[Emerging-updates] Daily Ruleset Update Summary 2019/10/08

Brandon Murphy bmurphy at emergingthreats.net
Tue Oct 8 14:37:37 HDT 2019


[***]            Summary:            [***]

  2 new Open, 26 new Pro (2 + 24).  ZxShell, Android/Geost, DonotGroup,
Various Certs, Various Phish.

  Many signatures in the Suricata 4 and Suricata 5 ruleset had
modifications to remove the use of fast_pattern:only; which does not change
or impact the detection logic.
  The references to fast_pattern:only; were replaced with fast_pattern;
  See
https://suricata.readthedocs.io/en/suricata-4.1.0/rules/prefilter-keywords.html#fast-pattern-only
for more details.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2028660 - ET TROJAN DonotGroup CnC Domain Observed in DNS Query
(trojan.rules)
  2028661 - ET MOBILE_MALWARE Android/Geost CnC Checkin
(mobile_malware.rules)

Pro:

  2838808 - ETPRO TROJAN Win32/SDBbot CnC Checkin (trojan.rules)
  2838809 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2838810 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2838811 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-10-08)
(trojan.rules)
  2838812 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-10-08 (current_events.rules)
  2838813 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-10-08
(current_events.rules)
  2838814 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-10-08
(current_events.rules)
  2838815 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-10-08
(current_events.rules)
  2838816 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-10-08 (current_events.rules)
  2838817 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish 2019-10-08
(current_events.rules)
  2838818 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-10-08
(current_events.rules)
  2838819 - ETPRO CURRENT_EVENTS Successful Manulife Bank Phish 2019-10-08
(current_events.rules)
  2838820 - ETPRO CURRENT_EVENTS Successful Citi Phish 2019-10-08
(current_events.rules)
  2838821 - ETPRO CURRENT_EVENTS Successful Citi Phish 2019-10-08
(current_events.rules)
  2838822 - ETPRO CURRENT_EVENTS Successful Citi Phish 2019-10-08
(current_events.rules)
  2838823 - ETPRO CURRENT_EVENTS Successful Microsoft Teams Phish
2019-10-08 (current_events.rules)
  2838824 - ETPRO CURRENT_EVENTS Successful US Bank Phish 2019-10-08
(current_events.rules)
  2838825 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-10-08
(current_events.rules)
  2838826 - ETPRO CURRENT_EVENTS Successful AlaskaUSA Federal Credit Union
Phish 2019-10-08 (current_events.rules)
  2838827 - ETPRO CURRENT_EVENTS Successful Banco Safra Phish 2019-10-08
(current_events.rules)
  2838828 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
  2838829 - ETPRO TROJAN Observed Malicious SSL Cert (TickGroup CnC)
(trojan.rules)
  2838830 - ETPRO TROJAN Possible ZxShell CnC Checkin (trojan.rules)
  2838831 - ETPRO TROJAN Win32/Remcos RAT Checkin 198 (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20191008/3d54057e/attachment.html>


More information about the Emerging-updates mailing list