[Emerging-updates] Daily Ruleset Update Summary 2019/07/24
Jack Mott
jmott at emergingthreats.net
Wed Jul 24 13:01:13 HDT 2019
[***] Summary: [***]
3 new Open, 42 new Pro (3 + 39). Phorpiex, Win32/APosT.egz, MalDoc
Downloaders, Various Mobile, Various Phishing.
Thanks: @travisbgreen
[+++] Added rules: [+++]
Open:
2027754 - ET TROJAN LooCipher Ransomware Onion Domain (trojan.rules)
2027755 - ET USER_AGENTS Suspicious UA Observed (Quick Macros)
(user_agents.rules)
2027756 - ET TROJAN Phorpiex CnC Domain in DNS Lookup (trojan.rules)
Pro:
2837648 - ETPRO MOBILE_MALWARE Android/SmsSpy.BR!tr Contact Exfil via
SMTP (mobile_malware.rules)
2837649 - ETPRO MOBILE_MALWARE Andr/SMSSpy-DY Contact Exfil via SMTP
(mobile_malware.rules)
2837650 - ETPRO MOBILE_MALWARE AndroidOS/SmsSpy.AH Contact Exfil via SMTP
2 (mobile_malware.rules)
2837651 - ETPRO MOBILE_MALWARE Android.Styricka.GEN6212 Contact Exfil via
SMTP (mobile_malware.rules)
2837652 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-07-24) (current_events.rules)
2837664 - ETPRO TROJAN Win32/APosT.egz CnC Activity (trojan.rules)
2837665 - ETPRO TROJAN Win32/Remcos RAT Checkin 112 (trojan.rules)
2837666 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-07-24 1) (trojan.rules)
2837667 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-07-24 2) (trojan.rules)
2837668 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-07-24
(current_events.rules)
2837669 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2019-07-24
(current_events.rules)
2837670 - ETPRO CURRENT_EVENTS Successful TalkTalk Mail Phish 2019-07-24
(current_events.rules)
2837671 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2019-07-24
(current_events.rules)
2837672 - ETPRO CURRENT_EVENTS Successful Generic Mail Error Report Phish
2019-07-24 (current_events.rules)
2837673 - ETPRO CURRENT_EVENTS Successful Wells Fargon Phish 2019-07-24
(current_events.rules)
2837674 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-07-24 (current_events.rules)
2837675 - ETPRO CURRENT_EVENTS Successful LCL Banque et Assurance Phish
2019-07-24 (current_events.rules)
2837676 - ETPRO CURRENT_EVENTS Successful Deutsche Bank Phish 2019-07-24
(current_events.rules)
2837677 - ETPRO TROJAN Phorpiex RC4 Encrypted Payload Inbound via HTTP
(trojan.rules)
2837678 - ETPRO MALWARE Win32/Downloader.Soft32 Checkin (malware.rules)
2837679 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
2837680 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
2837681 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
2837682 - ETPRO CURRENT_EVENTS MalDoc Downloader - Multiple Hex Encoded
Unescape Commands from Pastebin M2 (current_events.rules)
2837683 - ETPRO CURRENT_EVENTS MalDoc Downloader - Multiple Hex Encoded
Unescape Commands from Pastebin M1 (current_events.rules)
2837684 - ETPRO TROJAN Win32/Injector.EAHK Activity - Pastebin Data
Request (trojan.rules)
2837685 - ETPRO CURRENT_EVENTS Base64 Encoded Paste .ee url in Pastebin
(current_events.rules)
2837686 - ETPRO MALWARE Win32/Adware.Zzinfor.U Retrieving Payload Details
(malware.rules)
[///] Modified active rules: [///]
2026851 - ET TROJAN TeamBot CnC Activity (trojan.rules)
2837003 - ETPRO TROJAN MSIL/Kryptik.RKI Stealer Variant Requesting File
Types (trojan.rules)
2837057 - ETPRO TROJAN Win32/Tiggre!rfn Checkin (trojan.rules)
2837548 - ETPRO TROJAN Win32/Remcos RAT Checkin 111 (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20190724/3886982e/attachment.html>
More information about the Emerging-updates
mailing list