[Emerging-updates] Daily Ruleset Update Summary 2019/11/21

Brandon Murphy bmurphy at emergingthreats.net
Thu Nov 21 15:17:57 HST 2019


[***]            Summary:            [***]

  37 new Open, 64 new Pro (37 + 27).  ELF/Roboto, Ursnif, Dreambot,
ServHelper, Various Phish.

  Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
  Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

 2029015 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
 2029016 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
 2029017 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
 2029018 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
 2029019 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
 2029020 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
 2029021 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
 2029022 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
 2029023 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
 2029024 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
 2029025 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
 2029026 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
 2029027 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
 2029028 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
 2029029 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
 2029030 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
 2029031 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
 2029032 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
 2029033 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
 2029034 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
 2029035 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
 2029036 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
 2029037 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
 2029038 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
 2029039 - ET TROJAN MuddyWater Payload - CnC Checkin (trojan.rules)
 2029040 - ET TROJAN ELF/Roboto - Possible Encrypted Roboto P2P Payload
Requested M1 (trojan.rules)
 2029041 - ET TROJAN ELF/Roboto - Possible Encrypted Roboto P2P Payload
Requested M2 (trojan.rules)
 2029042 - ET TROJAN ELF/Roboto - Communicating with Hardcoded Peer 1
(trojan.rules)
 2029043 - ET TROJAN ELF/Roboto - Communicating with Hardcoded Peer 2
(trojan.rules)
 2029044 - ET TROJAN ELF/Roboto - Communicating with Hardcoded Peer 3
(trojan.rules)
 2029045 - ET TROJAN ELF/Roboto - Communicating with Hardcoded Peer 4
(trojan.rules)
 2029046 - ET TROJAN ELF/Roboto - Communicating with Hardcoded Peer 5
(trojan.rules)
 2029047 - ET TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
 2029048 - ET TROJAN Observed Malicious SSL Cert (ACBackdoor CnC)
(trojan.rules)
 2029049 - ET TROJAN Observed Malicious SSL Cert (ACBackdoor CnC)
(trojan.rules)
 2029050 - ET TROJAN Observed Malicious SSL Cert (Possible Godlua CnC)
(trojan.rules)
 2029051 - ET POLICY Observed SSL Cert (DoH Service) (policy.rules)

Pro:

 2839539 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-20 1) (trojan.rules)
 2839540 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-20 2) (trojan.rules)
 2839541 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-20 3) (trojan.rules)
 2839542 - ETPRO CURRENT_EVENTS Successful SMBC Phish 2019-11-21
(current_events.rules)
 2839543 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-11-21
(current_events.rules)
 2839544 - ETPRO CURRENT_EVENTS Successful Binance Phish 2019-11-21
(current_events.rules)
 2839545 - ETPRO CURRENT_EVENTS Successful Caixa Bank Phish 2019-11-21
(current_events.rules)
 2839546 - ETPRO CURRENT_EVENTS Successful Caixa Bank Phish 2019-11-21
(current_events.rules)
 2839547 - ETPRO CURRENT_EVENTS Successful Caixa Bank Phish 2019-11-21
(current_events.rules)
 2839548 - ETPRO CURRENT_EVENTS Successful Adobe PDF Cloud Phish 2019-11-21
(current_events.rules)
 2839549 - ETPRO CURRENT_EVENTS Evil Keitaro Set-Cookie Inbound (aef4f)
(current_events.rules)
 2839550 - ETPRO TROJAN Observed Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
 2839551 - ETPRO TROJAN Observed Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
 2839552 - ETPRO TROJAN Observed Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
 2839553 - ETPRO POLICY Observed SSL Cert (VPN Related) (policy.rules)
 2839554 - ETPRO POLICY Observed SSL Cert (VPN Related) (policy.rules)
 2839555 - ETPRO POLICY Observed SSL Cert (VPN Related) (policy.rules)
 2839556 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
 2839557 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
 2839558 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
 2839559 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
 2839560 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
 2839561 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
 2839562 - ETPRO TROJAN Observed Malicious SSL Cert (SmokeLoader CnC)
(trojan.rules)
 2839563 - ETPRO TROJAN Win32/AD.CoinLoader CnC Checkin (trojan.rules)
 2839564 - ETPRO MALWARE Win32/ZetaGames.A Checkin (malware.rules)
 2839571 - ETPRO TROJAN Win32/Remcos RAT Checkin 256 (trojan.rules)


[///]     Modified active rules:     [///]

 2011588 - ET TROJAN Zeus Bot Connectivity Check (trojan.rules)
 2017938 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 13
(trojan.rules)
 2027120 - ET TROJAN ELF/Mirai Variant UA Inbound (Rift) (trojan.rules)
 2027122 - ET TROJAN ELF/Mirai Variant UA Inbound (Tsunami) (trojan.rules)
 2027124 - ET TROJAN ELF/Mirai Variant UA Inbound (Yowai) (trojan.rules)
 2027126 - ET TROJAN ELF/Mirai Variant UA Inbound (Yakuza) (trojan.rules)
 2027128 - ET TROJAN ELF/Mirai Variant UA Inbound (Hentai) (trojan.rules)
 2027130 - ET TROJAN ELF/Mirai Variant UA Inbound (lessie) (trojan.rules)
 2027132 - ET TROJAN ELF/Mirai Variant UA Inbound (Cakle) (trojan.rules)
 2027134 - ET TROJAN ELF/Mirai Variant UA Inbound (Damien) (trojan.rules)
 2027136 - ET TROJAN ELF/Mirai Variant UA Inbound (Solar) (trojan.rules)
 2027138 - ET TROJAN ELF/Mirai Variant UA Inbound (muhstik) (trojan.rules)
 2027140 - ET TROJAN ELF/Mirai Variant UA Inbound (Shaolin) (trojan.rules)
 2028989 - ET TROJAN ELF/Mirai Variant UA Outbound (ph0ne) (trojan.rules)
 2028990 - ET TROJAN ELF/Mirai Variant UA Outbound (Ouija_x.86)
(trojan.rules)
 2029013 - ET TROJAN Lemon_Duck Powershell - Install Tracking (trojan.rules)
 2807685 - ETPRO TROJAN Win32/Meredrop CnC (OUTBOUND) (trojan.rules)
 2839239 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound)
(trojan.rules)
 2839240 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
 2839468 - ETPRO TROJAN Observed ELF/Mirai Variant UA Inbound (ph0ne)
(trojan.rules)
 2839469 - ETPRO TROJAN Observed ELF/Mirai Variant UA Inbound (Ouija_x.86)
(trojan.rules)
 2839514 - ETPRO TROJAN W32/Kanatara CnC Activity (trojan.rules)

[///]    Modified inactive rules:    [///]

 2804953 - ETPRO TROJAN Hupigon.68562 Checkin (trojan.rules)

[---]         Disabled rules:        [---]

 2007917 - ET TROJAN Dropper-497 (Yumato) Initial Checkin (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20191121/c8cbcf6f/attachment.html>


More information about the Emerging-updates mailing list