[Emerging-Sigs] Daily Ruleset Update Summary 2020/01/23

Jason Williams jwilliams at emergingthreats.net
Thu Jan 23 14:26:00 HST 2020


[***]            Summary:            [***]

  11 new Open, 44 new Pro (11 + 33). BrushaLoader, Muhstik, Lokorrito,
DiscordHaxx, Various Phishing.

  Thanks @benkow_

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

 [+++]          Added rules:          [+++]

 Open:

  2022246 - ET TROJAN PPI User-Agent (InstallCapital) (trojan.rules)
  2029310 - ET TROJAN Gamaredon CnC Observed in DNS Query (trojan.rules)
  2029311 - ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
  2029312 - ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
  2029313 - ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
  2029314 - ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
  2029315 - ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
  2029316 - ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
  2029317 - ET SCAN Tomato Router Default Credentials (admin:admin)
(scan.rules)
  2029318 - ET SCAN Tomato Router Default Credentials (root:admin)
(scan.rules)
  2029319 - ET TROJAN ELF/Muhstik - IRC CnC Checkin (trojan.rules)

 Pro:

  2840586 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-22 1) (trojan.rules)
  2840587 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-22 2) (trojan.rules)
  2840588 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-22 3) (trojan.rules)
  2840589 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-22 4) (trojan.rules)
  2840590 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-22 6) (trojan.rules)
  2840591 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-22 7) (trojan.rules)
  2840592 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-22 8) (trojan.rules)
  2840593 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-23 1) (trojan.rules)
  2840594 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-23 2) (trojan.rules)
  2840595 - ETPRO TROJAN Win32/Inject.NJJ Variant Host Checkin
(trojan.rules)
  2840596 - ETPRO CURRENT_EVENTS Successful Unicredit Phish 2020-01-23
(current_events.rules)
  2840597 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-23 (current_events.rules)
  2840598 - ETPRO CURRENT_EVENTS Successful Fifth Third Bank Phish
2020-01-23 (current_events.rules)
  2840599 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-01-23 (current_events.rules)
  2840600 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-01-23
(current_events.rules)
  2840601 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-23
(current_events.rules)
  2840602 - ETPRO TROJAN Win32/F1L3F0lD Variant Host Checkin (trojan.rules)
  2840603 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-23 (current_events.rules)
  2840604 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-23 (current_events.rules)
  2840605 - ETPRO CURRENT_EVENTS Successful Halifax Phish 2020-01-23
(current_events.rules)
  2840606 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-01-23 (current_events.rules)
  2840607 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-01-23 (current_events.rules)
  2840608 - ETPRO CURRENT_EVENTS Successful Indeed Phish 2020-01-23
(current_events.rules)
  2840609 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-23 (current_events.rules)
  2840610 - ETPRO TROJAN Win32/Lokorrito CnC Successful Checkin
(trojan.rules)
  2840611 - ETPRO TROJAN Win32/Lokorrito CnC PING - set (trojan.rules)
  2840612 - ETPRO TROJAN MSIL/MythBot Registering New Bot with CnC
(trojan.rules)
  2840613 - ETPRO TROJAN MSIL/MythBot Updating IRC Status (trojan.rules)
  2840614 - ETPRO TROJAN MSIL/MythBot Requesting Tasks from CnC
(trojan.rules)
  2840615 - ETPRO INFO Suspicious JScript Browser Downgrade M3 (info.rules)
  2840616 - ETPRO TROJAN DiscordHaxx Token Exfil Attempt via Webhook
(trojan.rules)
  2840617 - ETPRO TROJAN Win32/Remcos RAT Checkin 315 (trojan.rules)
  2840618 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC)
(trojan.rules)

 [---]         Removed rules:         [---]

  2022246 - ET MALWARE PPI User-Agent (InstallCapital) (malware.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200123/d2def263/attachment.html>


More information about the Emerging-sigs mailing list