[Emerging-updates] Daily Ruleset Update Summary 2019/10/22

James Emery-Callcott jcallcott at emergingthreats.net
Tue Oct 22 14:03:28 HDT 2019


[***]            Summary:            [***]

  2 new Open, 32 new Pro (2 + 30).  Remcos, Win32/Valak, PowerShell,
Various Phish.

  We have a blog up now outlining the new Suricata 5.0 ruleset information
as well information regarding our upcoming plans to EOL rule support for
Suricata 2.0/3.0 Rulesets.

  Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
  Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2028893 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
  2028894 - ET TROJAN Observed Malicious SSL Cert (AZORult CnC Server)
2019-10-08 (trojan.rules)

Pro:

  2838971 - ETPRO TROJAN Win32/Presenoker UA Observed (trojan.rules)
  2839051 - ETPRO TROJAN Win32/Unk.Loader Retrieving Payload (trojan.rules)
  2839052 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-21 1) (trojan.rules)
  2839053 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-21 2) (trojan.rules)
  2839054 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-21 3) (trojan.rules)
  2839055 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-21 4) (trojan.rules)
  2839056 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-21 5) (trojan.rules)
  2839057 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-21 6) (trojan.rules)
  2839058 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-10-22 (current_events.rules)
  2839059 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-10-22 (current_events.rules)
  2839060 - ETPRO CURRENT_EVENTS Successful American Express Phish
2019-10-22 (current_events.rules)
  2839061 - ETPRO CURRENT_EVENTS Successful Telekom/Tmobile Phish
2019-10-22 (current_events.rules)
  2839062 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-10-22 (current_events.rules)
  2839063 - ETPRO CURRENT_EVENTS Successful Generic Mailbox Validation
Phish 2019-10-22 (current_events.rules)
  2839064 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish 2019-10-22
(current_events.rules)
  2839065 - ETPRO CURRENT_EVENTS Successful Google Account Phish 2019-10-22
(current_events.rules)
  2839066 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-10-22 (current_events.rules)
  2839067 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-10-22
(current_events.rules)
  2839068 - ETPRO TROJAN PowerShell XOR Encoded In Memory Shellcode Loader
Inbound (trojan.rules)
  2839069 - ETPRO TROJAN PowerShell Base64 Encoded Concat Inbound
(trojan.rules)
  2839070 - ETPRO TROJAN Win32/Valak CnC Activity M1 (trojan.rules)
  2839071 - ETPRO TROJAN Win32/Valak CnC Activity M2 (trojan.rules)
  2839072 - ETPRO MALWARE Win32/Bancteian.A Variant CnC Activity
(malware.rules)
  2839073 - ETPRO TROJAN Win32/Remcos RAT Checkin 218 (trojan.rules)
  2839074 - ETPRO TROJAN Win32/Remcos RAT Checkin 219 (trojan.rules)
  2839075 - ETPRO TROJAN Win32/Remcos RAT Checkin 220 (trojan.rules)
  2839076 - ETPRO TROJAN Win32/Remcos RAT Checkin 221 (trojan.rules)
  2839077 - ETPRO TROJAN Win32/Remcos RAT Checkin 222 (trojan.rules)
  2839078 - ETPRO TROJAN Win32/Remcos RAT Checkin 223 (trojan.rules)
  2839079 - ETPRO TROJAN Win32/Remcos RAT Checkin 224 (trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20191023/b1613204/attachment.html>


More information about the Emerging-updates mailing list