[Emerging-updates] Daily Ruleset Update Summary 2019/07/29

Jason Williams jwilliams at emergingthreats.net
Mon Jul 29 13:53:09 HDT 2019 

[***]            Summary:            [***]

  3 new Open, 21 new Pro (3 + 18). Phorpiex, ICMP Tunneling, W32/Azden,
Various Phish.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

 [+++]          Added rules:          [+++]

 Open:

  2027763 - ET TROJAN Possible ICMP Backdoor Tunnel Command - whoami
(trojan.rules)
  2027764 - ET CURRENT_EVENTS Successful Generic Adobe Phish 2019-07-29
(current_events.rules)
  2027765 - ET POLICY External IP Lookup (extreme-ip-lookup .com)
(policy.rules)

 Pro:

  2837733 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-07-27 (current_events.rules)
  2837735 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-07-29 1) (trojan.rules)
  2837736 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-07-29 2) (trojan.rules)
  2837737 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-07-29 3) (trojan.rules)
  2837738 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-07-29 4) (trojan.rules)
  2837739 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-07-29 5) (trojan.rules)
  2837740 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-07-29
(current_events.rules)
  2837741 - ETPRO CURRENT_EVENTS Successful Orange FR Phish 2019-07-29
(current_events.rules)
  2837742 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-07-29
(current_events.rules)
  2837743 - ETPRO CURRENT_EVENTS Successful GMX Phish 2019-07-29
(current_events.rules)
  2837744 - ETPRO CURRENT_EVENTS Successful Generic 000webhost Phish
2019-07-29 (current_events.rules)
  2837745 - ETPRO INFO Suspicious SSL Cert with Repeated Generic Values in
Cert Subject (info.rules)
  2837746 - ETPRO INFO Suspicious SSL Cert with Repeated Generic Values in
Cert Issuer (info.rules)
  2837747 - ETPRO TROJAN Observed Malicious SSL Cert (PoshAdvisor CnC)
(trojan.rules)
  2837748 - ETPRO TROJAN Phorpiex RC4 Encrypted Payload Inbound via HTTP
(1024 signature) (trojan.rules)
  2837749 - ETPRO TROJAN Phorpiex RC4 Encrypted Payload Inbound via HTTP
(2048 signature) (trojan.rules)
  2837750 - ETPRO TROJAN Win32/Azden.A CnC Checkin (trojan.rules)
  2837751 - ETPRO MALWARE Win32/Adposhel Adware Activity (malware.rules)

 [///]     Modified active rules:     [///]

  2801300 - ETPRO USER_AGENTS SUSPICIOUS UA Starting With IE6
(user_agents.rules)
  2837677 - ETPRO TROJAN Phorpiex RC4 Encrypted Payload Inbound via HTTP
(512 signature) (trojan.rules)

 [---]         Disabled rules:        [---]

  2027759 - ET DNS Query for .co TLD (dns.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20190729/7b8ab462/attachment.html>

More information about the Emerging-updates mailing list