[Emerging-updates] Daily Ruleset Update Summary 2019/11/25

Jason Williams jwilliams at emergingthreats.net
Mon Nov 25 14:08:24 HST 2019


[***]            Summary:            [***]

  1 new Open, 31 new Pro (1 + 30).  Cyborg, DustSquad, Remcos, Various
Phish.

  Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

 Open:

  2029052 - ET TROJAN Cyborg Ransomware - Downloading Desktop Background
(trojan.rules)

 Pro:

  2839596 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-11-25)
(trojan.rules)
  2839597 - ETPRO TROJAN Malicious Request for .bin (trojan.rules)
  2839598 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-22 1) (trojan.rules)
  2839599 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-22 2) (trojan.rules)
  2839600 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-22 3) (trojan.rules)
  2839601 - ETPRO CURRENT_EVENTS Evil Keitaro Set-Cookie Inbound (eccc8)
(current_events.rules)
  2839602 - ETPRO CURRENT_EVENTS Successful Plenty of Fish Phish 2019-11-25
(current_events.rules)
  2839603 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-11-25
(current_events.rules)
  2839604 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-25 (current_events.rules)
  2839605 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-11-25 (current_events.rules)
  2839606 - ETPRO CURRENT_EVENTS Successful BECU Phish 2019-11-25
(current_events.rules)
  2839607 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-11-25
(current_events.rules)
  2839608 - ETPRO CURRENT_EVENTS Successful EMS High Speed Mail Phish
2019-11-25 (current_events.rules)
  2839609 - ETPRO CURRENT_EVENTS Successful Generic Account Recovery Phish
2019-11-25 (current_events.rules)
  2839610 - ETPRO CURRENT_EVENTS Successful Commonwealth Bank Phish
2019-11-25 (current_events.rules)
  2839611 - ETPRO CURRENT_EVENTS Successful Commonwealth Bank Phish
2019-11-25 (current_events.rules)
  2839612 - ETPRO CURRENT_EVENTS Successful Commonwealth Bank Phish
2019-11-25 (current_events.rules)
  2839613 - ETPRO TROJAN DustSquad/Octopus CnC Initial Check M1
(trojan.rules)
  2839614 - ETPRO TROJAN DustSquad/Octopus CnC Initial Check M2
(trojan.rules)
  2839615 - ETPRO TROJAN DustSquad/Octopus CnC Initial Server Request M1
(trojan.rules)
  2839616 - ETPRO TROJAN DustSquad/Octopus CnC Initial Server Request M2
(trojan.rules)
  2839617 - ETPRO TROJAN DustSquad/Octopus CnC Host Checkin M2
(trojan.rules)
  2839618 - ETPRO TROJAN DustSquad/Octopus CnC Host Checkin M1
(trojan.rules)
  2839619 - ETPRO TROJAN DustSquad/Octopus CnC Download (trojan.rules)
  2839620 - ETPRO TROJAN DustSquad/Octopus CnC Activity (trojan.rules)
  2839621 - ETPRO POLICY Suspicious Request for .bin with Terse Headers
(policy.rules)
  2839622 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2019-11-25 2 Domain in
TLS SNI (current_events.rules)
  2839623 - ETPRO TROJAN Win32/Remcos RAT Checkin 259 (trojan.rules)
  2839624 - ETPRO TROJAN Win32/Remcos RAT Checkin 260 (trojan.rules)
  2839625 - ETPRO TROJAN Win32/Remcos RAT Checkin 261 (trojan.rules)

[///]     Modified active rules:     [///]

  2825085 - ETPRO TROJAN Loda Logger Screenshot Request (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20191125/14f57f4b/attachment.html>


More information about the Emerging-updates mailing list