[Emerging-updates] Daily Ruleset Update Summary 2019/10/14

Jack Mott jmott at emergingthreats.net
Mon Oct 14 16:03:33 HDT 2019


[***]            Summary:            [***]

89 new Open, 114 new Pro (89 + 25).  NOIP DynDNS, Pegasus, Mustang Panda,
JasperLoader, Remcos, Various Mobile.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2028675 - ET POLICY DNS Query to DynDNS Domain *.ddns .net (policy.rules)
  2028676 - ET POLICY DNS Query to DynDNS Domain *.ddnsking .com
(policy.rules)
  2028677 - ET POLICY DNS Query to DynDNS Domain *.3utilities .com
(policy.rules)
  2028678 - ET POLICY DNS Query to DynDNS Domain *.bounceme .net
(policy.rules)
  2028679 - ET POLICY DNS Query to DynDNS Domain *.freedynamicdns .net
(policy.rules)
  2028680 - ET POLICY DNS Query to DynDNS Domain *.freedynamicdns .org
(policy.rules)
  2028681 - ET POLICY DNS Query to DynDNS Domain *.hopto .org (policy.rules)
  2028684 - ET POLICY DNS Query to DynDNS Domain *.myftp .org (policy.rules)
  2028685 - ET POLICY DNS Query to DynDNS Domain *.myvnc .com (policy.rules)
  2028686 - ET POLICY DNS Query to DynDNS Domain *.onthewifi .com
(policy.rules)
  2028687 - ET POLICY DNS Query to DynDNS Domain *.redirectme .net
(policy.rules)
  2028688 - ET POLICY DNS Query to DynDNS Domain *.servebeer .com
(policy.rules)
  2028689 - ET POLICY DNS Query to DynDNS Domain *.serveblog .net
(policy.rules)
  2028690 - ET POLICY DNS Query to DynDNS Domain *.servecounterstrike .com
(policy.rules)
  2028691 - ET POLICY DNS Query to DynDNS Domain *.serveftp .com
(policy.rules)
  2028692 - ET POLICY DNS Query to DynDNS Domain *.servegame .com
(policy.rules)
  2028693 - ET POLICY DNS Query to DynDNS Domain *.servehalflife .com
(policy.rules)
  2028694 - ET POLICY DNS Query to DynDNS Domain *.servehttp .com
(policy.rules)
  2028695 - ET POLICY DNS Query to DynDNS Domain *.serveirc .com
(policy.rules)
  2028696 - ET POLICY DNS Query to DynDNS Domain *.serveminecraft .net
(policy.rules)
  2028697 - ET POLICY DNS Query to DynDNS Domain *.servemp3 .com
(policy.rules)
  2028698 - ET POLICY DNS Query to DynDNS Domain *.servepics .com
(policy.rules)
  2028699 - ET POLICY DNS Query to DynDNS Domain *.servequake .com
(policy.rules)
  2028701 - ET POLICY DNS Query to DynDNS Domain *.viewdns .net
(policy.rules)
  2028702 - ET POLICY DNS Query to DynDNS Domain *.webhop .me (policy.rules)
  2028703 - ET POLICY DNS Query to DynDNS Domain *.zapto .org (policy.rules)
  2028704 - ET POLICY DNS Query to DynDNS Domain *.access .ly (policy.rules)
  2028705 - ET POLICY DNS Query to DynDNS Domain *.blogsyte .com
(policy.rules)
  2028706 - ET POLICY DNS Query to DynDNS Domain *.brasilia .me
(policy.rules)
  2028707 - ET POLICY DNS Query to DynDNS Domain *.cable-modem .org
(policy.rules)
  2028708 - ET POLICY DNS Query to DynDNS Domain *.ciscofreak .com
(policy.rules)
  2028709 - ET POLICY DNS Query to DynDNS Domain *.collegefan .org
(policy.rules)
  2028710 - ET POLICY DNS Query to DynDNS Domain *.couchpotatofries .org
(policy.rules)
  2028711 - ET POLICY DNS Query to DynDNS Domain *.damnserver .com
(policy.rules)
  2028712 - ET POLICY DNS Query to DynDNS Domain *.ddns .me (policy.rules)
  2028713 - ET POLICY DNS Query to DynDNS Domain *.ditchyourip .com
(policy.rules)
  2028714 - ET POLICY DNS Query to DynDNS Domain *.dnsfor .me (policy.rules)
  2028715 - ET POLICY DNS Query to DynDNS Domain *.dnsiskinky .com
(policy.rules)
  2028716 - ET POLICY DNS Query to DynDNS Domain *.dvrcam .info
(policy.rules)
  2028717 - ET POLICY DNS Query to DynDNS Domain *.dynns .com (policy.rules)
  2028718 - ET POLICY DNS Query to DynDNS Domain *.eating-organic .net
(policy.rules)
  2028719 - ET POLICY DNS Query to DynDNS Domain *.fantasyleague .cc
(policy.rules)
  2028720 - ET POLICY DNS Query to DynDNS Domain *.geekgalaxy .com
(policy.rules)
  2028721 - ET POLICY DNS Query to DynDNS Domain *.golffan .us
(policy.rules)
  2028722 - ET POLICY DNS Query to DynDNS Domain *.health-carereform .com
(policy.rules)
  2028723 - ET POLICY DNS Query to DynDNS Domain *.homesecuritymac .com
(policy.rules)
  2028724 - ET POLICY DNS Query to DynDNS Domain *.homesecuritypc .com
(policy.rules)
  2028725 - ET POLICY DNS Query to DynDNS Domain *.hosthampster .com
(policy.rules)
  2028726 - ET POLICY DNS Query to DynDNS Domain *.hopto .me (policy.rules)
  2028727 - ET POLICY DNS Query to DynDNS Domain *.ilovecollege .info
(policy.rules)
  2028728 - ET POLICY DNS Query to DynDNS Domain *.loginto .me
(policy.rules)
  2028729 - ET POLICY DNS Query to DynDNS Domain *.mlbfan .org
(policy.rules)
  2028730 - ET POLICY DNS Query to DynDNS Domain *.mmafan .biz
(policy.rules)
  2028731 - ET POLICY DNS Query to DynDNS Domain *.myactivedirectory .com
(policy.rules)
  2028732 - ET POLICY DNS Query to DynDNS Domain *.mydissent .net
(policy.rules)
  2028733 - ET POLICY DNS Query to DynDNS Domain *.myeffect .net
(policy.rules)
  2028734 - ET POLICY DNS Query to DynDNS Domain *.mymediapc .net
(policy.rules)
  2028735 - ET POLICY DNS Query to DynDNS Domain *.mypsx .net (policy.rules)
  2028736 - ET POLICY DNS Query to DynDNS Domain *.mysecuritycamera .com
(policy.rules)
  2028737 - ET POLICY DNS Query to DynDNS Domain *.mysecuritycamera .net
(policy.rules)
  2028738 - ET POLICY DNS Query to DynDNS Domain *.mysecuritycamera .org
(policy.rules)
  2028739 - ET POLICY DNS Query to DynDNS Domain *.net-freaks .com
(policy.rules)
  2028740 - ET POLICY DNS Query to DynDNS Domain *.nflfan .org
(policy.rules)
  2028741 - ET POLICY DNS Query to DynDNS Domain *.nhlfan .net
(policy.rules)
  2028742 - ET POLICY DNS Query to DynDNS Domain *.pgafan .net
(policy.rules)
  2028743 - ET POLICY DNS Query to DynDNS Domain *.point2this .com
(policy.rules)
  2028744 - ET POLICY DNS Query to DynDNS Domain *.pointto .us
(policy.rules)
  2028745 - ET POLICY DNS Query to DynDNS Domain *.privatizehealthinsurance
.net (policy.rules)
  2028746 - ET POLICY DNS Query to DynDNS Domain *.quicksytes .com
(policy.rules)
  2028747 - ET POLICY DNS Query to DynDNS Domain *.read-books .org
(policy.rules)
  2028748 - ET POLICY DNS Query to DynDNS Domain *.securitytactics .com
(policy.rules)
  2028749 - ET POLICY DNS Query to DynDNS Domain *.serveexchange .com
(policy.rules)
  2028750 - ET POLICY DNS Query to DynDNS Domain *.servehumour .com
(policy.rules)
  2028751 - ET POLICY DNS Query to DynDNS Domain *.servep2p .com
(policy.rules)
  2028752 - ET POLICY DNS Query to DynDNS Domain *.servesarcasm .com
(policy.rules)
  2028753 - ET POLICY DNS Query to DynDNS Domain *.stufftoread .com
(policy.rules)
  2028754 - ET POLICY DNS Query to DynDNS Domain *.ufcfan .org
(policy.rules)
  2028755 - ET POLICY DNS Query to DynDNS Domain *.unusualperson .com
(policy.rules)
  2028756 - ET POLICY DNS Query to DynDNS Domain *.workisboring .com
(policy.rules)
  2028817 - ET TROJAN NSO Group Pegasus CnC Domain Observed in DNS Query
(trojan.rules)
  2028818 - ET TROJAN NSO Group Pegasus CnC Domain Observed in DNS Query
(trojan.rules)
  2028819 - ET TROJAN NSO Group Pegasus CnC Domain Observed in DNS Query
(trojan.rules)
  2028820 - ET TROJAN NSO Group Pegasus CnC Domain Observed in DNS Query
(trojan.rules)
  2028821 - ET TROJAN NSO Group Pegasus CnC Domain Observed in DNS Query
(trojan.rules)
  2028822 - ET TROJAN NSO Group Pegasus CnC Domain Observed in DNS Query
(trojan.rules)
  2028823 - ET TROJAN APT Mustang Panda Payload - CnC Checkin (trojan.rules)
  2028824 - ET TROJAN Observed Malicious SSL Cert (APT MustangPanda CnC)
(trojan.rules)
  2028825 - ET EXPLOIT vBulletin 5.x Unauthenticated Remote Code Execution
(CVE-2019-16759) M2 (exploit.rules)
  2028826 - ET EXPLOIT vBulletin 5.x Unauthenticated Remote Code Execution
(CVE-2019-16759) M3 (exploit.rules)

Pro:

  2838901 - ETPRO MOBILE_MALWARE Android.Hiddad.GEN23632 CnC Beacon
(mobile_malware.rules)
  2838903 - ETPRO MOBILE_MALWARE Android/HiddenApp.HG Checkin
(mobile_malware.rules)
  2838904 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Necro.n Checkin
(mobile_malware.rules)
  2838905 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.YVCY-5 Reporting
Location/Device Info (mobile_malware.rules)
  2838906 - ETPRO TROJAN Observed Malicious SSL Cert (PsiXBot CnC)
(trojan.rules)
  2838907 - ETPRO POLICY Observed DNS over HTTPS Domain (doh .securedns .eu
in TLS SNI) (policy.rules)
  2838908 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
  2838909 - ETPRO TROJAN Win32/JasperLoader CnC Activity (trojan.rules)
  2838910 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2838911 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2838912 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-11 1) (trojan.rules)
  2838913 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-11 2) (trojan.rules)
  2838914 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-11 3) (trojan.rules)
  2838915 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-10-14
(current_events.rules)
  2838916 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-14 1) (trojan.rules)
  2838917 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-14 2) (trojan.rules)
  2838918 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-14 3) (trojan.rules)
  2838919 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-14 4) (trojan.rules)
  2838920 - ETPRO TROJAN APT Bisonal Payload - CnC Checkin (trojan.rules)
  2838921 - ETPRO TROJAN APT Tendrit Payload - CnC Checkin (trojan.rules)
  2838922 - ETPRO TROJAN APT Kimsuky - Reused Boundary String Observed
(trojan.rules)
  2838924 - ETPRO TROJAN MedusaHTTP Variant CnC Checkin (trojan.rules)
  2838925 - ETPRO TROJAN Win32/Remcos RAT Checkin 202 (trojan.rules)
  2838926 - ETPRO TROJAN Win32/Remcos RAT Checkin 203 (trojan.rules)

[///]     Modified active rules:     [///]

  2027721 - ET EXPLOIT IE Scripting Engine Memory Corruption Vulnerability
(CVE-2019-0752) (exploit.rules)
  2028621 - ET EXPLOIT vBulletin 5.x Unauthenticated Remote Code Execution
(CVE-2019-16759) M1 (exploit.rules)
  2838703 - ETPRO TROJAN Win32/FTCode Ransomware CnC Checkin (trojan.rules)
  2838771 - ETPRO TROJAN FTCode Ransomware VBS Inbound (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20191014/e1956b07/attachment.html>


More information about the Emerging-updates mailing list