[Emerging-updates] Daily Ruleset Update Summary 2019/11/05

Jason Williams jwilliams at emergingthreats.net
Tue Nov 5 14:15:28 HST 2019


[***]            Summary:            [***]

  8 new Open, 26 new Pro (8 + 18). Capesand EK, Ryuk, Satan Ransomware
Variant, VARIOUS Phish.

  Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
  Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

 [+++]          Added rules:          [+++]

 Open:

  2028937 - ET CURRENT_EVENTS Capesand EK Landing (current_events.rules)
  2028938 - ET CURRENT_EVENTS PluginDetect Observed - Possible EK Activity
(current_events.rules)
  2028939 - ET CURRENT_EVENTS Capesand EK Visitor Tracking
(current_events.rules)
  2028940 - ET CURRENT_EVENTS Possible MSFVenom Exploit via Browser
(current_events.rules)
  2028941 - ET CURRENT_EVENTS Powershell Download Command Observed within
Flash File - Probable EK Activity (current_events.rules)
  2028942 - ET P2P FFTorrent P2P Client User-Agent (FFTorrent/x.x.x)
(p2p.rules)
  2028943 - ET TROJAN Ryuk Wake-on-LAN Packet Observed (trojan.rules)
  2028944 - ET TROJAN Observed Malicious SSL Cert (Turla CnC) (trojan.rules)

 Pro:

  2839224 - ETPRO CURRENT_EVENTS Successful Sparda Bank Phish 2019-11-05
(current_events.rules)
  2839225 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2019-11-05 (current_events.rules)
  2839226 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2019-11-05
(current_events.rules)
  2839227 - ETPRO CURRENT_EVENTS Successful Apple iCloud Phish 2019-11-05
(current_events.rules)
  2839228 - ETPRO CURRENT_EVENTS Successful BB&T Phish 2019-11-05
(current_events.rules)
  2839229 - ETPRO CURRENT_EVENTS Successful HSBC Phish 2019-11-05
(current_events.rules)
  2839230 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union Phish
2019-11-05 (current_events.rules)
  2839231 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-11-05
(current_events.rules)
  2839232 - ETPRO CURRENT_EVENTS Successful Outlook  Phish 2019-11-05
(current_events.rules)
  2839233 - ETPRO CURRENT_EVENTS Successful Generic Email Validation Phish
2019-11-05 (current_events.rules)
  2839234 - ETPRO CURRENT_EVENTS Successful Standard Bank Phish 2019-11-05
(current_events.rules)
  2839235 - ETPRO TROJAN Cryptor Client Satan Variant Ransomware Encryption
Process Start (trojan.rules)
  2839236 - ETPRO TROJAN Cryptor Client Satan Variant Ransomware Encryption
Bak Status (trojan.rules)
  2839237 - ETPRO TROJAN Cryptor Client Satan Variant Ransomware Encryption
DB Status (trojan.rules)
  2839238 - ETPRO TROJAN Blackmoon CnC Activity (trojan.rules)
  2839239 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound)
(trojan.rules)
  2839240 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2839241 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-05) (trojan.rules)

 [---]         Removed rules:         [---]

  2028923 - ET TROJAN Unk/LNKR CnC Domain Observed in DNS Query
(trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20191105/6551a4b9/attachment.html>


More information about the Emerging-updates mailing list