[Emerging-updates] Daily Ruleset Update Summary 2019/11/26

Jason Williams jwilliams at emergingthreats.net
Tue Nov 26 13:54:51 HST 2019


[***]            Summary:            [***]

  6 new Open, 33 new Pro (6 + 27).  Beapy, FCScanner, SageRunex, Various
Phish.

  Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

 Open:

  2029053 - ET TROJAN SSL/TLS Certificate Observed (Various Crimeware)
(trojan.rules)
  2029054 - ET SCAN Zmap User-Agent (zgrab) (scan.rules)
  2029055 - ET MALWARE Win32/Adware.Adposhel.A Checkin M6 (malware.rules)
  2029056 - ET TROJAN Win32/Beapy CnC Domain in DNS Lookup (trojan.rules)
  2029057 - ET TROJAN Win32/Beapy CnC Domain in DNS Lookup (trojan.rules)
  2029058 - ET TROJAN Win32/Beapy CnC Domain in DNS Lookup (trojan.rules)

 Pro:

  2835191 - ETPRO INFO Suspicious Pomf Filesharing Domain in DNS Lookup
(info.rules)
  2839626 - ETPRO TROJAN Win32/SageRunex CnC Activity (trojan.rules)
  2839627 - ETPRO TROJAN Observed Malicious SSL Cert (PoshAdvisor CnC)
(trojan.rules)
  2839628 - ETPRO TROJAN ELF/FCScanner CnC Checkin (trojan.rules)
  2839629 - ETPRO TROJAN ELF/FCScanner CnC Response (trojan.rules)
  2839630 - ETPRO TROJAN Observed Get2 CnC Domain in DNS Query
(trojan.rules)
  2839631 - ETPRO TROJAN Observed Get2 CnC Domain in TLS SNI (trojan.rules)
  2839632 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-11-26)
(trojan.rules)
  2839633 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-25 1) (trojan.rules)
  2839634 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-25 2) (trojan.rules)
  2839635 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-25 3) (trojan.rules)
  2839636 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-25 4) (trojan.rules)
  2839637 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2019-11-26
(current_events.rules)
  2839639 - ETPRO CURRENT_EVENTS Successful Pagseguro UOL Phish 2019-11-26
(current_events.rules)
  2839640 - ETPRO CURRENT_EVENTS Successful Pagseguro UOL Phish 2019-11-26
(current_events.rules)
  2839641 - ETPRO CURRENT_EVENTS Successful BCP Phish 2019-11-26
(current_events.rules)
  2839642 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-11-26
(current_events.rules)
  2839643 - ETPRO CURRENT_EVENTS Successful Snapchat Phish 2019-11-26
(current_events.rules)
  2839644 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-11-26
(current_events.rules)
  2839645 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2839646 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound)
(trojan.rules)
  2839647 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2839648 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound)
(trojan.rules)
  2839649 - ETPRO TROJAN Win32/Chapak Downloader Activity (trojan.rules)
  2839651 - ETPRO TROJAN Win32/Remcos RAT Checkin 262 (trojan.rules)
  2839652 - ETPRO TROJAN Win32/Remcos RAT Checkin 263 (trojan.rules)
  2839653 - ETPRO TROJAN Zeropadypt/Limbo/Ouroboros Ransomware CnC Checkin
M3 (trojan.rules)

 [---]         Removed rules:         [---]

  2835191 - ETPRO TROJAN Orcus RAT Dropper Domain in DNS Lookup
(trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20191126/8e92cef8/attachment.html>


More information about the Emerging-updates mailing list