[Emerging-Sigs] Daily Ruleset Update Summary 2020/02/33

Brandon Murphy bmurphy at emergingthreats.net
Mon Feb 3 14:26:46 HST 2020


[***]            Summary:            [***]

 1 new Open, 44 new Pro (1 + 43). Ramon Bot, ELF/Mirai, Corepack,
Win32/Remcos, Various Phish

 Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

 2029348 - ET MALWARE DonotGroup CnC Observed in DNS Query (malware.rules)

Pro:

 2840805 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-02-01 1) (trojan.rules)
 2840806 - ETPRO TROJAN Ramon Bot CnC Host Checkin (trojan.rules)
 2840807 - ETPRO TROJAN Corepack CnC Activity (trojan.rules)
 2840808 - ETPRO TROJAN F-AV CnC Host Checkin (trojan.rules)
 2840809 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
 2840810 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
 2840811 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2020-02-03
(current_events.rules)
 2840812 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-03 (current_events.rules)
 2840813 - ETPRO CURRENT_EVENTS Successful My3 Phish 2020-02-03
(current_events.rules)
 2840814 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish 2020-02-03
(current_events.rules)
 2840815 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2020-02-03
(current_events.rules)
 2840816 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-03 (current_events.rules)
 2840817 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-02-03
(current_events.rules)
 2840818 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-02-03
(current_events.rules)
 2840819 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-02-03
(current_events.rules)
 2840820 - ETPRO CURRENT_EVENTS Successful Liberbank Phish 2020-02-03
(current_events.rules)
 2840821 - ETPRO CURRENT_EVENTS Successful Telia Webmail Phish 2020-02-03
(current_events.rules)
 2840822 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-03 (current_events.rules)
 2840823 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2020-02-03
(current_events.rules)
 2840824 - ETPRO CURRENT_EVENTS Successful Nubank Phish 2020-02-03
(current_events.rules)
 2840825 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish 2020-02-03
(current_events.rules)
 2840826 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-02-03 (current_events.rules)
 2840827 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-02-03 (current_events.rules)
 2840828 - ETPRO CURRENT_EVENTS Successful Maersk Phish 2020-02-03
(current_events.rules)
 2840829 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-02-03 (current_events.rules)
 2840830 - ETPRO CURRENT_EVENTS Successful Alibaba Phish 2020-02-03
(current_events.rules)
 2840831 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-02-03
(current_events.rules)
 2840832 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-02-03
(current_events.rules)
 2840833 - ETPRO CURRENT_EVENTS Successful USAA Phish 2020-02-03
(current_events.rules)
 2840834 - ETPRO CURRENT_EVENTS Successful USAA Phish 2020-02-03
(current_events.rules)
 2840835 - ETPRO POLICY Inbound Batch Script - Enabling RDP via netsh M1
(policy.rules)
 2840836 - ETPRO POLICY Inbound Batch Script - Enabling RDP via netsh M2
(policy.rules)
 2840837 - ETPRO POLICY Inbound Batch Script - Enabling FTP via netsh M1
(policy.rules)
 2840838 - ETPRO POLICY Inbound Batch Script - Enabling FTP via netsh M2
(policy.rules)
 2840839 - ETPRO POLICY Inbound Batch Script - Enabling Telnet via netsh M1
(policy.rules)
 2840840 - ETPRO POLICY Inbound Batch Script - Enabling FTP Telnet netsh M2
(policy.rules)
 2840841 - ETPRO TROJAN Win32/Packed.FlyStudio.AA CnC Checkin M1
(trojan.rules)
 2840842 - ETPRO TROJAN Win32/Packed.FlyStudio.AA CnC Checkin M2
(trojan.rules)
 2840844 - ETPRO TROJAN Win32/Remcos RAT Checkin 327 (trojan.rules)
 2840845 - ETPRO TROJAN Win32/Remcos RAT Checkin 328 (trojan.rules)
 2840846 - ETPRO TROJAN Win32/Remcos RAT Checkin 329 (trojan.rules)
 2840847 - ETPRO TROJAN Win32/Remcos RAT Checkin 330 (trojan.rules)
 2840848 - ETPRO TROJAN Observed AZORult CnC Domain in TLS SNI
(trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200203/40ee6126/attachment.html>


More information about the Emerging-sigs mailing list