[Emerging-Sigs] Daily Ruleset Update Summary 2020/02/07

Brandon Murphy bmurphy at emergingthreats.net
Fri Feb 7 14:52:28 HST 2020


[***]            Summary:            [***]

 2 new Open, 33 new Pro (2 + 31). Emotet Wifi Bruter, HeyRAT, GravityRAT,
GoBot,  InstallCapital Adware, VARIOUS PHISH

 Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback


[+++]          Added rules:          [+++]

Open:
  2029398 - ET TROJAN Emotet Wifi Bruter Module Checkin (trojan.rules)
  2029399 - ET TROJAN Possible Satan Cryptor GeoIP Lookup (trojan.rules)

Pro:

  2840909 - ETPRO TROJAN Koadic Command Execution via CnC (trojan.rules)
  2840910 - ETPRO MALWARE InstallCapital Request for Payload (malware.rules)
  2840911 - ETPRO TROJAN Unk.Stealer CnC Checkin (trojan.rules)
  2840912 - ETPRO TROJAN GravityRAT Checkin (trojan.rules)
  2840913 - ETPRO TROJAN HeyRAT Checkin (trojan.rules)
  2840914 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-02-07 1) (trojan.rules)
  2840915 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-02-07 2) (trojan.rules)
  2840916 - ETPRO CURRENT_EVENTS Successful Visa/Mastercard OTP Phish
2020-02-07 (current_events.rules)
  2840917 - ETPRO CURRENT_EVENTS Successful Visa/Mastercard OTP Phish
2020-02-07 (current_events.rules)
  2840918 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-02-07 (current_events.rules)
  2840919 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-02-07
(current_events.rules)
  2840920 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-02-07
(current_events.rules)
  2840921 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-02-07
(current_events.rules)
  2840922 - ETPRO CURRENT_EVENTS Successful Receive Secure Cloud Files
Phish 2020-02-07 (current_events.rules)
  2840923 - ETPRO CURRENT_EVENTS Successful Ziraat Bankasi Phish 2020-02-07
(current_events.rules)
  2840924 - ETPRO CURRENT_EVENTS Successful Generic Hosted Googleapi Phish
2020-02-07 (current_events.rules)
  2840925 - ETPRO CURRENT_EVENTS Successful Facebook IN Phish 2020-02-07
(current_events.rules)
  2840926 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-07 (current_events.rules)
  2840927 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish
2020-02-07 (current_events.rules)
  2840928 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-02-07
(current_events.rules)
  2840929 - ETPRO CURRENT_EVENTS Successful Raiffeisen Bank Phish
2020-02-07 (current_events.rules)
  2840930 - ETPRO CURRENT_EVENTS Successful Raiffeisen Bank Phish
2020-02-07 (current_events.rules)
  2840931 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-02-07 (current_events.rules)
  2840932 - ETPRO CURRENT_EVENTS Successful Generic Account Verification
Phish 2020-02-07 (current_events.rules)
  2840933 - ETPRO INFO GQUIC Protocol Observed to Non-Google Service
(info.rules)
  2840934 - ETPRO TROJAN GoBot CnC Checkin (trojan.rules)
  2840935 - ETPRO TROJAN GoBot CnC Activity (trojan.rules)
  2840936 - ETPRO TROJAN Satan Cryptor - Telegram Checkin (trojan.rules)
  2840937 - ETPRO TROJAN BackDoor.Pigeon1.12826 CnC Activity M1 (set)
(trojan.rules)
  2840938 - ETPRO TROJAN BackDoor.Pigeon1.12826 CnC Activity M1
(trojan.rules)
  2840939 - ETPRO TROJAN BackDoor.Pigeon1.12826 M2 (trojan.rules)


[///]     Modified active rules:     [///]

  2013439 - ET TROJAN Dirt Jumper/Russkill3 Checkin (trojan.rules)
  2018463 - ET TROJAN possible OneLouder header structure (trojan.rules)
  2018977 - ET DOS HOIC with booster outbound (dos.rules)
  2018978 - ET DOS HOIC with booster inbound (dos.rules)
  2019166 - ET TROJAN Stobox Connectivity Check (trojan.rules)
  2019608 - ET TROJAN HB_Banker16 Get (trojan.rules)
  2020076 - ET TROJAN Andromeda Checkin Dec 29 2014 (trojan.rules)
  2802952 - ETPRO TROJAN Herpbot.B Checkin (trojan.rules)
  2804882 - ETPRO TROJAN Win32/Waledac.R Retrieving exe file (trojan.rules)
  2805969 - ETPRO TROJAN Backdoor.Win32.Oblivion reporting via ICQ WWW
script (trojan.rules)
  2806739 - ETPRO TROJAN Win32/Fabucks.A Checkin (trojan.rules)
  2806921 - ETPRO TROJAN Win32/Carberp.G Checkin (trojan.rules)
  2808386 - ETPRO TROJAN Trojan.Win32.Generic.AtsI Checkin (trojan.rules)
  2808493 - ETPRO TROJAN Win32/Beastdoor.L sending infected IP address via
ICQ (trojan.rules)
  2808575 - ETPRO TROJAN Trojan.Graybird IP Check (trojan.rules)
  2808804 - ETPRO TROJAN Win32/Cendelf.gen!A www.163.com connectivity check
(trojan.rules)
  2808808 - ETPRO TROJAN Win32/ChkBot.A Checkin (trojan.rules)
  2808817 - ETPRO TROJAN Win32.Chifrax Variant C2 (trojan.rules)
  2809016 - ETPRO TROJAN Win32.Cosmu (trojan.rules)
  2809041 - ETPRO TROJAN Win32/CoinMiner.SO .exe download (trojan.rules)
  2809091 - ETPRO TROJAN Win32/RpcBrute.A CnC (trojan.rules)
  2809204 - ETPRO TROJAN Win32.Trojan.Win32.TravNet HTTP Checkin
(trojan.rules)
  2809405 - ETPRO TROJAN Win32.Spy.Banker.UAE Checkin (trojan.rules)


[---]  Disabled and modified rules:  [---]

  2011312 - ET POLICY hide-my-ip.com POST version check (policy.rules)
  2018353 - ET CURRENT_EVENTS Win32.RBrute Scan (Outgoing)
(current_events.rules)
  2018354 - ET CURRENT_EVENTS Win32.RBrute Scan (incoming)
(current_events.rules)
  2018362 - ET CURRENT_EVENTS DRIVEBY Nuclear EK SWF (current_events.rules)
  2019765 - ET CURRENT_EVENTS DRIVEBY Nuclear EK SWF (current_events.rules)
  2808459 - ETPRO EXPLOIT Omeka 2.2 CSRF Add Persistent XSS (exploit.rules)
  2808460 - ETPRO EXPLOIT Omeka 2.2 CSRF Disable Fie Validation
(exploit.rules)
  2809077 - ETPRO TROJAN JST Perl IrcBot v3.0 HTTP GET Request
(trojan.rules)


[---]         Disabled rules:        [---]

  2013511 - ET TROJAN Win32/CazinoSilver Checkin (trojan.rules)
  2017412 - ET TROJAN Gh0st_Apple Checkin (trojan.rules)
  2807975 - ETPRO TROJAN Trojan.DownLoader9.54232 Checkin (trojan.rules)
  2808772 - ETPRO TROJAN Win32.Yakes.fudl Checkin (trojan.rules)
  2808807 - ETPRO TROJAN Win32/PSWTool.WebBrowserPassView.B checkin
(trojan.rules)
  2809006 - ETPRO TROJAN BackDoor.Tishop.2 Checkin (trojan.rules)
  2809074 - ETPRO TROJAN WIN32.AGENT.AGLKL Checkin (trojan.rules)
  2809249 - ETPRO TROJAN Backdoor.MSIL.Soaphrish.A checkin (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200207/ab51f907/attachment.html>


More information about the Emerging-sigs mailing list