[Emerging-updates] Daily Ruleset Update Summary 2019/07/11

Jason Williams jwilliams at emergingthreats.net
Thu Jul 11 13:39:17 HDT 2019 

[***]            Summary:            [***]

  7 new Open, 27 new Pro (7 + 20).  eCh0raix, Cobalt Group, Olive62 ELF,
Various Phish.

  Thanks: Kevin Ross

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

 Open:

  2027699 - ET CURRENT_EVENTS Successful Generic Miarroba Phish 2019-07-11
(current_events.rules)
  2027700 - ET TROJAN Amadey CnC Check-In (trojan.rules)
  2027701 - ET TROJAN eCh0raix/QNAPCrypt CnC Activity - Started
(trojan.rules)
  2027702 - ET TROJAN eCh0raix/QNAPCrypt CnC Activity - Done (trojan.rules)
  2027703 - ET POLICY Socks5 Proxy to Onion (set) (policy.rules)
  2027704 - ET TROJAN eCh0raix/QNAPCrypt Requesting Key/Wallet/Note
(trojan.rules)
  2027705 - ET TROJAN eCh0raix/QNAPCrypt Successful Server Response
(trojan.rules)

 Pro:

  2837455 - ETPRO TROJAN ELF/Olive62 Reporting Infection (trojan.rules)
  2837456 - ETPRO POLICY Observed Suspicious SSL Cert (CN Value (none))
(policy.rules)
  2837457 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-07-11) (current_events.rules)
  2837458 - ETPRO CURRENT_EVENTS Successful Standard Chartered Bank Phish
2019-07-11 (current_events.rules)
  2837459 - ETPRO CURRENT_EVENTS Successful Standard Chartered Bank Phish
2019-07-11 (current_events.rules)
  2837460 - ETPRO CURRENT_EVENTS Successful Standard Chartered Bank Phish
2019-07-11 (current_events.rules)
  2837461 - ETPRO TROJAN SSL/TLS Certificate Observed (Cobalt Group)
(trojan.rules)
  2837462 - ETPRO TROJAN SSL/TLS Certificate Observed (Cobalt Group)
(trojan.rules)
  2837463 - ETPRO CURRENT_EVENTS Successful Telstra Webmail Phish
2019-07-11 (current_events.rules)
  2837464 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2019-07-11
(current_events.rules)
  2837465 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-07-11
(current_events.rules)
  2837466 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-07-11
(current_events.rules)
  2837467 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-07-11
(current_events.rules)
  2837468 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-07-11 1) (trojan.rules)
  2837469 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-07-11 2) (trojan.rules)
  2837470 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-07-11 3) (trojan.rules)
  2837471 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-07-11 4) (trojan.rules)
  2837472 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2019-07-11
(current_events.rules)
  2837473 - ETPRO TROJAN Vidar/Arkei/Megumin Stealer Keywords Retrieved
(trojan.rules)
  2837474 - ETPRO POLICY Suspicious Localhost SSL/TLS Certificate Observed
(policy.rules)

 [///]     Modified active rules:     [///]

  2835950 - ETPRO TROJAN Cryptbot Exfiltrating System Data (trojan.rules)

 [---]         Disabled rules:        [---]

  2833502 - ETPRO TROJAN Amadey CnC Check-In (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20190711/f387a38b/attachment.html>

More information about the Emerging-updates mailing list