[Emerging-updates] Daily Ruleset Update Summary 2019/07/31

Jason Williams jwilliams at emergingthreats.net
Wed Jul 31 13:51:46 HDT 2019 

[***]            Summary:            [***]

  2 new Open, 22 new Pro (2 + 20). Phorpiex, Origin Logger, Ursnif, Remcos,
Various Phish.

  Thanks @James_inthe_box, Duane Howard

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

 [+++]          Added rules:          [+++]

 Open:

  2027766 - ET POLICY Windows Update P2P Activity (policy.rules)
  2027769 - ET TROJAN Win32/Phorpiex Template 5 Active - Outbound Malicious
Email Spam (trojan.rules)

 Pro:

  2837781 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.dr Checkin
(mobile_malware.rules)
  2837782 - ETPRO TROJAN Win32/Origin Logger SMTP Exfil (trojan.rules)
  2837784 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.typ Checkin
(mobile_malware.rules)
  2837785 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-07-31 1) (trojan.rules)
  2837786 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-07-31 2) (trojan.rules)
  2837787 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-07-31 3) (trojan.rules)
  2837788 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-07-31 4) (trojan.rules)
  2837789 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2019-07-31
(current_events.rules)
  2837790 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-07-31 (current_events.rules)
  2837791 - ETPRO CURRENT_EVENTS Successful Facebook Messenger Phish
2019-07-31 (current_events.rules)
  2837792 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
  2837793 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
  2837794 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
  2837795 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Worker CnC)
(trojan.rules)
  2837796 - ETPRO TROJAN Win32/Remcos RAT Checkin 116 (trojan.rules)
  2837797 - ETPRO TROJAN Win32/Remcos RAT Checkin 117 (trojan.rules)
  2837798 - ETPRO TROJAN Win32/Remcos RAT Checkin 118 (trojan.rules)
  2837799 - ETPRO TROJAN Win32/Remcos RAT Checkin 119 (trojan.rules)
  2837800 - ETPRO TROJAN Win32/Phorpiex CnC Checkin (trojan.rules)
  2837801 - ETPRO TROJAN Observed Malicious SSL Cert (SONE CnC)
(trojan.rules)

 [///]     Modified active rules:     [///]

  2008038 - ET MALWARE Suspicious User-Agent (Mozilla/4.0 (compatible ICS))
(malware.rules)
  2013220 - ET INFO DYNAMIC_DNS HTTP Request to a 3322.net Domain *.8866.org
(info.rules)
  2020029 - ET TROJAN Win32/Spy.Agent.OHT - AnunakAPT HTTP Checkin 2
(trojan.rules)
  2823335 - ETPRO TROJAN Nanocore Checkin Pattern (set) 2 (trojan.rules)
  2823336 - ETPRO TROJAN Nanocore Checkin Pattern (set) 4 (trojan.rules)
  2823338 - ETPRO TROJAN Nanocore Checkin Pattern (set) 3 (trojan.rules)
  2833617 - ETPRO TROJAN Win32/Phorpiex Template 2 Active - Outbound
Malicious Email Spam (trojan.rules)
  2836270 - ETPRO TROJAN QuasarRAT C2 Init (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20190731/543dc681/attachment.html>

More information about the Emerging-updates mailing list