[Emerging-updates] Daily Ruleset Update Summary 2019/03/26

Travis Green tgreen at emergingthreats.net
Tue Mar 26 13:39:41 HDT 2019 

[***]            Summary:            [***]

1 new Open, 20 new Pro (1 + 19). MSIL/Sakari Stealer, W32/Plagiator.A,
AirLink101 Command Injection, TUTOS 1.3 RCE, Various Phishing.


[+++]          Added rules:          [+++]

2027117 - ET TROJAN Suspicious POST with Common Windows Process Names
- Possible Process List Exfiltration (trojan.rules)
2835542 - ETPRO TROJAN MSIL/Sakari Stealer CnC Checkin (trojan.rules)
2835543 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-03-26 1) (trojan.rules)
2835544 - ETPRO TROJAN W32/Plagiator.A Stealer Checkin (trojan.rules)
2835545 - ETPRO EXPLOIT AirLink101 SkyIPCam1620W OS Command Injection
Attempt (exploit.rules)
2835546 - ETPRO EXPLOIT TUTOS 1.3 Remote Command Execution Attempt
(exploit.rules)
2835547 - ETPRO POLICY Observed External IP Lookup Domain (freegeoip
.app in TLS SNI) (policy.rules)
2835548 - ETPRO POLICY Observed DNS Query to External IP Lookup Domain
(freegeoip .app) (policy.rules)
2835549 - ETPRO POLICY Observed Roblox User-Agent (Roblox/WinInet)
(policy.rules)
2835550 - ETPRO TROJAN Chalkkin Miner Requesting Commands/Params (trojan.rules)
2835551 - ETPRO TROJAN Observed SmokeLoader Style Connectivity Check
(trojan.rules)
2835552 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2835553 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2835554 - ETPRO TROJAN Observed Malicious SSL Cert (SmokeLoader CnC)
(trojan.rules)
2835555 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-03-26 (current_events.rules)
2835556 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-03-26
(current_events.rules)
2835557 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2019-03-26 (current_events.rules)
2835558 - ETPRO CURRENT_EVENTS Successful Discover Phish 2019-03-26
(current_events.rules)
2835559 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-03-26
(current_events.rules)
2835560 - ETPRO CURRENT_EVENTS Successful Network Solutions Phish
2019-03-26 (current_events.rules)


-- 
PGP:
travisgreen.net/tgreen at emergingthreats.net.asc
travisgreen.net/travis at travisgreen.net.asc

More information about the Emerging-updates mailing list