[Emerging-Sigs] [Etpro-sigs] Daily Ruleset Update Summary 2019/01/13

James Emery-Callcott jcallcott at emergingthreats.net
Tue Jan 14 07:37:02 HST 2020


The year is definitely still 2019.

But no this was human error on my part, good spot.  Changed my template.

On Tue, Jan 14, 2020 at 5:03 PM Duane Howard <duaneh at google.com> wrote:

> Heads up that, if you're using a template to generate thes summaries it
> still seems to think that the year is 2019.
>
> On Mon, Jan 13, 2020 at 5:50 PM James Emery-Callcott <
> jcallcott at emergingthreats.net> wrote:
>
>> [***]            Summary:            [***]
>>
>>   14 new Open, 40 new Pro (14 + 26).  PowerTrick, Parallax, Remcos,
>> Various Phish, Others.
>>
>>   Please share issues, feedback, and requests at
>> https://feedback.emergingthreats.net/feedback
>>
>> [+++]          Added rules:          [+++]
>>
>> Open:
>>
>>   2029256 - ET PHISHING Observed Malicious SSL Cert (Office365 Phish
>> Landing Page 2020-01-09) (phishing.rules)
>>   2029257 - ET INFO Observed Lets Encrypt Certificate for Suspicious TLD
>> (.top) (info.rules)
>>   2029258 - ET POLICY GG Url Shortener Observed in DNS Query
>> (policy.rules)
>>   2029259 - ET MALWARE PowerTrick Task Request (malware.rules)
>>   2029260 - ET MALWARE PowerTrick Task Checkin M1 (malware.rules)
>>   2029261 - ET MALWARE PowerTrick Task Checkin M2 (malware.rules)
>>   2029262 - ET MALWARE PowerTrick Task Answer (malware.rules)
>>   2029263 - ET MALWARE PowerTrick Known Key 1 (malware.rules)
>>   2029264 - ET MALWARE PowerTrick Known Key 2 (malware.rules)
>>   2029265 - ET MALWARE PowerTrick download ver1 bot (malware.rules)
>>   2029266 - ET MALWARE PowerTrick download ver2 bot (malware.rules)
>>   2029267 - ET MALWARE PowerTrick download bot known key (malware.rules)
>>   2029268 - ET WEB_CLIENT Observed DNS Query to Malicious Cookie Monster
>> Roulette JS Cookie Stealer Exfil Domain (web_client.rules)
>>   2029269 - ET MALWARE Satan Ransomware CnC Activity (malware.rules)
>>
>> Pro:
>>
>>   2840392 - ETPRO MALWARE Unk.Stealer Checkin via Telegram (malware.rules)
>>   2840393 - ETPRO MALWARE Observed Malicious SSL Cert (Get2 Downloader)
>> (malware.rules)
>>   2840394 - ETPRO PHISHING Successful Wells Fargo Phish 2020-01-13
>> (phishing.rules)
>>   2840395 - ETPRO PHISHING Successful OneDrive Phish 2020-01-13
>> (phishing.rules)
>>   2840396 - ETPRO PHISHING Successful Excel Online Phish 2020-01-13
>> (phishing.rules)
>>   2840397 - ETPRO PHISHING Successful Office 365 Phish 2020-01-13
>> (phishing.rules)
>>   2840398 - ETPRO PHISHING Successful Bank of America Phish 2020-01-13
>> (phishing.rules)
>>   2840399 - ETPRO PHISHING Successful DHL Phish 2020-01-13
>> (phishing.rules)
>>   2840400 - ETPRO PHISHING Successful Generic Email Deactivation Phish
>> 2020-01-13 (phishing.rules)
>>   2840401 - ETPRO PHISHING Successful Maersk Shipping Documents Phish
>> 2020-01-13 (phishing.rules)
>>   2840402 - ETPRO PHISHING Successful Scotiabank Phish 2020-01-13
>> (phishing.rules)
>>   2840403 - ETPRO PHISHING Successful Nubank Phish 2020-01-13
>> (phishing.rules)
>>   2840404 - ETPRO MALWARE Swordflare Botvote CnC Checkin (malware.rules)
>>   2840405 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
>> (2020-01-11 1) (coinminer.rules)
>>   2840406 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
>> (2020-01-11 2) (coinminer.rules)
>>   2840407 - ETPRO MALWARE Observed Malicious SSL Cert (PredatorTheThief
>> CnC) (malware.rules)
>>   2840408 - ETPRO POLICY Observed SSL Cert (Pastecode) (policy.rules)
>>   2840409 - ETPRO MALWARE Win32/CQueStealer CnC Checkin (malware.rules)
>>   2840410 - ETPRO MALWARE Observed Malicious SSL Cert (CQueStealer CnC)
>> (malware.rules)
>>   2840411 - ETPRO MALWARE Observed Malicious SSL Cert (ServHelper CnC)
>> (malware.rules)
>>   2840412 - ETPRO MALWARE Parallax CnC Activity M5 (set) (malware.rules)
>>   2840413 - ETPRO MALWARE Parallax CnC Response Activity M5
>> (malware.rules)
>>   2840414 - ETPRO MALWARE Win32/Remcos RAT Checkin 305 (malware.rules)
>>   2840415 - ETPRO MALWARE Win32/Remcos RAT Checkin 306 (malware.rules)
>>   2840416 - ETPRO MALWARE Win32/Remcos RAT Checkin 307 (malware.rules)
>>   2840417 - ETPRO MALWARE Observed Malicious SSL Cert (AZORult CnC)
>> 2020-01-13 (malware.rules)
>>
>> [///]     Modified active rules:     [///]
>>
>>   2029189 - ET MALWARE OilRig APT PowDesk Powershell Check (malware.rules)
>>   2840356 - ETPRO MALWARE Clown Ransomware Telegram Checkin
>> (malware.rules)
>>
>> ---------------------------------------
>>
>> James Emery-Callcott
>> Security Researcher | ProofPoint Inc | Emerging Threats Team
>>
>>
>> _______________________________________________
>> Etpro-sigs mailing list
>> Etpro-sigs at lists.emergingthreats.net
>> https://lists.emergingthreats.net/mailman/listinfo/etpro-sigs
>>
>

-- 
---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200114/2ad0cf9f/attachment-0001.html>


More information about the Emerging-sigs mailing list