[Emerging-Sigs] Daily Ruleset Update Summary 2020/01/29

Jack Mott jmott at emergingthreats.net
Wed Jan 29 14:32:38 HST 2020


[***]            Summary:            [***]

  15 new Open, 30 new Pro (15 + 15). Diezen/Sakabota DNS, Various Mimikatz
via SMB/HTTP, Various Phish, Win32/Remcos.

Tks: Kevin Ross

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

 [+++]          Added rules:          [+++]

 Open:

  2029325 - ET TROJAN Observed Unk.PowerShell Loader CnC Domain in TLS SNI
(trojan.rules)
  2029326 - ET TROJAN Diezen/Sakabota CnC Domain Observed in DNS Query
(trojan.rules)
  2029327 - ET TROJAN Diezen/Sakabota CnC Domain Observed in DNS Query
(trojan.rules)
  2029328 - ET TROJAN Hisoka CnC Domain Observed in DNS Query (trojan.rules)
  2029329 - ET WEB_CLIENT Possible Embedded NTLM Hash Theft Code
(web_client.rules)
  2029330 - ET TROJAN Mimikatz x86 Executable Transfer Over SMB
(trojan.rules)
  2029331 - ET TROJAN Mimikatz x64 Executable Transfer Over SMB
(trojan.rules)
  2029332 - ET TROJAN Mimikatz x86 Mimidrv.sys File Transfer Over SMB
(trojan.rules)
  2029333 - ET TROJAN Mimikatz x64 Mimidrv.sys File Transfer Over SMB
(trojan.rules)
  2029334 - ET TROJAN Mimikatz x86 Executable Download Over HTTP
(trojan.rules)
  2029335 - ET TROJAN Mimikatz x64 Executable Download Over HTTP
(trojan.rules)
  2029336 - ET TROJAN Mimikatz x86 Mimidrv.sys Download Over HTTP
(trojan.rules)
  2029337 - ET TROJAN Mimikatz x64 Mimidrv.sys Download Over HTTP
(trojan.rules)
  2029338 - ET CURRENT_EVENTS Successful Generic Phish 2020-01-29 (set)
(current_events.rules)
  2029339 - ET INFO Powershell Downloader with Start-Process Inbound M1
(info.rules)

 Pro:

  2840727 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-29 1) (trojan.rules)
  2840728 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-29 2) (trojan.rules)
  2840729 - ETPRO CURRENT_EVENTS Successful Bancolombia Phish 2020-01-29
(current_events.rules)
  2840730 - ETPRO CURRENT_EVENTS Successful Mi Oficina Phish 2020-01-29
(current_events.rules)
  2840731 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-29 (current_events.rules)
  2840732 - ETPRO CURRENT_EVENTS Successful Godaddy Webmail Phish
2020-01-29 (current_events.rules)
  2840733 - ETPRO CURRENT_EVENTS Successful Generic View Attachment Phish
2020-01-29 (current_events.rules)
  2840734 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-01-29 (current_events.rules)
  2840735 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-01-29
(current_events.rules)
  2840736 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-01-29
(current_events.rules)
  2840737 - ETPRO CURRENT_EVENTS Successful Microsoft Outlook Web App Phish
2020-01-29 (current_events.rules)
  2840738 - ETPRO TROJAN Win32/Remcos RAT Checkin 322 (trojan.rules)
  2840739 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC)
(trojan.rules)
  2840740 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC)
(trojan.rules)

 [///]     Modified active rules:     [///]

  2820695 - ETPRO CURRENT_EVENTS Terse POST to Wordpress Folder - Probable
Successful Phishing M2 (current_events.rules)
  2823399 - ETPRO CURRENT_EVENTS Terse POST to Wordpress Folder - Probable
Successful Phishing M4 (current_events.rules)
  2838753 - ETPRO TROJAN Win32/Koadic CnC Checkin (trojan.rules)
  2840392 - ETPRO TROJAN ProstoClipper Checkin via Telegram (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200129/c89b2b4d/attachment.html>


More information about the Emerging-sigs mailing list