[Emerging-Sigs] Daily Ruleset Update Summary 2020/01/17

James Emery-Callcott jcallcott at emergingthreats.net
Fri Jan 17 15:02:29 HST 2020


[***]            Summary:            [***]

  7 new Open, 38 new Pro (7 + 31).  Get2, Remcos, Various SSL/TLS, Various
Phish.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2029290 - ET TROJAN Nemty Ransomware CnC Checkin (trojan.rules)
  2029291 - ET TROJAN Observed Nemty Ransomware Payment Page (trojan.rules)
  2029292 - ET TROJAN Nemty Ransomware Payment Page ID File Upload
(trojan.rules)
  2029293 - ET TROJAN MilkyBoy CnC Activity (trojan.rules)
  2029294 - ET TROJAN MilkyBoy CnC Data Exfil (trojan.rules)
  2029295 - ET TROJAN Observed Malicious SSL Cert (AZORult CnC)
(trojan.rules)
  2029296 - ET TROJAN Observed Malicious SSL Cert (AZORult CnC)
(trojan.rules)

Pro:

  2840478 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC)
(trojan.rules)
  2840479 - ETPRO TROJAN Observed Get2 CnC Domain in TLS SNI (trojan.rules)
  2840480 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC)
(trojan.rules)
  2840481 - ETPRO TROJAN Observed Get2 CnC Domain in TLS SNI (trojan.rules)
  2840482 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC)
(trojan.rules)
  2840483 - ETPRO TROJAN Observed Get2 CnC Domain in TLS SNI (trojan.rules)
  2840484 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC)
(trojan.rules)
  2840485 - ETPRO TROJAN Observed Get2 CnC Domain in TLS SNI (trojan.rules)
  2840486 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC)
(trojan.rules)
  2840487 - ETPRO TROJAN Observed Get2 CnC Domain in TLS SNI (trojan.rules)
  2840488 - ETPRO TROJAN Observed Malicious SSL Cert (PsiXBot CnC)
(trojan.rules)
  2840492 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-17 1) (trojan.rules)
  2840493 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2020-01-17
(current_events.rules)
  2840494 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-17
(current_events.rules)
  2840495 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-17
(current_events.rules)
  2840496 - ETPRO CURRENT_EVENTS Successful Credit Mutuel FR Phish
2020-01-17 (current_events.rules)
  2840497 - ETPRO CURRENT_EVENTS Successful WhatsApp Phish 2020-01-17
(current_events.rules)
  2840498 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-17
(current_events.rules)
  2840499 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-17
(current_events.rules)
  2840500 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-17 (current_events.rules)
  2840501 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-01-17 (current_events.rules)
  2840502 - ETPRO TROJAN Win32/Remcos RAT Checkin 309 (trojan.rules)
  2840503 - ETPRO TROJAN Win32/Remcos RAT Checkin 310 (trojan.rules)
  2840504 - ETPRO TROJAN Win32/Remcos RAT Checkin 311 (trojan.rules)
  2840505 - ETPRO TROJAN Win32/Staser CnC Activity (trojan.rules)
  2840506 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2840507 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC)
(trojan.rules)
  2840508 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC)
(trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200118/e492806b/attachment.html>


More information about the Emerging-sigs mailing list