[Emerging-updates] Daily Ruleset Update Summary 2019/03/25

Travis Green tgreen at emergingthreats.net
Mon Mar 25 13:38:37 HDT 2019 

[***]            Summary:            [***]

8 new Open, 31 new Pro (8 + 23). ShadowHammer, ChaseBot, StealerSFX,
Various Phishing, Various Mobile.

Thanks: James Lay


[+++]          Added rules:          [+++]

Open:

2027109 - ET TROJAN ShadowHammer DNS Lookup (trojan.rules)
2027110 - ET TROJAN Possible ShadowHammer DNS Lookup (trojan.rules)
2027111 - ET TROJAN Possible ShadowHammer DNS Lookup (trojan.rules)
2027112 - ET TROJAN MSIL/DataMilk Stealer Communicating with CnC (trojan.rules)
2027113 - ET TROJAN ChaseBot CnC Checkin (trojan.rules)
2027114 - ET TROJAN Suspicious Zipped Filename in Outbound POST
Request (wallet.dat) M1 (trojan.rules)
2027115 - ET TROJAN Suspicious Zipped Filename in Outbound POST
Request (wallet.dat) M2 (trojan.rules)
2027116 - ET TROJAN Observed Malicious SSL Cert (ShadowHammer CnC)
(trojan.rules)

Pro:

2835519 - ETPRO MOBILE_MALWARE Android/Syringe.S Checkin (mobile_malware.rules)
2835520 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.aabf Checkin
(mobile_malware.rules)
2835521 - ETPRO TROJAN Win32/StealerSFX Exfiltrating Data to CnC (trojan.rules)
2835522 - ETPRO TROJAN MSIL/PWS.Agent.RCS CnC Checkin (trojan.rules)
2835523 - ETPRO MOBILE_MALWARE Android/Zippeagle Checkin (mobile_malware.rules)
2835524 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2835525 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-03-25 (current_events.rules)
2835526 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-03-25
(current_events.rules)
2835527 - ETPRO CURRENT_EVENTS Successful Generic Mailbox Validation
Phish 2019-03-25 (current_events.rules)
2835528 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2019-03-25
(current_events.rules)
2835529 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2019-03-25
(current_events.rules)
2835530 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2019-03-25
(current_events.rules)
2835531 - ETPRO CURRENT_EVENTS Successful Tangerine Bank Phish
2019-03-25 (current_events.rules)
2835532 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-03-25
(current_events.rules)
2835533 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union
Phish 2019-03-25 (current_events.rules)
2835534 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-03-25 (current_events.rules)
2835535 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-03-25 (current_events.rules)
2835536 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-03-25 (current_events.rules)
2835537 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-03-25 (current_events.rules)
2835538 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-03-25 (current_events.rules)
2835539 - ETPRO CURRENT_EVENTS Successful AT&T Verification Phish
2019-03-25 (current_events.rules)
2835540 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-03-25 (current_events.rules)
2835541 - ETPRO TROJAN Possible ChaseBot CnC Response (trojan.rules)


[///]     Modified active rules:     [///]

2025224 - ET TROJAN RocketMan Win32/Drun (trojan.rules)
2026102 - ET EXPLOIT Linksys E-Series Device RCE Attempt (exploit.rules)
2026486 - ET POLICY DNS Lookup for Possible Common Brand Phishing
Hosted on Legitimate Windows Service (policy.rules)
2026487 - ET POLICY Request for Possible Common Brand Phishing Hosted
on Legitimate Windows Service (policy.rules)
2027087 - ET TROJAN Win32/Dorv Stealer Exfiltrating Data to CnC (trojan.rules)
2027107 - ET TROJAN Suspicious Zipped Filename in Outbound POST
Request (screenshot.) M1 (trojan.rules)
2027108 - ET TROJAN Suspicious Zipped Filename in Outbound POST
Request (screenshot.) M2 (trojan.rules)
2827757 - ETPRO TROJAN APT32 Win32.Denes CnC Beacon (trojan.rules)
2834933 - ETPRO USER_AGENTS Observed Suspicious UA (NSIS_Inetc
(Mozilla)) (user_agents.rules)


[---]         Removed rules:         [---]

2830196 - ETPRO CURRENT_EVENTS Successful Apple Phish 2018-03-29
(current_events.rules)


-- 
PGP:
travisgreen.net/tgreen at emergingthreats.net.asc
travisgreen.net/travis at travisgreen.net.asc

More information about the Emerging-updates mailing list