[Emerging-updates] Daily Ruleset Update Summary 2019/03/07

Jack Mott jmott at emergingthreats.net
Thu Mar 7 15:20:17 HST 2019 

[***]            Summary:            [***]

4 new Open, 18 new Pro (4 + 14). EarthWorm/Termite IoT Agent, Various
MalDoc, Various SSL, Various Phishing.

Thanks: AlienVault

[+++]          Added rules:          [+++]

Open:

  2027064 - ET TROJAN [AV] EarthWorm/Termite IoT Agent Reporting Infection
(trojan.rules)
  2027065 - ET TROJAN EarthWorm/Termite IoT Agent CnC Response
(trojan.rules)
  2027066 - ET TROJAN OSX/EvilOSX Client Receiving Commands (trojan.rules)
  2027068 - ET TROJAN Observed Malicious SSL Cert (APT32 JEShell CnC)
(trojan.rules)

Pro:

  2835226 - ETPRO TROJAN MalDoc Retrieving Payload 2019-03-06 (trojan.rules)
  2835227 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2835228 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC)
(trojan.rules)
  2835229 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC)
(trojan.rules)
  2835230 - ETPRO CURRENT_EVENTS Successful Mweb Phish 2019-03-07
(current_events.rules)
  2835231 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-03-07
(current_events.rules)
  2835232 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-03-07
(current_events.rules)
  2835233 - ETPRO CURRENT_EVENTS Successful Generic Download Document Phish
2019-03-07 (current_events.rules)
  2835234 - ETPRO CURRENT_EVENTS Successful Generic Mailbox Phish
2019-03-07 (current_events.rules)
  2835235 - ETPRO CURRENT_EVENTS Successful Rabobank Phish 2019-03-07
(current_events.rules)
  2835236 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-03-07 (current_events.rules)
  2835237 - ETPRO CURRENT_EVENTS Successful Comcast/Xfinity Phish
2019-03-07 (current_events.rules)
  2835238 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-03-07
(current_events.rules)
  2835240 - ETPRO CURRENT_EVENTS MalDoc Retrieving Dridex Payload
2018-03-06 (current_events.rules)

 [///]     Modified active rules:     [///]

  2027048 - ET TROJAN Py/MechaFlounder CnC Activity - Reporting Sleep
Command Success (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20190307/a65a99bb/attachment.html>

More information about the Emerging-updates mailing list