[prev in list] [next in list] [prev in thread] [next in thread] 

List:       emerging-updates
Subject:    [Emerging-updates] Daily Ruleset Update Summary 2019/12/30
From:       Jack Mott <jmott () emergingthreats ! net>
Date:       2019-12-31 0:41:54
Message-ID: CAHHK96GeYn3_2coJk_EgxiyEOkwbwtF2ZOrvxd_svQr9m_TEAQ () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


[***]            Summary:            [***]

  9 new Open, 30 new Pro (9 + 21). CVE-2019-19781, Dark Nexus, Win32/Namoo,
Remcos and Various Phish.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

 [+++]          Added rules:          [+++]

 Open:

  2029203 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
  2029204 - ET TROJAN Observed Magecart CnC Domain in TLS SNI (trojan.rules)
  2029205 - ET TROJAN Malicious SSL Cert (Magecart) (trojan.rules)
  2029206 - ET EXPLOIT Possible Citrix Application Delivery Controller
Arbitrary Code Execution Attempt (CVE-2019-19781) (exploit.rules)
  2029207 - ET EXPLOIT Linear eMerge E3 Unauthenticated Command Injection
(CVE-2019-7256) (exploit.rules)
  2029208 - ET SCAN Dark Nexus IoT Variant User-Agent (Inbound) (scan.rules)
  2029209 - ET TROJAN Dark Nexus IoT Variant User-Agent (Outbound)
(trojan.rules)
  2029210 - ET MALWARE Win32/DownloadAssistant.Q Variant Checkin
(malware.rules)
  2029211 - ET MALWARE Win32/DownloadAssistant.G Variant Error Report
(malware.rules)

 Pro:

  2840142 - ETPRO TROJAN Win32/BlackNET CnC Checkin M2 (trojan.rules)
  2840143 - ETPRO TROJAN Win32/Hawkeye ReBorn Stealer Style Screenshot
Upload (trojan.rules)
  2840144 - ETPRO CURRENT_EVENTS MalDoc Retrieving Evil exe/msi/doc M2
(current_events.rules)
  2840145 - ETPRO TROJAN Win32/Unk.Stealer Browser Passwords Exfil
(trojan.rules)
  2840146 - ETPRO TROJAN Win32/Unk.Stealer Screenshot Exfil (trojan.rules)
  2840147 - ETPRO TROJAN Win32/Unk.Stealer Clipboard Data Exfil
(trojan.rules)
  2840148 - ETPRO TROJAN Win32/Namoo CnC Initial Host Checkin (trojan.rules)
  2840149 - ETPRO TROJAN Win32/Namoo CnC Activity (trojan.rules)
  2840150 - ETPRO TROJAN Possible Win32/Namoo CnC Activity Response
(trojan.rules)
  2840151 - ETPRO TROJAN Win32/Unk.Spambot (trojan.rules)
  2840152 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2019-12-30
(current_events.rules)
  2840153 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2019-12-30
(current_events.rules)
  2840154 - ETPRO CURRENT_EVENTS Successful American Express Phish
2019-12-30 (current_events.rules)
  2840155 - ETPRO CURRENT_EVENTS Successful American Express Phish
2019-12-30 (current_events.rules)
  2840156 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish
2019-12-30 (current_events.rules)
  2840157 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
2019-12-30 (current_events.rules)
  2840158 - ETPRO CURRENT_EVENTS Successful Fidelity Phish 2019-12-30
(current_events.rules)
  2840159 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-12-30
(current_events.rules)
  2840160 - ETPRO TROJAN Shasaizi CnC Host Checkin (trojan.rules)
  2840161 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-30 (current_events.rules)
  2840162 - ETPRO TROJAN Win32/Remcos RAT Checkin 294 (trojan.rules)

[Attachment #5 (text/html)]

<div dir="ltr">[***]                  Summary:                  [***]<br><br>   9 new \
Open, 30 new Pro (9 + 21). CVE-2019-19781, Dark Nexus,  Win32/Namoo, Remcos and \
Various Phish.<br><br>   Please share issues, feedback, and requests at  <a \
href="https://feedback.emergingthreats.net/feedback" \
target="_blank">https://feedback.emergingthreats.net/feedback</a><br><br>  [+++]      \
Added rules:               [+++]<br>  <br>  Open:<br><br>   2029203 - ET TROJAN \
Magecart CnC Domain Observed in DNS Query (trojan.rules)<br>   2029204 - ET TROJAN \
Observed Magecart CnC Domain in TLS SNI (trojan.rules)<br>   2029205 - ET TROJAN \
Malicious SSL Cert (Magecart) (trojan.rules)<br>   2029206 - ET EXPLOIT Possible \
Citrix Application Delivery Controller Arbitrary Code Execution Attempt \
(CVE-2019-19781) (exploit.rules)<br>   2029207 - ET EXPLOIT Linear eMerge E3 \
Unauthenticated Command Injection (CVE-2019-7256) (exploit.rules)<br>   2029208 - ET \
SCAN Dark Nexus IoT Variant User-Agent (Inbound) (scan.rules)<br>   2029209 - ET \
TROJAN Dark Nexus IoT Variant User-Agent (Outbound) (trojan.rules)<br>   2029210 - ET \
MALWARE Win32/DownloadAssistant.Q Variant Checkin (malware.rules)<br>   2029211 - ET \
MALWARE Win32/DownloadAssistant.G Variant Error Report (malware.rules)<br><br>  \
Pro:<br><div><br></div><div>   2840142 - ETPRO TROJAN Win32/BlackNET CnC Checkin M2 \
(trojan.rules)<br>   2840143 - ETPRO TROJAN Win32/Hawkeye ReBorn Stealer Style \
Screenshot Upload (trojan.rules)<br>   2840144 - ETPRO CURRENT_EVENTS MalDoc \
Retrieving Evil exe/msi/doc M2 (current_events.rules)<br>   2840145 - ETPRO TROJAN \
Win32/Unk.Stealer Browser Passwords Exfil (trojan.rules)<br>   2840146 - ETPRO TROJAN \
Win32/Unk.Stealer Screenshot Exfil (trojan.rules)<br>   2840147 - ETPRO TROJAN \
Win32/Unk.Stealer Clipboard Data Exfil (trojan.rules)<br>   2840148 - ETPRO TROJAN \
Win32/Namoo CnC Initial Host Checkin (trojan.rules)<br>   2840149 - ETPRO TROJAN \
Win32/Namoo CnC Activity (trojan.rules)<br>   2840150 - ETPRO TROJAN Possible \
Win32/Namoo CnC Activity Response (trojan.rules)<br>   2840151 - ETPRO TROJAN \
Win32/Unk.Spambot (trojan.rules)<br>   2840152 - ETPRO CURRENT_EVENTS Successful \
M&amp;T Bank Phish 2019-12-30 (current_events.rules)<br>   2840153 - ETPRO \
CURRENT_EVENTS Successful AT&amp;T Phish 2019-12-30 (current_events.rules)<br>   \
2840154 - ETPRO CURRENT_EVENTS Successful American Express Phish 2019-12-30 \
(current_events.rules)<br>   2840155 - ETPRO CURRENT_EVENTS Successful American \
Express Phish 2019-12-30 (current_events.rules)<br>   2840156 - ETPRO CURRENT_EVENTS \
Successful Adobe PDF Online Phish 2019-12-30 (current_events.rules)<br>   2840157 - \
ETPRO CURRENT_EVENTS Possible Successful Generic Phish 2019-12-30 \
(current_events.rules)<br>   2840158 - ETPRO CURRENT_EVENTS Successful Fidelity Phish \
2019-12-30 (current_events.rules)<br>   2840159 - ETPRO CURRENT_EVENTS Successful \
Paypal Phish 2019-12-30 (current_events.rules)<br>   2840160 - ETPRO TROJAN Shasaizi \
CnC Host Checkin (trojan.rules)<br>   2840161 - ETPRO CURRENT_EVENTS Successful \
Generic Credit Card Information Phish 2019-12-30 (current_events.rules)<br>   2840162 \
- ETPRO TROJAN Win32/Remcos RAT Checkin 294 (trojan.rules)</div></div>


[Attachment #6 (text/plain)]

_______________________________________________
Emerging-updates mailing list
Emerging-updates@lists.emergingthreats.net
https://lists.emergingthreats.net/mailman/listinfo/emerging-updates


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic