[Emerging-updates] Daily Ruleset Update Summary 2019/07/23

Jack Mott jmott at emergingthreats.net
Tue Jul 23 13:55:30 HDT 2019 

[***]            Summary:            [***]

13 new Open, 27 new Pro (13 + 14). ShellTea, BADHATCH, Win32/F1 Loader,
Various Phishing.

 [+++]          Added rules:          [+++]

 Open:

  2027741 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
  2027742 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
  2027743 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
  2027744 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
  2027745 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
  2027746 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
  2027747 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
  2027748 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
  2027749 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
  2027750 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
  2027751 - ET TROJAN [GIGAMON_ATR] FIN8 BADHATCH Remote Shell Banner
(trojan.rules)
  2027752 - ET TROJAN [GIGAMON_ATR] FIN8 BADHATCH CnC Checkin (trojan.rules)
  2027753 - ET TROJAN Observed Malicious SSL Cert (Various CnC)
(trojan.rules)

Pro:

  2837634 - ETPRO TROJAN Win32/F1 Loader CnC Checkin (trojan.rules)
  2837635 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-07-23 (current_events.rules)
  2837636 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-07-23 (current_events.rules)
  2837637 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2019-07-23 (current_events.rules)
  2837638 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-07-23 (current_events.rules)
  2837639 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish 2019-07-23
(current_events.rules)
  2837640 - ETPRO CURRENT_EVENTS Successful Maersk Phish 2019-07-23
(current_events.rules)
  2837641 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-07-23 1) (trojan.rules)
  2837642 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-07-23 2) (trojan.rules)
  2837643 - ETPRO TROJAN Worm.AutoIt/Renocide.gen!A Config Inbound
(trojan.rules)
  2837644 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
  2837645 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
  2837646 - ETPRO EXPLOIT Possible NOP Sled on RDP Port (exploit.rules)
  2837647 - ETPRO POLICY HTTP Request to External IP Lookup Domain (ip1
.dynupdate .no-ip .com) (policy.rules)

 [///]     Modified active rules:     [///]

  2837617 - ETPRO TROJAN Likely Hostile DNS Query for Hex Encoded IP
Address as Domain Name (trojan.rules)
  2837632 - ETPRO USER_AGENTS Win32/MegaSearch Adware Related UA
(user_agents.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20190723/0368f57e/attachment.html>

More information about the Emerging-updates mailing list