[Emerging-updates] Daily Ruleset Update Summary 2019/07/19
Brandon Murphy
bmurphy at emergingthreats.net
Fri Jul 19 14:04:30 HDT 2019
[***] Summary: [***]
8 new Open, 26 new Pro (8 + 18). Houdini/H-Worm, Win32/Blacknix, Various
Phishing.
Thanks @James_inthe_box
[+++] Added rules: [+++]
Open:
2027728 - ET TROJAN Win32/Ketrican CnC Activity (trojan.rules)
2027729 - ET TROJAN Windigo SSH Connection Received (Ebury < 1.7.0)
(trojan.rules)
2027730 - ET TROJAN Windigo SSH Connection Received (Ebury > 1.7.0)
(trojan.rules)
2027731 - ET TROJAN Win32/Blacknix CnC Checkin (trojan.rules)
2027732 - ET TROJAN Win32/Blacknix CnC Heartbeat (trojan.rules)
2027733 - ET POLICY Disposable Email Provider Domain in DNS Lookup (www
.yopmail .com) (policy.rules)
2027734 - ET TROJAN Proyecto RAT Variant - Yopmail Login attempt (set)
(trojan.rules)
2027735 - ET TROJAN Proyecto RAT Variant - Yopmail Stage 2 CnC Retrieval
(trojan.rules)
Pro:
2837597 - ETPRO TROJAN Win32/Dunihi/Houdini/H-Worm Variant Checkin
(trojan.rules)
2837598 - ETPRO TROJAN Win32/Dunihi/Houdini/H-Worm Config Inbound
(trojan.rules)
2837599 - ETPRO TROJAN Win32/Dunihi/Houdini/H-Worm Miner Activity
(trojan.rules)
2837600 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2837601 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-07-19) (current_events.rules)
2837602 - ETPRO CURRENT_EVENTS MalDoc Retrieving Payload 2019-07-19
(current_events.rules)
2837603 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-07-19 1) (trojan.rules)
2837604 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-07-19 2) (trojan.rules)
2837605 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-07-19 3) (trojan.rules)
2837606 - ETPRO CURRENT_EVENTS Successful BMO Phish 2019-07-19
(current_events.rules)
2837607 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-07-19
(current_events.rules)
2837608 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-07-19 (current_events.rules)
2837609 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-07-19 (current_events.rules)
2837610 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2019-07-19
(current_events.rules)
2837611 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-07-19
(current_events.rules)
2837612 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-07-19 (current_events.rules)
2837613 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-07-19 (current_events.rules)
2837614 - ETPRO CURRENT_EVENTS Successful Unicredit Phish 2019-07-19
(current_events.rules)
[///] Modified active rules: [///]
2017994 - ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm Checkin UA
(trojan.rules)
[---] Disabled and modified rules: [---]
2837196 - ETPRO MOBILE_MALWARE Android/Hiddad.FCD Checkin 2
(mobile_malware.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20190719/2c569565/attachment.html>
More information about the Emerging-updates
mailing list