[Emerging-updates] Daily Ruleset Update Summary 2019/11/20

James Emery-Callcott jcallcott at emergingthreats.net
Wed Nov 20 14:31:12 HST 2019


[***]            Summary:            [***]

  10 new Open, 25 new Pro (10 + 15).  Lemon_Duck, OSX/Nukesped, Remcos,
Various Phish.

  Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
  Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2029005 - ET TROJAN Observed Malicious SSL Cert (OSX/Nukesped CnC)
(trojan.rules)
  2029006 - ET TROJAN Observed Malicious SSL Cert (OSX/Nukesped CnC)
(trojan.rules)
  2029007 - ET TROJAN Observed Malicious SSL Cert (OSX/Nukesped CnC)
(trojan.rules)
  2029008 - ET WEB_SERVER JAWS Webserver Unauthenticated Shell Command
Execution (web_server.rules)
  2029009 - ET INFO Generic IOT Downloader Malware in POST (Outbound)
(info.rules)
  2029010 - ET INFO Generic IOT Downloader Malware in GET (Outbound)
(info.rules)
  2029011 - ET INFO Generic IOT Downloader Malware in POST (Inbound)
(info.rules)
  2029012 - ET INFO Generic IOT Downloader Malware in GET (Inbound)
(info.rules)
  2029013 - ET TROJAN Lemon_Duck Powershell - Install Tracking
(trojan.rules)
  2029014 - ET TROJAN Lemon_Duck Powershell - RDP Credential Exfil
(trojan.rules)

Pro:

  2812183 - ETPRO INFO ZIP file embedded in JPG (info.rules)
  2839523 - ETPRO TROJAN Win32/Metamorfo Style CnC Activity (trojan.rules)
  2839524 - ETPRO TROJAN Observed Ursnif CnC Domain in TLS SNI
(trojan.rules)
  2839525 - ETPRO MALWARE Win32/Weiduan.E Reporting System Information
(malware.rules)
  2839526 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-19 1) (trojan.rules)
  2839527 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-19 2) (trojan.rules)
  2839528 - ETPRO CURRENT_EVENTS Successful BCP Phish 2019-11-20
(current_events.rules)
  2839529 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-11-20 (current_events.rules)
  2839530 - ETPRO CURRENT_EVENTS Successful ADP Phish 2019-11-20
(current_events.rules)
  2839531 - ETPRO CURRENT_EVENTS Successful ADP Phish 2019-11-20
(current_events.rules)
  2839532 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-11-20
(current_events.rules)
  2839533 - ETPRO TROJAN Lemon_Duck Powershell - Malware Checkin
(trojan.rules)
  2839534 - ETPRO TROJAN Lemon_Duck Powershell - Observed User-Agent
(trojan.rules)
  2839535 - ETPRO TROJAN Win32/Remcos RAT Checkin 254 (trojan.rules)
  2839536 - ETPRO TROJAN Win32/Remcos RAT Checkin 255 (trojan.rules)

[///]     Modified active rules:     [///]

  2003492 - ET INFO Suspicious Mozilla User-Agent - Likely Fake
(Mozilla/4.0) (info.rules)
  2832502 - ETPRO CURRENT_EVENTS PowerShell Decoding Potential Stage 2
(current_events.rules)
  2839245 - ETPRO CURRENT_EVENTS Successful Wayne State University Phish
2019-11-06 (current_events.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20191121/48c883b8/attachment.html>


More information about the Emerging-updates mailing list