[Emerging-updates] Daily Ruleset Update Summary 2019/03/21
Jason Williams
jwilliams at emergingthreats.net
Thu Mar 21 13:39:20 HDT 2019
[***] Summary: [***]
3 new Open, 27 new Pro (3 + 24). Android Trojans, Gozi, Coinminers, Various
Phish.
[+++] Added rules: [+++]
Open:
2027106 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request
(passwords.txt) M2 (trojan.rules)
2027107 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request
(screenshot.) M1 (trojan.rules)
2027108 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request
(screenshot.) M2 (trojan.rules)
Pro:
2835476 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Generic.C!c Checkin
(mobile_malware.rules)
2835477 - ETPRO MOBILE_MALWARE PUP Android/MoneyThief Device Location
Exfil (mobile_malware.rules)
2835478 - ETPRO MOBILE_MALWARE Android/Agent.BAS Checkin
(mobile_malware.rules)
2835479 - ETPRO MOBILE_MALWARE Android/Agent.BAS CnC Beacon
(mobile_malware.rules)
2835480 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.RLGK-5 Checkin
(mobile_malware.rules)
2835481 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-21 1) (trojan.rules)
2835482 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-21 2) (trojan.rules)
2835485 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
2835486 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-03-21
(current_events.rules)
2835487 - ETPRO CURRENT_EVENTS Successful Banca Sella Phish 2019-03-21
(current_events.rules)
2835488 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-03-21 (current_events.rules)
2835489 - ETPRO CURRENT_EVENTS Successful Banco de Chile Phish 2019-03-21
(current_events.rules)
2835490 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-03-21 (current_events.rules)
2835491 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-03-21
(current_events.rules)
2835492 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-03-21
(current_events.rules)
2835493 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-03-21
(current_events.rules)
2835494 - ETPRO CURRENT_EVENTS Successful Netbank Phish 2019-03-21
(current_events.rules)
2835495 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2019-03-21
(current_events.rules)
2835496 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-03-21 (current_events.rules)
2835497 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-03-21 (current_events.rules)
2835498 - ETPRO CURRENT_EVENTS Successful ASB Phish 2019-03-21
(current_events.rules)
2835499 - ETPRO CURRENT_EVENTS Successful Roundcube Webmail Phish
2019-03-21 (current_events.rules)
2835500 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi Inject CnC)
(trojan.rules)
2835501 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi Inject CnC)
(trojan.rules)
[///] Modified active rules: [///]
2018228 - ET TROJAN Possible PlugX Common Header Struct (trojan.rules)
2026487 - ET POLICY Request for Possible Common Brand Phishing Hosted on
Legitimate Windows Service (policy.rules)
[---] Removed rules: [---]
2027106 - ET INFO Suspicious Zipped Filename in Outbound POST Request
(passwords.txt) M2 (info.rules)
2027107 - ET INFO Suspicious Zipped Filename in Outbound POST Request
(screenshot.) M1 (info.rules)
2027108 - ET INFO Suspicious Zipped Filename in Outbound POST Request
(screenshot.) M2 (info.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20190321/0ba76c61/attachment.html>
More information about the Emerging-updates
mailing list