[Emerging-updates] Daily Ruleset Update Summary 2019/10/29

James Emery-Callcott jcallcott at emergingthreats.net
Tue Oct 29 15:14:30 HDT 2019


[***]            Summary:            [***]

  1 new Open, 10 new Pro (1 + 9).  Netwire, PowerVBS, Iobon Ichi, Various
CoinMiners.

  We have a blog up now outlining the new Suricata 5.0 ruleset information
as well information regarding our upcoming plans to EOL rule support for
Suricata 2.0/3.0 Rulesets.

  Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
  Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2028918 - ET TROJAN Netwire RAT Client Check-in (socket created)
(trojan.rules)

Pro:

  2839134 - ETPRO TROJAN Win32/Presenoker UA Observed (trojan.rules)
  2839144 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-28 1) (trojan.rules)
  2839145 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-28 2) (trojan.rules)
  2839146 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-28 3) (trojan.rules)
  2839147 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-10-28 4) (trojan.rules)
  2839148 - ETPRO TROJAN Iobon Ichi Bot CnC Checkin (trojan.rules)
  2839149 - ETPRO TROJAN Win32/PowerVBS Uploading Screenshot to CnC
(trojan.rules)
  2839150 - ETPRO POLICY Possible Android App Using Fake iPhone User-Agent
(policy.rules)

[///]     Modified active rules:     [///]

  2838879 - ETPRO TROJAN GrandSteal Server Response via WebSocket
(trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20191030/50d2544a/attachment.html>


More information about the Emerging-updates mailing list