[Emerging-Sigs] Daily Ruleset Update Summary 2020/01/03

Brandon Murphy bmurphy at emergingthreats.net
Fri Jan 3 13:13:05 HST 2020


[***]            Summary:            [***]

  1 new Open, 30 new Pro (1 + 29). Legion Loader, Nanobot.px, Cobalt
Strike, and Various Phish.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2029223 - ET TROJAN Legion Loader Activity Observed (carlos_castaneda)
(trojan.rules)

Pro:

  2840230 - ETPRO MOBILE_MALWARE Android FinSpy Checkin
(mobile_malware.rules)
  2840231 - ETPRO MOBILE_MALWARE Android FinSpy Checkin M2
(mobile_malware.rules)
  2840232 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Egat.d App List
Exfil (mobile_malware.rules)
  2840233 - ETPRO POLICY External Geo IP Lookup - ipcode .pw (policy.rules)
  2840234 - ETPRO TROJAN ArtraLoader CnC Activity (trojan.rules)
  2840235 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-03 1) (trojan.rules)
  2840236 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-03 2) (trojan.rules)
  2840237 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-03 3) (trojan.rules)
  2840238 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-03 4) (trojan.rules)
  2840239 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-03 5) (trojan.rules)
  2840240 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-03 6) (trojan.rules)
  2840241 - ETPRO TROJAN Possible Cobalt Strike CnC via DNS TXT
(trojan.rules)
  2840242 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-01-03
(current_events.rules)
  2840243 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-01-03
(current_events.rules)
  2840244 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-01-03
(current_events.rules)
  2840245 - ETPRO CURRENT_EVENTS Successful Blockchain Phish 2020-01-03
(current_events.rules)
  2840246 - ETPRO CURRENT_EVENTS Successful Vakifbank Phish 2020-01-03
(current_events.rules)
  2840247 - ETPRO CURRENT_EVENTS Successful Banco Bradesco Phish 2020-01-03
(current_events.rules)
  2840248 - ETPRO CURRENT_EVENTS Successful Generic Multibank Phish
2020-01-03 (current_events.rules)
  2840249 - ETPRO CURRENT_EVENTS Successful Associated Bank Phish
2020-01-03 (current_events.rules)
  2840250 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-01-03
(current_events.rules)
  2840251 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-01-03 (current_events.rules)
  2840252 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2020-01-03
(current_events.rules)
  2840253 - ETPRO CURRENT_EVENTS Successful Nubank Phish 2020-01-03
(current_events.rules)
  2840254 - ETPRO CURRENT_EVENTS Successful Apple Phish 2020-01-03
(current_events.rules)
  2840255 - ETPRO TROJAN Nanobot.px CnC Log Reporting (trojan.rules)
  2840256 - ETPRO TROJAN MSIL/GenKryptik.DZXQ CnC Activity (trojan.rules)
  2840257 - ETPRO TROJAN Win32/TrojanDownloader.Zurgop.AB Variant CnC
Activity (trojan.rules)
  2840258 - ETPRO TROJAN Win32/Alyak.F CnC Activity (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200103/0d0713d7/attachment.html>


More information about the Emerging-sigs mailing list