[Emerging-updates] Daily Ruleset Update Summary 2019/03/20
Jason Williams
jwilliams at emergingthreats.net
Wed Mar 20 13:59:11 HDT 2019
[***] Summary: [***]
7 new Open, 26 new Pro (7 + 19). Ursnif, Suspicious Zip Filenames,
Coinminers, Various Phish.
[+++] Added rules: [+++]
Open:
2027102 - ET CURRENT_EVENTS Inbound JS Downloader Using Array Push
Obfuscation (current_events.rules)
2027103 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request
(cookies.txt) M1 (trojan.rules)
2027104 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request
(cookies.txt) M2 (trojan.rules)
2027105 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request
(passwords.txt) M1 (trojan.rules)
2027106 - ET INFO Suspicious Zipped Filename in Outbound POST Request
(passwords.txt) M2 (info.rules)
2027107 - ET INFO Suspicious Zipped Filename in Outbound POST Request
(screenshot.) M1 (info.rules)
2027108 - ET INFO Suspicious Zipped Filename in Outbound POST Request
(screenshot.) M2 (info.rules)
Pro:
2835456 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Hiddapp.pac App List
Exfil (mobile_malware.rules)
2835457 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-20 1) (trojan.rules)
2835458 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-20 2) (trojan.rules)
2835459 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-20 3) (trojan.rules)
2835460 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-20 4) (trojan.rules)
2835462 - ETPRO TROJAN WinPack Requesting Download (trojan.rules)
2835463 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2835464 - ETPRO CURRENT_EVENTS Successful US Bank Phish 2019-03-20
(current_events.rules)
2835465 - ETPRO CURRENT_EVENTS Successful EIR Phish 2019-03-20
(current_events.rules)
2835466 - ETPRO CURRENT_EVENTS Successful GMX Phish 2019-03-20
(current_events.rules)
2835467 - ETPRO CURRENT_EVENTS Successful UBS Phish 2019-03-20
(current_events.rules)
2835468 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2019-03-20
(current_events.rules)
2835469 - ETPRO CURRENT_EVENTS Successful Capital Trust Bank Phish
2019-03-20 (current_events.rules)
2835470 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-03-20 (current_events.rules)
2835471 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2019-03-20
(current_events.rules)
2835472 - ETPRO CURRENT_EVENTS Successful Adobe PDF Phish 2019-03-20
(current_events.rules)
2835473 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-03-20 (current_events.rules)
2835474 - ETPRO CURRENT_EVENTS Successful Indeed Phish 2019-03-20
(current_events.rules)
2835475 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-03-20 (current_events.rules)
[///] Modified active rules: [///]
2027087 - ET TROJAN Win32/Dorv Stealer Exfiltrating Data to CnC
(trojan.rules)
2831729 - ETPRO EXPLOIT ZyXEL PK5001Z Backdoor Account Used By HNS
Inbound (CVE-2016-10401) (exploit.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20190320/f7535906/attachment.html>
More information about the Emerging-updates
mailing list