[Emerging-Sigs] Daily Ruleset Update Summary 2019/04/02

James Emery-Callcott jcallcott at emergingthreats.net
Tue Apr 2 13:28:36 HDT 2019 

[***]            Summary:            [***]

  3 new Open, 32 new Pro (3 + 29).  Fakeslic/Cohhoc RAT, Remcos RAT,
Various SSL, Various Phish.

  Thanks, DakotaCon Threat Hunting Class.

 [+++]          Added rules:          [+++]

 Open:

  2027143 - ET CURRENT_EVENTS MalDoc Request for Payload (TA505 Related)
(current_events.rules)
  2027144 - ET TROJAN Xwo CnC Activity (trojan.rules)
  2027145 - ET CURRENT_EVENTS Spelevo EK Flash Exploit Attempt
(current_events.rules)

 Pro:

  2835686 - ETPRO TROJAN Fakeslic/Cohhoc RAT CnC Request (trojan.rules)
  2835687 - ETPRO POLICY External IP Lookup - jsonip.com (policy.rules)
  2835688 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-02 1) (trojan.rules)
  2835689 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-02 2) (trojan.rules)
  2835690 - ETPRO POLICY External IP Lookup - whoami.php (policy.rules)
  2835691 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2835692 - ETPRO TROJAN Win32/Malex.gen!E CnC Checkin (trojan.rules)
  2835693 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-04-02) (current_events.rules)
  2835694 - ETPRO TROJAN Observed Malicious SSL Cert (Gootkit CnC)
(trojan.rules)
  2835695 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2835696 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-04-02
(current_events.rules)
  2835697 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-04-02
(current_events.rules)
  2835698 - ETPRO CURRENT_EVENTS Successful Paypal  Phish 2019-04-02
(current_events.rules)
  2835699 - ETPRO CURRENT_EVENTS Successful Adobe Document Cloud Phish
2019-04-02 (current_events.rules)
  2835700 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-04-02
(current_events.rules)
  2835701 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-04-02 (current_events.rules)
  2835702 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2019-04-02 (current_events.rules)
  2835703 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2019-04-02 (current_events.rules)
  2835704 - ETPRO CURRENT_EVENTS Successful Targo Bank DE Phish 2019-04-02
(current_events.rules)
  2835705 - ETPRO CURRENT_EVENTS Successful American Express Phish
2019-04-02 (current_events.rules)
  2835706 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-04-02
(current_events.rules)
  2835707 - ETPRO CURRENT_EVENTS Successful Personalized OneDrive Phish
2019-04-02 (current_events.rules)
  2835708 - ETPRO CURRENT_EVENTS Successful Societe Generale Phish
2019-04-02 (current_events.rules)
  2835709 - ETPRO CURRENT_EVENTS Successful Personalized Shipping Phish
2019-03-11 (current_events.rules)
  2835710 - ETPRO CURRENT_EVENTS Successful Payoneer Phish 2019-04-02
(current_events.rules)
  2835711 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-04-02 (current_events.rules)
  2835712 - ETPRO CURRENT_EVENTS Successful Volksbank Phish 2019-04-02
(current_events.rules)
  2835713 - ETPRO TROJAN MSIL/Filecoder.AK/GhostDakri Uploading Keylog File
(trojan.rules)
  2835714 - ETPRO TROJAN Remcos RAT Checkin 97 (trojan.rules)


 [///]     Modified active rules:     [///]

  2026738 - ET TROJAN [PTsecurity] Trickbot Data Exfiltration (trojan.rules)
  2027024 - ET TROJAN Win32/Kribat-A Downloader Activity (trojan.rules)


---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20190402/5cb62a6b/attachment.html>

More information about the Emerging-sigs mailing list