[Emerging-updates] Daily Ruleset Update Summary 2019/03/14

James Emery-Callcott jcallcott at emergingthreats.net
Thu Mar 14 15:23:06 HDT 2019 

[***]            Summary:            [***]

  2 new Open, 56 new Pro (2 + 54).  CageyChameleon, CVE-2019-0703, Various
SSL/TLS, Various Phish.

[+++]          Added rules:          [+++]

Open:

  2027083 - ET TROJAN Win32/Termite Agent Implant CnC Checkin (trojan.rules)
  2027084 - ET TROJAN Win32/Termite Agent Implant Keep-Alive (trojan.rules)

Pro:

  2835331 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Wroba.g Reporting
Infection via SMTP (mobile_malware.rules)
  2835332 - ETPRO MOBILE_MALWARE Android/Wangniu Checkin
(mobile_malware.rules)
  2835333 - ETPRO MOBILE_MALWARE Android/Domob.G Checkin
(mobile_malware.rules)
  2835334 - ETPRO MOBILE_MALWARE Android.Monitor.SpyApp.D CnC Beacon
(mobile_malware.rules)
  2835335 - ETPRO TROJAN Possible BabyShark HTA Download (trojan.rules)
  2835336 - ETPRO TROJAN Receiving BabyShark HTA (trojan.rules)
  2835337 - ETPRO TROJAN VBS/CageyChameleon Retrieving In-Memory Implant
(trojan.rules)
  2835338 - ETPRO TROJAN VBS/CageyChameleon Receiving In-Memory Implant
(trojan.rules)
  2835339 - ETPRO TROJAN VBS/CageyChameleon CnC Beacon (trojan.rules)
  2835340 - ETPRO TROJAN VBS/CageyChameleon CnC Beacon (Common Malicious
Process List Construct) (trojan.rules)
  2835341 - ETPRO TROJAN VBS/CageyChameleon Receiving Command (trojan.rules)
  2835342 - ETPRO TROJAN VBS/CageyChameleon Retrieving Further Stage
Payload (trojan.rules)
  2835343 - ETPRO TROJAN PowerShell/PowerPike CnC Beacon (trojan.rules)
  2835344 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-14 1) (trojan.rules)
  2835345 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-14 2) (trojan.rules)
  2835346 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-14 3) (trojan.rules)
  2835347 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-14 4) (trojan.rules)
  2835348 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-14 5) (trojan.rules)
  2835349 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-14 6) (trojan.rules)
  2835350 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-14 7) (trojan.rules)
  2835351 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-14 8) (trojan.rules)
  2835352 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-14 9) (trojan.rules)
  2835353 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-14 10) (trojan.rules)
  2835354 - ETPRO EXPLOIT Possible CVE-2019-0703 Request SMBv1
(exploit.rules)
  2835355 - ETPRO EXPLOIT Possible CVE-2019-0703 Response SMBv1
(exploit.rules)
  2835356 - ETPRO EXPLOIT Possible CVE-2019-0703 Request SMBv2
(exploit.rules)
  2835357 - ETPRO EXPLOIT Possible CVE-2019-0703 Response SMBv2
(exploit.rules)
  2835358 - ETPRO TROJAN Unit13 Reporting Infection (trojan.rules)
  2835359 - ETPRO TROJAN ELF/Tsunami.NCF IRC Checkin (trojan.rules)
  2835360 - ETPRO CURRENT_EVENTS Observed EXE Request for Ursnif Payload
2018-03-14 (current_events.rules)
  2835361 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2835363 - ETPRO TROJAN Observed Malicious SSL Cert (VBS Downloader/CnC)
(trojan.rules)
  2835364 - ETPRO TROJAN Observed Malicious SSL Cert (VBS Downloader/CnC 2)
(trojan.rules)
  2835365 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-03-13
(current_events.rules)
  2835366 - ETPRO CURRENT_EVENTS Successful CAF FR Phish 2019-03-14
(current_events.rules)
  2835367 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-03-14
(current_events.rules)
  2835368 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2019-03-14
(current_events.rules)
  2835369 - ETPRO CURRENT_EVENTS Successful Booking.com Phish 2019-03-14
(current_events.rules)
  2835370 - ETPRO CURRENT_EVENTS Successful Smartsheet Phish 2019-03-14
(current_events.rules)
  2835371 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-03-14
(current_events.rules)
  2835372 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-03-14
(current_events.rules)
  2835373 - ETPRO CURRENT_EVENTS Successful Paypal Credit Card Information
Phish 2019-03-14 (current_events.rules)
  2835374 - ETPRO CURRENT_EVENTS Successful Vodafone Credit Card
Information Phish 2019-03-14 (current_events.rules)
  2835375 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-03-14
(current_events.rules)
  2835376 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-03-14 (current_events.rules)
  2835377 - ETPRO CURRENT_EVENTS Successful Outlook Phish 2019-03-14
(current_events.rules)
  2835378 - ETPRO CURRENT_EVENTS Successful Citrix Sharefile Phish
2019-03-14 (current_events.rules)
  2835379 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2019-03-14
(current_events.rules)
  2835380 - ETPRO CURRENT_EVENTS Successful Luno Phish 2019-03-14
(current_events.rules)
  2835381 - ETPRO CURRENT_EVENTS Successful Deutsche Bank Phish 2019-03-14
(current_events.rules)
  2835382 - ETPRO CURRENT_EVENTS Successful Paxful Phish 2019-03-14
(current_events.rules)
  2835383 - ETPRO CURRENT_EVENTS Successful Paxful Phish 2019-03-14
(current_events.rules)
  2835384 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-03-14
(current_events.rules)
  2835385 - ETPRO CURRENT_EVENTS Successful RedButton Phish 2019-03-14
(current_events.rules)

[///]     Modified active rules:     [///]

  2831259 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.bo CnC
Beacon (mobile_malware.rules)
  2832759 - ETPRO CURRENT_EVENTS MalDoc Requesting Ursnif Payload
2018-09-24 (current_events.rules)


---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20190315/56234240/attachment.html>

More information about the Emerging-updates mailing list