[Emerging-updates] Daily Ruleset Update Summary 2019/10/17

Jack Mott jmott at emergingthreats.net
Thu Oct 17 15:12:20 HDT 2019


[***]            Summary:            [***]

22 new Open, 35 new Pro (22 + 13).  Various Duke DNS Domains, APT 41,
TinyNuke, CoinMiners, Various Phishing.

We have a blog up now outlining the new Suricata 5.0 ruleset information as
well information regarding our upcoming plans to EOL rule support for
Suricata 2.0/3.0 Rulesets.

Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2028843 - ET TROJAN PolyglotDuke Domain Observed (trojan.rules)
  2028844 - ET TROJAN PolyglotDuke Domain Observed (trojan.rules)
  2028845 - ET TROJAN PolyglotDuke Domain Observed (trojan.rules)
  2028846 - ET TROJAN PolyglotDuke Domain Observed (trojan.rules)
  2028847 - ET TROJAN PolyglotDuke Domain Observed (trojan.rules)
  2028848 - ET TROJAN PolyglotDuke Domain Observed (trojan.rules)
  2028849 - ET TROJAN PolyglotDuke Domain Observed (trojan.rules)
  2028850 - ET TROJAN PolyglotDuke Domain Observed (trojan.rules)
  2028851 - ET TROJAN PolyglotDuke Domain Observed (trojan.rules)
  2028852 - ET TROJAN PolyglotDuke Domain Observed (trojan.rules)
  2028853 - ET TROJAN PolyglotDuke Domain Observed (trojan.rules)
  2028854 - ET TROJAN PolyglotDuke Domain Observed (trojan.rules)
  2028855 - ET TROJAN MiniDuke Domain Observed (trojan.rules)
  2028856 - ET TROJAN MiniDuke Domain Observed (trojan.rules)
  2028857 - ET TROJAN FatDuke Domain Observed (trojan.rules)
  2028858 - ET TROJAN FatDuke Domain Observed (trojan.rules)
  2028859 - ET TROJAN FatDuke Domain Observed (trojan.rules)
  2028860 - ET TROJAN FatDuke Domain Observed (trojan.rules)
  2028861 - ET TROJAN FatDuke Domain Observed (trojan.rules)
  2028862 - ET TROJAN LiteDuke Domain Observed (trojan.rules)
  2028863 - ET TROJAN APT 41 LOWKEY Backdoor - Initalisation Bytes Received
from CnC (trojan.rules)

Pro:

  2028864 - ET MALWARE SoftwareTracking Site - Download Report
(malware.rules)
  2838973 - ETPRO TROJAN HeavenWard Keylogger Domain in DNS Lookup
(trojan.rules)
  2838975 - ETPRO TROJAN Win32/TinyNuke CnC Checkin M2 (trojan.rules)
  2838976 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-16 1) (trojan.rules)
  2838977 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-16 2) (trojan.rules)
  2838978 - ETPRO CURRENT_EVENTS Successful Simplii Phish 2019-10-17
(current_events.rules)
  2838979 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2019-10-17
(current_events.rules)
  2838980 - ETPRO CURRENT_EVENTS Successful National Bank Phish 2019-10-17
(current_events.rules)
  2838981 - ETPRO CURRENT_EVENTS Successful Woodforest National Bank Phish
2019-10-17 (current_events.rules)
  2838982 - ETPRO CURRENT_EVENTS Successful Simplii Phish 2019-10-17
(current_events.rules)
  2838983 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-10-17
(current_events.rules)
  2838984 - ETPRO CURRENT_EVENTS Successful Naver Phish 2019-10-17
(current_events.rules)
  2838985 - ETPRO CURRENT_EVENTS Successful Caja Madrid Phish 2019-10-17
(current_events.rules)
  2838986 - ETPRO CURRENT_EVENTS Successful Simplii Phish 2019-10-17
(current_events.rules)

[///]     Modified active rules:     [///]

  2836271 - ETPRO TROJAN Win32/QULAB Telegram Exfiltration via Proxy
(trojan.rules)

 [---]         Removed rules:         [---]

  2807385 - ETPRO TROJAN Win32.Hupigon Variant Payload Delivery
(trojan.rules)
  2838973 - ETPRO MALWARE HeavenWard Keylogger Domain in DNS Lookup
(malware.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20191017/c3331514/attachment.html>


More information about the Emerging-updates mailing list