[Emerging-updates] Daily Ruleset Update Summary 2019/12/31

Jason Williams jwilliams at emergingthreats.net
Tue Dec 31 14:18:02 HST 2019


[***]            Summary:            [***]

  6 new Open, 46 new Pro (6 + 40). Various IoT Vulns, Various Ransomware,
Various Coinminers, Various Powershell, and VARIOUS PHISH.

  tks @malwrhunterteam

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

 [+++]          Added rules:          [+++]

 Open:

  2003626 - ET INFO Double User-Agent (User-Agent User-Agent) (info.rules)
  2029212 - ET TROJAN Win32/ViSystem CnC Checkin (trojan.rules)
  2029213 - ET EXPLOIT Linear eMerge E3 Unauthenticated Command Injection
Outbound (CVE-2019-7256) (exploit.rules)
  2029214 - ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command
Execution Inbound (exploit.rules)
  2029215 - ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command
Execution Outbound (exploit.rules)
  2029216 - ET INFO Suspicious Chmod Usage in URI (Outbound) (info.rules)

 Pro:

  2839239 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2839646 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2839648 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2839671 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2839837 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2839839 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2839940 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2839942 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2839944 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2839946 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2840023 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2840163 - ETPRO TROJAN Win32/PredatorTheThief CnC Activity (trojan.rules)
  2840164 - ETPRO INFO Observed Decmial Encoded EXE Inbound (info.rules)
  2840165 - ETPRO TROJAN Observed Powershell Browser Stealer Code Inbound
(Chrome) (trojan.rules)
  2840166 - ETPRO TROJAN Powershell Empire Get-ChromeDump Code Inbound
(trojan.rules)
  2840167 - ETPRO INFO Observed Powershell OS Screenshot Code Inbound
(info.rules)
  2840168 - ETPRO INFO Observed Powershell Keylogging Code Inbound
(info.rules)
  2840169 - ETPRO TROJAN Win32/Various Ransomware CnC Activity
(trojan.rules)
  2840170 - ETPRO CURRENT_EVENTS Successful Microsoft Excel Phish
2019-12-31 (current_events.rules)
  2840171 - ETPRO CURRENT_EVENTS Successful Banorte Bank Phish 2019-12-31
(current_events.rules)
  2840172 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-31
(current_events.rules)
  2840173 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-31
(current_events.rules)
  2840174 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-12-31
(current_events.rules)
  2840175 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-12-31 (current_events.rules)
  2840176 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-12-31
(current_events.rules)
  2840177 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-12-31 (current_events.rules)
  2840178 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-12-31 (current_events.rules)
  2840179 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-12-31 (current_events.rules)
  2840180 - ETPRO CURRENT_EVENTS Successful BMO Phish 2019-12-31
(current_events.rules)
  2840181 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-31 (current_events.rules)
  2840182 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-12-31
(current_events.rules)
  2840183 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-12-31
(current_events.rules)
  2840184 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-12-31 (current_events.rules)
  2840185 - ETPRO CURRENT_EVENTS Successful Facebook FR Phish 2019-12-31
(current_events.rules)
  2840186 - ETPRO CURRENT_EVENTS Successful Netease 163 Phish 2019-12-31
(current_events.rules)
  2840187 - ETPRO CURRENT_EVENTS Successful Hinet Phish 2019-12-31
(current_events.rules)
  2840188 - ETPRO CURRENT_EVENTS Successful Sprint Identityguard Phish
2019-12-31 (current_events.rules)
  2840189 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-31 1) (trojan.rules)
  2840190 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-31 2) (trojan.rules)
  2840191 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-31 3) (trojan.rules)

 [///]     Modified active rules:     [///]

  2009363 - ET WEB_SERVER Suspicious Chmod Usage in URI (Inbound)
(web_server.rules)
  2018403 - ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe
(trojan.rules)
  2028990 - ET TROJAN ELF/Mirai Variant UA Outbound (Ouija_x.86)
(trojan.rules)
  2029207 - ET EXPLOIT Linear eMerge E3 Unauthenticated Command Injection
Inbound (CVE-2019-7256) (exploit.rules)
  2839331 - ETPRO INFO Suspicious User-Agent containing Loader Observed
(info.rules)

 [---]         Removed rules:         [---]

  2003626 - ET MALWARE Double User-Agent (User-Agent User-Agent)
(malware.rules)
  2839239 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound)
(trojan.rules)
  2839646 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound)
(trojan.rules)
  2839648 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound)
(trojan.rules)
  2839671 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound)
(trojan.rules)
  2839837 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound)
(trojan.rules)
  2839839 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound)
(trojan.rules)
  2839940 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound)
(trojan.rules)
  2839942 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound)
(trojan.rules)
  2839944 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound)
(trojan.rules)
  2839946 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound)
(trojan.rules)
  2840023 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound)
(trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20191231/f9a68f4b/attachment.html>


More information about the Emerging-updates mailing list