[Emerging-Sigs] Daily Ruleset Update Summary 2020/01/16

James Emery-Callcott jcallcott at emergingthreats.net
Thu Jan 16 14:51:55 HST 2020


[***]            Summary:            [***]

  8 new Open, 24 new Pro (8 + 19).  MillionLoader, Group 21, Mirai, Various
Phish.

  Thanks @malwrhunterteam.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2029282 - ET TROJAN Win32/MillionLoader CnC Init Activity (trojan.rules)
  2029283 - ET TROJAN Win32/MillionLoader CnC Activity (Outbound)
(trojan.rules)
  2029284 - ET TROJAN Win32/MillionLoader CnC Activity (Inbound)
(trojan.rules)
  2029285 - ET TROJAN CrownAdPro CnC Activity M2 (trojan.rules)
  2029286 - ET TROJAN CrownAdPro CnC Activity M3 (trojan.rules)
  2029287 - ET TROJAN CrownAdPro CnC Activity M4 (trojan.rules)
  2029288 - ET TROJAN CrownAdPro CnC Activity M5 (trojan.rules)
  2029289 - ET TROJAN Group 21 CnC Domain Observed in DNS Query
(trojan.rules)

Pro:

  2840459 - ETPRO EXPLOIT Possible Spoofed TLS Certificate Inbound
(CVE-2020-0601)  (exploit.rules)
  2840460 - ETPRO TROJAN Observed Malicious SSL Cert
(Win32/Terdot.A/Zloader CnC) (trojan.rules)
  2840461 - ETPRO TROJAN Observed DNS Query to Malicious Unrecom CnC Domain
(trojan.rules)
  2840462 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-16 1) (trojan.rules)
  2840463 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-16 2) (trojan.rules)
  2840464 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2020-01-16
(current_events.rules)
  2840465 - ETPRO CURRENT_EVENTS Successful SunTrust Bank Phish 2020-01-16
(current_events.rules)
  2840466 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2020-01-16
(current_events.rules)
  2840467 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2840468 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2840469 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish 2020-01-16
(current_events.rules)
  2840470 - ETPRO CURRENT_EVENTS Successful La Banque Postale Phish
2020-01-16 (current_events.rules)
  2840471 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-16 (current_events.rules)
  2840472 - ETPRO CURRENT_EVENTS Successful Adobe PDF Cloud Phish
2020-01-16 (current_events.rules)
  2840473 - ETPRO CURRENT_EVENTS Successful Xfinity/Comcast Phish
2020-01-16 (current_events.rules)
  2840474 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-16 (current_events.rules)
  2840475 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2840476 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2840477 - ETPRO MALWARE Group 21 Payload CnC Checkin (malware.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200117/548de708/attachment.html>


More information about the Emerging-sigs mailing list