[Emerging-Sigs] Daily Ruleset Update Summary 2020/01/09

Brandon Murphy bmurphy at emergingthreats.net
Thu Jan 9 13:24:30 HST 2020


[***]            Summary:            [***]

  5 new Open, 30 new Pro (5 + 25).  W32/Kuping, ELF/Gafgyt,
APT/TransparentTribe, and Various Phish.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback


[+++]          Added rules:          [+++]

Open:

  2029241 - ET TROJAN APT/TransparentTribe Style Request (trojan.rules)
  2029242 - ET TROJAN APT/TransparentTribe CnC Checkin (trojan.rules)
  2029243 - ET POLICY External IP Lookup (whois .pconline .com .cn)
(policy.rules)
  2029244 - ET TROJAN Win32/PSW.QQPass.OZV Variant Checkin (trojan.rules)
  2029245 - ET TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)

Pro:

  2840333 - ETPRO TROJAN ELF/Gafgyt Variant CnC Activity (trojan.rules)
  2840334 - ETPRO TROJAN ELF/Gafgyt Variant CnC Server Response
(trojan.rules)
  2840335 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-09 1) (trojan.rules)
  2840336 - ETPRO CURRENT_EVENTS Successful Microsoft Shared Document Phish
2020-01-09 (current_events.rules)
  2840337 - ETPRO CURRENT_EVENTS Successful Microsoft Shared Document Phish
2020-01-09 (current_events.rules)
  2840338 - ETPRO CURRENT_EVENTS Successful Alibaba Phish 2020-01-09
(current_events.rules)
  2840339 - ETPRO CURRENT_EVENTS Successful Alibaba Phish 2020-01-09
(current_events.rules)
  2840340 - ETPRO CURRENT_EVENTS Successful Turkey Gov TR Phish 2020-01-09
(current_events.rules)
  2840341 - ETPRO CURRENT_EVENTS Successful Square Phish 2020-01-09
(current_events.rules)
  2840342 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2020-01-09
(current_events.rules)
  2840343 - ETPRO CURRENT_EVENTS Successful RBFCU Phish 2020-01-09
(current_events.rules)
  2840344 - ETPRO CURRENT_EVENTS Successful Latam Airlines Phish 2020-01-09
(current_events.rules)
  2840345 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
2020-01-09 (current_events.rules)
  2840346 - ETPRO CURRENT_EVENTS Successful BCP Phish 2020-01-09
(current_events.rules)
  2840347 - ETPRO CURRENT_EVENTS Successful Nubank Phish 2020-01-09
(current_events.rules)
  2840348 - ETPRO CURRENT_EVENTS Successful Discover Phish 2020-01-09
(current_events.rules)
  2840349 - ETPRO CURRENT_EVENTS Successful Discover Phish 2020-01-09
(current_events.rules)
  2840350 - ETPRO MALWARE W32/Kuping Installation (malware.rules)
  2840351 - ETPRO MALWARE W32/Kuping Commands (malware.rules)
  2840352 - ETPRO TROJAN Win32/Buptenda.A Variant CnC Checkin (trojan.rules)
  2840353 - ETPRO TROJAN Win32/Agent.AAON Variant CnC Activity
(trojan.rules)
  2840354 - ETPRO TROJAN MSIL/Injector.TWX Variant CnC Activity
(trojan.rules)
  2840355 - ETPRO MALWARE Win32/Adposhel.gen CnC Activity (malware.rules)
  2840356 - ETPRO TROJAN Clown Ranswomare Telegram Checkin (trojan.rules)
  2840357 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC)
(trojan.rules)


[///]     Modified active rules:     [///]

  2029234 - ET TROJAN Mermaid Ransomware Variant CnC Activity M1
(trojan.rules)
  2840163 - ETPRO TROJAN Win32/PredatorTheThief CnC Activity (trojan.rules)


[---]         Disabled rules:        [---]

  2029240 - ET TROJAN Win32/Filecoder.NZK Variant (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200109/58b211ca/attachment.html>


More information about the Emerging-sigs mailing list