[Emerging-updates] Daily Ruleset Update Summary 2019/10/11

Brandon Murphy bmurphy at emergingthreats.net
Fri Oct 11 15:00:35 HDT 2019


[***]            Summary:            [***]

  9 new Open, 29 new Pro (9 + 20).  Ursnif, Get2, and AZOrult SSL certs,
CASHY200 DNS Sigs, Remcos, Various Phish.

  Many signatures in the Suricata 4 and Suricata 5 ruleset had
modifications to remove the use of http_headers when matching against a
User-Agent.
  Content matches were migrated to the http_user_agent keyword

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Pro:

  2028666 - ET TROJAN CASHY200 Style DNS Query - Initial Hello Beacon
(trojan.rules)
  2028667 - ET TROJAN CASHY200 Style DNS Query - Sending Hostname
(trojan.rules)
  2028668 - ET TROJAN CASHY200 Style DNS Query - Sending Number of Queries
(trojan.rules)
  2028669 - ET TROJAN CASHY200 Style DNS Query - Finished Sending Results
(trojan.rules)
  2028670 - ET TROJAN CASHY200 Style DNS Query - Getting CnC Data
(trojan.rules)
  2028671 - ET TROJAN CASHY200 Style DNS Query - Sending Command Results
(trojan.rules)
  2028672 - ET TROJAN Observed Malicious SSL Cert (AZORult CnC Server)
2019-10-08 (trojan.rules)
  2028673 - ET TROJAN Observed Malicious SSL Cert (AZORult CnC Server)
2019-10-08 (trojan.rules)
  2028674 - ET TROJAN CASHY200 Style DNS Query - Request Command Beacon
(trojan.rules)

Open:

  2838881 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC)
(trojan.rules)
  2838882 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2838883 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-10-11
(current_events.rules)
  2838884 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-10-11
(current_events.rules)
  2838885 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-10-11
(current_events.rules)
  2838886 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-10-11 (current_events.rules)
  2838887 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-10-11 (current_events.rules)
  2838888 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-10-11 (current_events.rules)
  2838889 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-11 1) (trojan.rules)
  2838890 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-11 2) (trojan.rules)
  2838891 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-11 3) (trojan.rules)
  2838892 - ETPRO CURRENT_EVENTS Successful Godaddy Phish 2019-10-11
(current_events.rules)
  2838893 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-10-11
(current_events.rules)
  2838894 - ETPRO CURRENT_EVENTS Successful Adobe PDF Cloud Phish
2019-10-11 (current_events.rules)
  2838895 - ETPRO CURRENT_EVENTS Successful Adobe PDF Cloud Phish
2019-10-11 (current_events.rules)
  2838896 - ETPRO CURRENT_EVENTS Successful ASB Phish 2019-10-11
(current_events.rules)
  2838897 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-10-11 (current_events.rules)
  2838898 - ETPRO TROJAN Win32/Remcos RAT Checkin 199 (trojan.rules)
  2838899 - ETPRO TROJAN Win32/Remcos RAT Checkin 200 (trojan.rules)
  2838900 - ETPRO TROJAN Win32/Remcos RAT Checkin 201 (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20191011/da11cce2/attachment.html>


More information about the Emerging-updates mailing list