[Emerging-Sigs] Daily Ruleset Update Summary 2020/02/03

Brandon Murphy bmurphy at emergingthreats.net
Mon Feb 3 15:48:54 HST 2020


Thank you.  Garfield was right, "Mondays are the worst."

-Brandon



On Mon, Feb 3, 2020 at 6:57 PM Duane Howard <duane.security at gmail.com>
wrote:

> Fixing the date, because there is no 33rd this month =)
> [***]            Summary:            [***]
>
>  1 new Open, 44 new Pro (1 + 43). Ramon Bot, ELF/Mirai, Corepack,
> Win32/Remcos, Various Phish
>
>  Please share issues, feedback, and requests at
> https://feedback.emergingthreats.net/feedback
>
> [+++]          Added rules:          [+++]
>
> Open:
>
>  2029348 - ET MALWARE DonotGroup CnC Observed in DNS Query (malware.rules)
>
> Pro:
>
>  2840805 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
> (2020-02-01 1) (trojan.rules)
>  2840806 - ETPRO TROJAN Ramon Bot CnC Host Checkin (trojan.rules)
>  2840807 - ETPRO TROJAN Corepack CnC Activity (trojan.rules)
>  2840808 - ETPRO TROJAN F-AV CnC Host Checkin (trojan.rules)
>  2840809 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
> (trojan.rules)
>  2840810 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
>  2840811 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2020-02-03
> (current_events.rules)
>  2840812 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
> Phish 2020-02-03 (current_events.rules)
>  2840813 - ETPRO CURRENT_EVENTS Successful My3 Phish 2020-02-03
> (current_events.rules)
>  2840814 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
> 2020-02-03 (current_events.rules)
>  2840815 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2020-02-03
> (current_events.rules)
>  2840816 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
> Phish 2020-02-03 (current_events.rules)
>  2840817 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-02-03
> (current_events.rules)
>  2840818 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-02-03
> (current_events.rules)
>  2840819 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-02-03
> (current_events.rules)
>  2840820 - ETPRO CURRENT_EVENTS Successful Liberbank Phish 2020-02-03
> (current_events.rules)
>  2840821 - ETPRO CURRENT_EVENTS Successful Telia Webmail Phish 2020-02-03
> (current_events.rules)
>  2840822 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
> Phish 2020-02-03 (current_events.rules)
>  2840823 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2020-02-03
> (current_events.rules)
>  2840824 - ETPRO CURRENT_EVENTS Successful Nubank Phish 2020-02-03
> (current_events.rules)
>  2840825 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
> 2020-02-03 (current_events.rules)
>  2840826 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
> 2020-02-03 (current_events.rules)
>  2840827 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
> 2020-02-03 (current_events.rules)
>  2840828 - ETPRO CURRENT_EVENTS Successful Maersk Phish 2020-02-03
> (current_events.rules)
>  2840829 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
> 2020-02-03 (current_events.rules)
>  2840830 - ETPRO CURRENT_EVENTS Successful Alibaba Phish 2020-02-03
> (current_events.rules)
>  2840831 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-02-03
> (current_events.rules)
>  2840832 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-02-03
> (current_events.rules)
>  2840833 - ETPRO CURRENT_EVENTS Successful USAA Phish 2020-02-03
> (current_events.rules)
>  2840834 - ETPRO CURRENT_EVENTS Successful USAA Phish 2020-02-03
> (current_events.rules)
>  2840835 - ETPRO POLICY Inbound Batch Script - Enabling RDP via netsh M1
> (policy.rules)
>  2840836 - ETPRO POLICY Inbound Batch Script - Enabling RDP via netsh M2
> (policy.rules)
>  2840837 - ETPRO POLICY Inbound Batch Script - Enabling FTP via netsh M1
> (policy.rules)
>  2840838 - ETPRO POLICY Inbound Batch Script - Enabling FTP via netsh M2
> (policy.rules)
>  2840839 - ETPRO POLICY Inbound Batch Script - Enabling Telnet via netsh
> M1 (policy.rules)
>  2840840 - ETPRO POLICY Inbound Batch Script - Enabling FTP Telnet netsh
> M2 (policy.rules)
>  2840841 - ETPRO TROJAN Win32/Packed.FlyStudio.AA CnC Checkin M1
> (trojan.rules)
>  2840842 - ETPRO TROJAN Win32/Packed.FlyStudio.AA CnC Checkin M2
> (trojan.rules)
>  2840844 - ETPRO TROJAN Win32/Remcos RAT Checkin 327 (trojan.rules)
>  2840845 - ETPRO TROJAN Win32/Remcos RAT Checkin 328 (trojan.rules)
>  2840846 - ETPRO TROJAN Win32/Remcos RAT Checkin 329 (trojan.rules)
>  2840847 - ETPRO TROJAN Win32/Remcos RAT Checkin 330 (trojan.rules)
>  2840848 - ETPRO TROJAN Observed AZORult CnC Domain in TLS SNI
> (trojan.rules)
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200203/770f4906/attachment-0001.html>


More information about the Emerging-sigs mailing list