[prev in list] [next in list] [prev in thread] [next in thread]
List: emerging-updates
Subject: [Emerging-updates] Daily Ruleset Update Summary 2019/12/30
From: Jack Mott <jmott () emergingthreats ! net>
Date: 2019-12-31 0:41:54
Message-ID: CAHHK96GeYn3_2coJk_EgxiyEOkwbwtF2ZOrvxd_svQr9m_TEAQ () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
[***] Summary: [***]
9 new Open, 30 new Pro (9 + 21). CVE-2019-19781, Dark Nexus, Win32/Namoo,
Remcos and Various Phish.
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2029203 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
2029204 - ET TROJAN Observed Magecart CnC Domain in TLS SNI (trojan.rules)
2029205 - ET TROJAN Malicious SSL Cert (Magecart) (trojan.rules)
2029206 - ET EXPLOIT Possible Citrix Application Delivery Controller
Arbitrary Code Execution Attempt (CVE-2019-19781) (exploit.rules)
2029207 - ET EXPLOIT Linear eMerge E3 Unauthenticated Command Injection
(CVE-2019-7256) (exploit.rules)
2029208 - ET SCAN Dark Nexus IoT Variant User-Agent (Inbound) (scan.rules)
2029209 - ET TROJAN Dark Nexus IoT Variant User-Agent (Outbound)
(trojan.rules)
2029210 - ET MALWARE Win32/DownloadAssistant.Q Variant Checkin
(malware.rules)
2029211 - ET MALWARE Win32/DownloadAssistant.G Variant Error Report
(malware.rules)
Pro:
2840142 - ETPRO TROJAN Win32/BlackNET CnC Checkin M2 (trojan.rules)
2840143 - ETPRO TROJAN Win32/Hawkeye ReBorn Stealer Style Screenshot
Upload (trojan.rules)
2840144 - ETPRO CURRENT_EVENTS MalDoc Retrieving Evil exe/msi/doc M2
(current_events.rules)
2840145 - ETPRO TROJAN Win32/Unk.Stealer Browser Passwords Exfil
(trojan.rules)
2840146 - ETPRO TROJAN Win32/Unk.Stealer Screenshot Exfil (trojan.rules)
2840147 - ETPRO TROJAN Win32/Unk.Stealer Clipboard Data Exfil
(trojan.rules)
2840148 - ETPRO TROJAN Win32/Namoo CnC Initial Host Checkin (trojan.rules)
2840149 - ETPRO TROJAN Win32/Namoo CnC Activity (trojan.rules)
2840150 - ETPRO TROJAN Possible Win32/Namoo CnC Activity Response
(trojan.rules)
2840151 - ETPRO TROJAN Win32/Unk.Spambot (trojan.rules)
2840152 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2019-12-30
(current_events.rules)
2840153 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2019-12-30
(current_events.rules)
2840154 - ETPRO CURRENT_EVENTS Successful American Express Phish
2019-12-30 (current_events.rules)
2840155 - ETPRO CURRENT_EVENTS Successful American Express Phish
2019-12-30 (current_events.rules)
2840156 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish
2019-12-30 (current_events.rules)
2840157 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
2019-12-30 (current_events.rules)
2840158 - ETPRO CURRENT_EVENTS Successful Fidelity Phish 2019-12-30
(current_events.rules)
2840159 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-12-30
(current_events.rules)
2840160 - ETPRO TROJAN Shasaizi CnC Host Checkin (trojan.rules)
2840161 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-30 (current_events.rules)
2840162 - ETPRO TROJAN Win32/Remcos RAT Checkin 294 (trojan.rules)
[Attachment #5 (text/html)]
<div dir="ltr">[***] Summary: [***]<br><br> 9 new \
Open, 30 new Pro (9 + 21). CVE-2019-19781, Dark Nexus, Win32/Namoo, Remcos and \
Various Phish.<br><br> Please share issues, feedback, and requests at <a \
href="https://feedback.emergingthreats.net/feedback" \
target="_blank">https://feedback.emergingthreats.net/feedback</a><br><br> [+++] \
Added rules: [+++]<br> <br> Open:<br><br> 2029203 - ET TROJAN \
Magecart CnC Domain Observed in DNS Query (trojan.rules)<br> 2029204 - ET TROJAN \
Observed Magecart CnC Domain in TLS SNI (trojan.rules)<br> 2029205 - ET TROJAN \
Malicious SSL Cert (Magecart) (trojan.rules)<br> 2029206 - ET EXPLOIT Possible \
Citrix Application Delivery Controller Arbitrary Code Execution Attempt \
(CVE-2019-19781) (exploit.rules)<br> 2029207 - ET EXPLOIT Linear eMerge E3 \
Unauthenticated Command Injection (CVE-2019-7256) (exploit.rules)<br> 2029208 - ET \
SCAN Dark Nexus IoT Variant User-Agent (Inbound) (scan.rules)<br> 2029209 - ET \
TROJAN Dark Nexus IoT Variant User-Agent (Outbound) (trojan.rules)<br> 2029210 - ET \
MALWARE Win32/DownloadAssistant.Q Variant Checkin (malware.rules)<br> 2029211 - ET \
MALWARE Win32/DownloadAssistant.G Variant Error Report (malware.rules)<br><br> \
Pro:<br><div><br></div><div> 2840142 - ETPRO TROJAN Win32/BlackNET CnC Checkin M2 \
(trojan.rules)<br> 2840143 - ETPRO TROJAN Win32/Hawkeye ReBorn Stealer Style \
Screenshot Upload (trojan.rules)<br> 2840144 - ETPRO CURRENT_EVENTS MalDoc \
Retrieving Evil exe/msi/doc M2 (current_events.rules)<br> 2840145 - ETPRO TROJAN \
Win32/Unk.Stealer Browser Passwords Exfil (trojan.rules)<br> 2840146 - ETPRO TROJAN \
Win32/Unk.Stealer Screenshot Exfil (trojan.rules)<br> 2840147 - ETPRO TROJAN \
Win32/Unk.Stealer Clipboard Data Exfil (trojan.rules)<br> 2840148 - ETPRO TROJAN \
Win32/Namoo CnC Initial Host Checkin (trojan.rules)<br> 2840149 - ETPRO TROJAN \
Win32/Namoo CnC Activity (trojan.rules)<br> 2840150 - ETPRO TROJAN Possible \
Win32/Namoo CnC Activity Response (trojan.rules)<br> 2840151 - ETPRO TROJAN \
Win32/Unk.Spambot (trojan.rules)<br> 2840152 - ETPRO CURRENT_EVENTS Successful \
M&T Bank Phish 2019-12-30 (current_events.rules)<br> 2840153 - ETPRO \
CURRENT_EVENTS Successful AT&T Phish 2019-12-30 (current_events.rules)<br> \
2840154 - ETPRO CURRENT_EVENTS Successful American Express Phish 2019-12-30 \
(current_events.rules)<br> 2840155 - ETPRO CURRENT_EVENTS Successful American \
Express Phish 2019-12-30 (current_events.rules)<br> 2840156 - ETPRO CURRENT_EVENTS \
Successful Adobe PDF Online Phish 2019-12-30 (current_events.rules)<br> 2840157 - \
ETPRO CURRENT_EVENTS Possible Successful Generic Phish 2019-12-30 \
(current_events.rules)<br> 2840158 - ETPRO CURRENT_EVENTS Successful Fidelity Phish \
2019-12-30 (current_events.rules)<br> 2840159 - ETPRO CURRENT_EVENTS Successful \
Paypal Phish 2019-12-30 (current_events.rules)<br> 2840160 - ETPRO TROJAN Shasaizi \
CnC Host Checkin (trojan.rules)<br> 2840161 - ETPRO CURRENT_EVENTS Successful \
Generic Credit Card Information Phish 2019-12-30 (current_events.rules)<br> 2840162 \
- ETPRO TROJAN Win32/Remcos RAT Checkin 294 (trojan.rules)</div></div>
[Attachment #6 (text/plain)]
_______________________________________________
Emerging-updates mailing list
Emerging-updates@lists.emergingthreats.net
https://lists.emergingthreats.net/mailman/listinfo/emerging-updates
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic