[Emerging-updates] Daily Ruleset Update Summary 2019/10/07

Brandon Murphy bmurphy at emergingthreats.net
Mon Oct 7 15:01:25 HDT 2019


[***]            Summary:            [***]

  10 new Open, 47 new Pro (10 + 37).  FTCode, Various CoinMiner, Various
Certs, Various Phish.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2028650 - ET USER_AGENTS Steam HTTP Client User-Agent (user_agents.rules)
  2028651 - ET USER_AGENTS Steam HTTP Client User-Agent (user_agents.rules)
  2028652 - ET TROJAN Observed Malicious SSL Cert (AZORult CnC Server)
2019-10-07 (trojan.rules)
  2028653 - ET TROJAN Observed Malicious SSL Cert (AZORult CnC Server)
2019-10-03 (trojan.rules)
  2028654 - ET TROJAN Observed Malicious SSL Cert (AZORult CnC Server)
2019-10-03 (trojan.rules)
  2028655 - ET TROJAN Observed Malicious SSL Cert (AZORult CnC Server)
2019-10-02 (trojan.rules)
  2028656 - ET TROJAN Observed Malicious SSL Cert (AZORult CnC Server)
2019-10-01 (trojan.rules)
  2028657 - ET TROJAN Observed Malicious SSL Cert (AZORult CnC Server)
2019-09-30 (trojan.rules)
  2028658 - ET TROJAN Observed Malicious SSL Cert (AZORult Cnc Server)
2019-09-27 (trojan.rules)
  2028659 - ET TROJAN Observed Malicious SSL Cert (AZORult CnC Server) in
SNI 2019-09-27 (trojan.rules)

Pro:

  2838770 - ETPRO TROJAN MalDoc Requesting FTCode Ransomware Payload
(trojan.rules)
  2838771 - ETPRO TROJAN FTCode Ransomware VBS Inbound (trojan.rules)
  2838772 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Maldoc DL
2019-10-07) (current_events.rules)
  2838773 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-04 1) (trojan.rules)
  2838774 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-04 2) (trojan.rules)
  2838775 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2019-10-07 (current_events.rules)
  2838776 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-10-07
(current_events.rules)
  2838777 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2019-10-07
(current_events.rules)
  2838778 - ETPRO CURRENT_EVENTS Successful USAA Phish 2019-10-07
(current_events.rules)
  2838779 - ETPRO CURRENT_EVENTS Successful Generic Security Questions
Phish 2019-10-07 (current_events.rules)
  2838780 - ETPRO CURRENT_EVENTS Successful Banorte Phish 2019-10-07
(current_events.rules)
  2838781 - ETPRO CURRENT_EVENTS Successful Knab Phish 2019-10-07
(current_events.rules)
  2838782 - ETPRO CURRENT_EVENTS Successful Lloyds Bank Phish 2019-10-07
(current_events.rules)
  2838783 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-10-07 (current_events.rules)
  2838784 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-10-07
(current_events.rules)
  2838785 - ETPRO CURRENT_EVENTS Successful PostFinance Phish 2019-10-07
(current_events.rules)
  2838786 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-10-07
(current_events.rules)
  2838787 - ETPRO CURRENT_EVENTS Successful Ebay DE Phish 2019-10-07
(current_events.rules)
  2838788 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2019-10-07 (current_events.rules)
  2838789 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2019-10-07 (current_events.rules)
  2838790 - ETPRO CURRENT_EVENTS Successful Etisalat Phish 2019-10-07
(current_events.rules)
  2838791 - ETPRO CURRENT_EVENTS Successful AuOne Phish 2019-10-07
(current_events.rules)
  2838792 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-10-07 (current_events.rules)
  2838793 - ETPRO CURRENT_EVENTS Successful SMBC Phish 2019-10-07
(current_events.rules)
  2838794 - ETPRO CURRENT_EVENTS Successful Desjardins/CIBC Phish
2019-10-07 (current_events.rules)
  2838795 - ETPRO CURRENT_EVENTS Successful PostFinance Phish 2019-10-07
(current_events.rules)
  2838796 - ETPRO CURRENT_EVENTS Successful Desjardins Phish 2019-10-07
(current_events.rules)
  2838798 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-07 1) (trojan.rules)
  2838799 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-07 2) (trojan.rules)
  2838800 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-07 3) (trojan.rules)
  2838801 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-07 4) (trojan.rules)
  2838802 - ETPRO TROJAN Inbound PowerShell - Reflective PE Loader Script
(trojan.rules)
  2838803 - ETPRO CURRENT_EVENTS Successful Spotify Phish 2019-10-07
(current_events.rules)
  2838804 - ETPRO TROJAN Win32/Remcos RAT Checkin 194 (trojan.rules)
  2838805 - ETPRO TROJAN Win32/Remcos RAT Checkin 195 (trojan.rules)
  2838806 - ETPRO TROJAN Win32/Remcos RAT Checkin 196 (trojan.rules)
  2838807 - ETPRO TROJAN Win32/Remcos RAT Checkin 197 (trojan.rules)


[///]     Modified active rules:     [///]

  2008628 - ET SCAN WSFuzzer Web Application Fuzzing (scan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20191007/e99bda34/attachment.html>


More information about the Emerging-updates mailing list