[Emerging-updates] Daily Ruleset Update Summary 2019/03/18
Jason Williams
jwilliams at emergingthreats.net
Mon Mar 18 13:32:49 HDT 2019
[***] Summary: [***]
11 new Open, 43 new Pro (11 + 32). Router Vulns, GoldenAxe, Dorv Stealer,
Coinminers, Various Phish.
[+++] Added rules: [+++]
Open:
2027085 - ET TROJAN Possible Inbound PowerShell via Invoke-PSImage Stego
(trojan.rules)
2027086 - ET TROJAN Observed Malicious SSL Cert (Gozi CnC) (trojan.rules)
2027087 - ET TROJAN Win32/Dorv Stealer Exfiltrating Data to CnC
(trojan.rules)
2027088 - ET TROJAN Win32/Dorv InfoStealer CnC DNS Query (trojan.rules)
2027089 - ET EXPLOIT Possible LG SuperSign EZ CMS 2.5 RCE
(CVE-2018-17173) (exploit.rules)
2027090 - ET EXPLOIT Possible WePresent WIPG1000 OS Command Injection
(exploit.rules)
2027091 - ET EXPLOIT Possible WePresent WIPG1000 File Inclusion
(exploit.rules)
2027092 - ET EXPLOIT Possible ZyXEL P660HN-T v1 RCE (exploit.rules)
2027093 - ET EXPLOIT Possible Netgear DGN2200 RCE (CVE-2017-6077)
(exploit.rules)
2027094 - ET EXPLOIT Possible Netgear DGN2200 RCE (CVE-2017-6334)
(exploit.rules)
2027095 - ET EXPLOIT Possible Linksys WAP54Gv3 Remote Debug Root Shell
Exploitation Attempt (exploit.rules)
Pro:
2835402 - ETPRO MOBILE_MALWARE Android/SMSreg.AMO Device Info Exfil
(mobile_malware.rules)
2835404 - ETPRO TROJAN GoldenAxe Ransomware C2 (Encryption Start)
(trojan.rules)
2835405 - ETPRO TROJAN GoldenAxe Ransomware C2 (Encryption Finish)
(trojan.rules)
2835406 - ETPRO TROJAN MSIL.Shockk73 Flooder Checkin (trojan.rules)
2835407 - ETPRO TROJAN MSIL.Shockk73 Flooder C2 (trojan.rules)
2835408 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-18 1) (trojan.rules)
2835409 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-18 2) (trojan.rules)
2835410 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-18 3) (trojan.rules)
2835411 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-18 4) (trojan.rules)
2835412 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-18 5) (trojan.rules)
2835413 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-18 6) (trojan.rules)
2835414 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-18 7) (trojan.rules)
2835415 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-18 8) (trojan.rules)
2835416 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2835418 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2019-03-18 (current_events.rules)
2835419 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2019-03-18
(current_events.rules)
2835420 - ETPRO CURRENT_EVENTS Successful ICS Phish 2019-03-18
(current_events.rules)
2835421 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-03-18 (current_events.rules)
2835422 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-03-18
(current_events.rules)
2835423 - ETPRO CURRENT_EVENTS Successful Emirates NBD Phish 2019-03-18
(current_events.rules)
2835424 - ETPRO CURRENT_EVENTS Successful Amegy Bank Phish 2019-03-18
(current_events.rules)
2835425 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-03-18 (current_events.rules)
2835426 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-03-18
(current_events.rules)
2835427 - ETPRO CURRENT_EVENTS Successful OTPbank Phish 2019-03-18
(current_events.rules)
2835428 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-03-18
(current_events.rules)
2835429 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-03-18
(current_events.rules)
2835430 - ETPRO CURRENT_EVENTS Successful US Bank Phish 2019-03-18
(current_events.rules)
2835431 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-03-18
(current_events.rules)
2835432 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2019-03-18
(current_events.rules)
2835433 - ETPRO TROJAN Parasite HTTP CnC Checkin (trojan.rules)
2835434 - ETPRO INFO Inbound Batch File Creating Scheduled Task as System
(info.rules)
2835435 - ETPRO TROJAN Win32/Emotet CnC Activity (POST) (trojan.rules)
[///] Modified active rules: [///]
2006380 - ET POLICY Outgoing Basic Auth Base64 HTTP Password detected
unencrypted (policy.rules)
2006402 - ET POLICY Incoming Basic Auth Base64 HTTP Password detected
unencrypted (policy.rules)
2010019 - ET SCAN Tomcat Web Application Manager scanning (scan.rules)
2834916 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup/APT-C-35
CnC) (trojan.rules)
2835360 - ETPRO CURRENT_EVENTS Observed EXE Request for Ursnif Payload
2019-03-14 (current_events.rules)
2835362 - ETPRO CURRENT_EVENTS MalDoc Requesting EXE Payload 2019-03-14
(current_events.rules)
2835400 - ETPRO TROJAN Win32/Emotet CnC Checkin (POST) M2 (trojan.rules)
[---] Disabled rules: [---]
2835356 - ETPRO EXPLOIT Possible CVE-2019-0703 Request SMBv2
(exploit.rules)
2835357 - ETPRO EXPLOIT Possible CVE-2019-0703 Response SMBv2
(exploit.rules)
[---] Removed rules: [---]
2833802 - ETPRO TROJAN Win32/Remcos RAT Checkin 79 (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20190318/20e22242/attachment.html>
More information about the Emerging-updates
mailing list