[Emerging-Sigs] Daily Ruleset Update Summary 2020/01/24

Jason Williams jwilliams at emergingthreats.net
Fri Jan 24 14:13:49 HST 2020


[***]            Summary:            [***]

  2 new Open, 38 new Pro (2 + 36). Mermaid Ransomware, Fpox, Mirai
Variants, Various Phishing.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

 [+++]          Added rules:          [+++]

 Open:

  2029320 - ET TROJAN Mermaid Ransomware Variant CnC Activity M2
(trojan.rules)
  2029321 - ET TROJAN Mermaid Ransomware Variant CnC Activity M3
(trojan.rules)

 Pro:

  2840619 - ETPRO TROJAN Win32/Fpox Data Exfil (trojan.rules)
  2840620 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2020-01-24)
(trojan.rules)
  2840621 - ETPRO MALWARE Observed Malicious SSL Cert (MalDoc DL 2020-01-24
2) (malware.rules)
  2840622 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST
Request (Chrome_Default_Cookies) (trojan.rules)
  2840623 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST
Request (Chrome_Default_Autocomplete) (trojan.rules)
  2840624 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST
Request (Chrome_Default_Cookies) (trojan.rules)
  2840625 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST
Request (Chrome_Default_Credit_Cards) (trojan.rules)
  2840626 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST
Request (Chrome_Default_History) (trojan.rules)
  2840628 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-24 1) (trojan.rules)
  2840629 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-24 2) (trojan.rules)
  2840630 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-01-24
(current_events.rules)
  2840631 - ETPRO CURRENT_EVENTS Successful Nubank Phish 2020-01-24
(current_events.rules)
  2840632 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-24
(current_events.rules)
  2840633 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-24
(current_events.rules)
  2840634 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-01-24
(current_events.rules)
  2840635 - ETPRO CURRENT_EVENTS Successful Comcast/Xfinity Phish
2020-01-24 (current_events.rules)
  2840636 - ETPRO CURRENT_EVENTS Successful Comcast/Xfinity Phish
2020-01-24 (current_events.rules)
  2840637 - ETPRO CURRENT_EVENTS Successful Spark NZ Phish 2020-01-24
(current_events.rules)
  2840638 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-24
(current_events.rules)
  2840639 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-24
(current_events.rules)
  2840640 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-24
(current_events.rules)
  2840641 - ETPRO CURRENT_EVENTS Successful Santander Phish 2020-01-24
(current_events.rules)
  2840642 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2020-01-24
(current_events.rules)
  2840643 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2020-01-24
(current_events.rules)
  2840644 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-24 (current_events.rules)
  2840645 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-24 (current_events.rules)
  2840646 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-24 (current_events.rules)
  2840647 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-24 (current_events.rules)
  2840648 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-24 (current_events.rules)
  2840649 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-24 (current_events.rules)
  2840650 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-24 (current_events.rules)
  2840651 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2840652 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2840653 - ETPRO TROJAN Win32/TrojanDownloader.Chindo Variant CnC Activity
(trojan.rules)
  2840654 - ETPRO TROJAN Win32/Remcos RAT Checkin 316 (trojan.rules)
  2840655 - ETPRO TROJAN Discord Token Grabber Exfil Attempt (trojan.rules)

 [///]     Modified active rules:     [///]

  2029234 - ET TROJAN Mermaid Ransomware Variant CnC Activity M1
(trojan.rules)
  2839927 - ETPRO TROJAN Banload Variant Checkin (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200124/e0efa2d1/attachment.html>


More information about the Emerging-sigs mailing list