[Emerging-updates] Daily Ruleset Update Summary 2019/10/31

James Emery-Callcott jcallcott at emergingthreats.net
Thu Oct 31 16:51:02 HDT 2019


[***]            Summary:            [***]

  11 new Open, 16 new Pro (11 + 5).  Unk/LNKR, MSIL.L4L, StrongPity,
Various Android.

  Thanks Travis Green and the 2019 Suricon Threat Hunting Class.

  We have a blog up now outlining the new Suricata 5.0 ruleset information
as well information regarding our upcoming plans to EOL rule support for
Suricata 2.0/3.0 Rulesets.

  Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
  Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2028921 - ET TROJAN Kimsuky CnC Domain Observed in DNS Query
(trojan.rules)
  2028922 - ET TROJAN Kimsuky CnC Domain Observed in DNS Query
(trojan.rules)
  2028923 - ET TROJAN Unk/LNKR CnC Domain Observed in DNS Query
(trojan.rules)
  2028924 - ET TROJAN Unk/LNKR CnC Domain Observed in DNS Query
(trojan.rules)
  2028925 - ET TROJAN Unk/LNKR CnC Domain Observed in DNS Query
(trojan.rules)
  2028926 - ET TROJAN Observed Malicious SSL Cert (StrongPity CnC)
(trojan.rules)
  2028927 - ET MALWARE StrongPity CnC Domain Observed in DNS Query
(malware.rules)
  2028928 - ET EXPLOIT VMware VeloCloud Authorization Bypass
(CVE-2019-5533) (exploit.rules)
  2028929 - ET TROJAN MSIL.L4L Stealer IP Check (trojan.rules)
  2028930 - ET TROJAN MSIL.L4L Stealer Screenshot Exfiltration
(trojan.rules)
  2028931 - ET TROJAN MSIL.L4L Stealer Systeminfo Exfiltration
(trojan.rules)

Pro:

  2839153 - ETPRO POLICY Suspicious Double Accept HTTP Header Value
(policy.rules)
  2839154 - ETPRO MOBILE_MALWARE Riskware.Android.Wooboo.cthjxd Reporting
Device Details (mobile_malware.rules)
  2839155 - ETPRO MOBILE_MALWARE Android/TrojanDownloader.Agent.LV CnC
Beacon (mobile_malware.rules)
  2839156 - ETPRO MOBILE_MALWARE Trojan.Android.SystemMonitor.eeirqa CnC
Beacon (mobile_malware.rules)
  2839157 - ETPRO MOBILE_MALWARE Android/Triada.GY Checkin
(mobile_malware.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20191101/3cf976f8/attachment.html>


More information about the Emerging-updates mailing list