[Emerging-updates] Daily Ruleset Update Summary 2019/03/06
Jack Mott
jmott at emergingthreats.net
Wed Mar 6 15:41:04 HST 2019
[***] Summary: [***]
18 new Open, 69 new Pro (18 + 51). Py/MechaFlounder, FinderBot, SkidRAT
Botnet, Various SSL, Mirai, Various Phishing.
[+++] Added rules: [+++]
Open:
2027046 - ET CURRENT_EVENTS Possible Successful Generic Phish (set)
2019-03-06 (current_events.rules)
2027047 - ET TROJAN Py/MechaFlounder CnC Checkin (trojan.rules)
2027048 - ET TROJAN Py/MechaFlounder CnC Activity - Reporting Sleep
Command Success (trojan.rules)
2027049 - ET TROJAN Py/MechaFlounder CnC Activity - Reporting Download
Command Success (trojan.rules)
2027050 - ET TROJAN Py/MechaFlounder CnC Activity - Reporting Download
Command Error (trojan.rules)
2027051 - ET TROJAN Py/MechaFlounder CnC Activity - Reporting Upload
Command Success (trojan.rules)
2027052 - ET TROJAN Py/MechaFlounder CnC Activity - Reporting Upload
Command Error (trojan.rules)
2027053 - ET TROJAN Py/MechaFlounder CnC Activity - Reporting Directory
Change Command Success (trojan.rules)
2027054 - ET TROJAN Chafer CnC DNS Query (trojan.rules)
2027055 - ET TROJAN Chafer CnC DNS Query (trojan.rules)
2027056 - ET TROJAN Sidewinder CnC DNS Query (trojan.rules)
2027057 - ET TROJAN MSIL/SkidRat CnC Checkin M1 (trojan.rules)
2027058 - ET TROJAN FIN6 StealerOne CnC Domain in SNI (trojan.rules)
2027059 - ET TROJAN FIN6 StealerOne CnC DNS Query (trojan.rules)
2027060 - ET USER_AGENTS MSIL/SkidRat User-Agent Observed
(user_agents.rules)
2027061 - ET TROJAN MSIL/SkidRat CnC Checkin M2 (trojan.rules)
2027062 - ET TROJAN MSIL/SkidRat CnC Checkin M3 (trojan.rules)
2027063 - ET EXPLOIT Outbound GPON Authentication Bypass Attempt
(CVE-2018-10561) (exploit.rules)
Pro:
2835175 - ETPRO MOBILE_MALWARE Android/Hiddad.FU Checkin
(mobile_malware.rules)
2835176 - ETPRO MOBILE_MALWARE Android.Trojan-Downloader.Agent.bj
<http://android.trojan-downloader.agent.bj/> Checkin (mobile_malware.rules)
2835177 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-06 1) (trojan.rules)
2835178 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-06 2) (trojan.rules)
2835179 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-06 3) (trojan.rules)
2835180 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-06 4) (trojan.rules)
2835181 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-06 5) (trojan.rules)
2835182 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-06 6) (trojan.rules)
2835183 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-06 7) (trojan.rules)
2835184 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-06 8) (trojan.rules)
2835185 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-06 9) (trojan.rules)
2835186 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-06 10) (trojan.rules)
2835187 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-06 11) (trojan.rules)
2835188 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-06 12) (trojan.rules)
2835189 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-06 13) (trojan.rules)
2835190 - ETPRO TROJAN Win32/Pterodo.NG Checkin (trojan.rules)
2835191 - ETPRO CURRENT_EVENTS Orcus RAT Dropper Domain in DNS Lookup
(current_events.rules)
2835192 - ETPRO CURRENT_EVENTS Orcus RAT Dropper Domain in TLS SNI
(current_events.rules)
2835193 - ETPRO POLICY Observed SSL Cert (External IP Lookup (www.
myexternalip .com)) (policy.rules)
2835194 - ETPRO POLICY Observed SSL Cert (External IP Lookup (whatsmyip
.net)) (policy.rules)
2835195 - ETPRO TROJAN Win32/Shade/Troldesh Ransomware External IP Check
4 (trojan.rules)
2835196 - ETPRO POLICY Observed External IP Check (whatsmyip .net)
(policy.rules)
2835197 - ETPRO TROJAN Observed Malicious SSL Cert (URLZone CnC)
(trojan.rules)
2835198 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2835199 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
2835200 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
2835201 - ETPRO CURRENT_EVENTS Successful Landesbank Berlin Phish
2019-03-06 (current_events.rules)
2835202 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-03-06
(current_events.rules)
2835203 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-03-06 (current_events.rules)
2835204 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-03-06
(current_events.rules)
2835205 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-03-06
(current_events.rules)
2835206 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2019-03-06
(current_events.rules)
2835207 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-03-06 (current_events.rules)
2835208 - ETPRO CURRENT_EVENTS Successful Emirates NBD Bank Phish
2019-03-06 (current_events.rules)
2835209 - ETPRO CURRENT_EVENTS Successful Banco de Oro Phish 2019-03-06
(current_events.rules)
2835210 - ETPRO CURRENT_EVENTS Successful Banco de Oro Phish 2019-03-06
(current_events.rules)
2835211 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-03-06 (current_events.rules)
2835212 - ETPRO CURRENT_EVENTS Successful Exchange Email Settings Phish
2019-03-06 (current_events.rules)
2835213 - ETPRO TROJAN Win32/Vake.D Requesting Payload (trojan.rules)
2835214 - ETPRO MALWARE ReimagePlus PUA Checkin M1 (malware.rules)
2835215 - ETPRO MALWARE ReimagePlus PUA Checkin M2 (malware.rules)
2835216 - ETPRO TROJAN Win32/Agent.RNS Requesting New Payload CnC Address
(trojan.rules)
2835217 - ETPRO TROJAN Win32/Agent.RNS Requesting Payload (trojan.rules)
2835218 - ETPRO USER_AGENTS ELF/Mirai Hotaru Variant User-Agent
(user_agents.rules)
2835219 - ETPRO USER_AGENTS ELF/Mirai OKANE Variant User-Agent
(user_agents.rules)
2835220 - ETPRO USER_AGENTS ELF/Mirai Sefa Variant User-Agent
(user_agents.rules)
2835221 - ETPRO EXPLOIT D-LINK Router DSL-2750B RCE M2 - Outbound
(metasploit version) (exploit.rules)
2835222 - ETPRO EXPLOIT Huawei Remote Command Execution - Outbound
(CVE-2017-17215) (exploit.rules)
2835223 - ETPRO EXPLOIT AVTECH IP Camera Unauthenticated CGI Dir
Vulnerability - Outbound (exploit.rules)
2835224 - ETPRO USER_AGENTS ELF/Mirai LMAO Variant User-Agent
(user_agents.rules)
2835225 - ETPRO USER_AGENTS ELF/Mirai Solstice Variant User-Agent
(user_agents.rules)
[///] Modified active rules: [///]
2018856 - ET TROJAN Windows executable base64 encoded (trojan.rules)
2026563 - ET TROJAN MSIL/KeyRedirEx Banker Receiving Redirect/Inject List
(trojan.rules)
2824368 - ETPRO TROJAN Oilrig/Chafer Dev VBS Checkin (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20190306/5ff633ae/attachment.html>
More information about the Emerging-updates
mailing list