging-updates mailing list