[Emerging-updates] Daily Ruleset Update Summary 2019/11/19

James Emery-Callcott jcallcott at emergingthreats.net
Mon Nov 18 14:13:38 HST 2019


[***]            Summary:            [***]

  13 new Open, 36 new Pro (13 + 23).  Pipka, Mirai, Remcos RAT, Various
Phish.

  Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
  Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2028989 - ET TROJAN ELF/Mirai Variant UA Outbound (ph0ne) (trojan.rules)
  2028990 - ET TROJAN ELF/Mirai Variant UA Outbound (Ouija_x.86)
(trojan.rules)
  2028991 - ET TROJAN Observed Buran Ransomware UA (trojan.rules)
  2028992 - ET TROJAN SuperSocialat Plugin Backdoor Code Execution Attempt
(trojan.rules)
  2028993 - ET CURRENT_EVENTS Possible Pipka JS Skimmer CnC Request
(current_events.rules)
  2028994 - ET CURRENT_EVENTS Possible Pipka JS Skimmer - Skimmer Payload
Observed M1 (current_events.rules)
  2028995 - ET CURRENT_EVENTS Possible Pipka JS Skimmer - Skimmer Payload
Observed M2 (current_events.rules)
  2028996 - ET CURRENT_EVENTS Possible Pipka JS Skimmer - Skimmer Payload
Observed M3 (current_events.rules)
  2028997 - ET CURRENT_EVENTS Possible Pipka JS Skimmer - Skimmer Payload
Observed M4 (current_events.rules)
  2028998 - ET CURRENT_EVENTS Possible Pipka JS Skimmer - Skimmer Payload
Observed M5 (current_events.rules)
  2028999 - ET CURRENT_EVENTS Possible Pipka JS Skimmer - Skimmer Payload
Observed M6 (current_events.rules)
  2029000 - ET CURRENT_EVENTS Possible Pipka JS Skimmer - Skimmer Payload
Observed M7 (current_events.rules)
  2029001 - ET TROJAN Observed Malicious SSL Cert (AZORult CnC) 2019-11-18
(trojan.rules)

Pro:

  2835192 - ETPRO INFO Suspicious Pomf Filesharing Domain in TLS SNI
(info.rules)
  2839453 - ETPRO TROJAN Mirai Variant Exploit Scanner User-Agent
(trojan.rules)
  2839466 - ETPRO TROJAN Observed DNS Query to Get2 Domain (trojan.rules)
  2839467 - ETPRO TROJAN Observed DNS Query to Get2 Domain (trojan.rules)
  2839468 - ETPRO TROJAN Observed ELF/Mirai Variant UA Inbound (ph0ne)
(trojan.rules)
  2839469 - ETPRO TROJAN Observed ELF/Mirai Variant UA Inbound (Ouija_x.86)
(trojan.rules)
  2839470 - ETPRO TROJAN Win32/Agent Tesla SMTP Clipboard Exfil
(trojan.rules)
  2839471 - ETPRO TROJAN Mirai Variant User-Agent (trojan.rules)
  2839472 - ETPRO TROJAN Mirai Variant User-Agent (trojan.rules)
  2839473 - ETPRO TROJAN Mirai Variant User-Agent (trojan.rules)
  2839474 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-15 1) (trojan.rules)
  2839475 - ETPRO CURRENT_EVENTS Successful Microsoft VoiceNote Phish
2019-11-18 (current_events.rules)
  2839476 - ETPRO CURRENT_EVENTS Successful Alibaba Phish 2019-11-18
(current_events.rules)
  2839477 - ETPRO CURRENT_EVENTS Successful Volksbank Phish 2019-11-18
(current_events.rules)
  2839478 - ETPRO CURRENT_EVENTS Successful American Express Phish
2019-11-18 (current_events.rules)
  2839479 - ETPRO CURRENT_EVENTS Successful My3 Phish 2019-11-18
(current_events.rules)
  2839480 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-11-18 (current_events.rules)
  2839481 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-11-18 (current_events.rules)
  2839482 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC)
2019-11-18 (trojan.rules)
  2839483 - ETPRO TROJAN Win32/Zpevdo.A CnC Activity (trojan.rules)
  2839484 - ETPRO TROJAN Win32/Remcos RAT Checkin 250 (trojan.rules)
  2839485 - ETPRO TROJAN Win32/Remcos RAT Checkin 251 (trojan.rules)
  2839486 - ETPRO TROJAN Win32/Remcos RAT Checkin 252 (trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20191119/3270d094/attachment.html>


More information about the Emerging-updates mailing list