[Emerging-Sigs] Daily Ruleset Update Summary 2020/01/30

Jack Mott jmott at emergingthreats.net
Thu Jan 30 14:54:10 HST 2020


[***]            Summary:            [***]

  1 new Open, 47 new Pro (1 + 46). Trojan.Win32.FlyStudio.u, Evil Keitaro
Set-Cookie,  More_eggs CnC, Various Phish, Win32/Remcos, Razcrypter.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

 [+++]          Added rules:          [+++]

Open:

  2029340 - ET INFO TLS Handshake Failure (info.rules)

Pro:

  2804556 - ETPRO MALWARE Trojan.Win32.FlyStudio.u Checkin (malware.rules)
  2807360 - ETPRO MALWARE FlyStudio.F Checkin (malware.rules)
  2807972 - ETPRO MALWARE Win32/FlyStudio Activity (malware.rules)
  2816626 - ETPRO MALWARE Win32/FlyStudio Activity 2 (malware.rules)
  2832018 - ETPRO MALWARE Win32/FlyStudio/Agent.EW Variant CnC Checkin
(malware.rules)
  2840741 - ETPRO WEB_CLIENT Evil Keitaro Set-Cookie Inbound (0df9c)
(web_client.rules)
  2840742 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc Dl 2020-01-30)
(trojan.rules)
  2840743 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC)
(trojan.rules)
  2840744 - ETPRO TROJAN Observed More_eggs CnC Domain in TLS SNI
(trojan.rules)
  2840745 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-30 1) (trojan.rules)
  2840746 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-30 2) (trojan.rules)
  2840747 - ETPRO WEB_CLIENT Evil Keitaro Set-Cookie Inbound (7d75f)
(web_client.rules)
  2840749 - ETPRO POLICY SSL/TLS Certificate Observed for Paste Site
(Rentry .co) (policy.rules)
  2840750 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2020-01-30 (current_events.rules)
  2840751 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-01-30 (current_events.rules)
  2840752 - ETPRO CURRENT_EVENTS Successful PNC Phish 2020-01-30
(current_events.rules)
  2840753 - ETPRO CURRENT_EVENTS Successful Postbank Phish 2020-01-30
(current_events.rules)
  2840754 - ETPRO CURRENT_EVENTS Terse POST to Wordpress Folder - Probable
Successful Phishing M7 (current_events.rules)
  2840755 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-01-30
(current_events.rules)
  2840756 - ETPRO CURRENT_EVENTS Successful Stripe Phish 2020-01-30
(current_events.rules)
  2840757 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-01-30
(current_events.rules)
  2840758 - ETPRO CURRENT_EVENTS Successful Generic Workspace Phish
2020-01-30 (current_events.rules)
  2840759 - ETPRO CURRENT_EVENTS Successful America First Credit Union
Phish 2020-01-30 (current_events.rules)
  2840760 - ETPRO CURRENT_EVENTS Successful America First Credit Union
Phish 2020-01-30 (current_events.rules)
  2840761 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-01-30 (current_events.rules)
  2840762 - ETPRO CURRENT_EVENTS Successful Nexi Phish 2020-01-30
(current_events.rules)
  2840763 - ETPRO CURRENT_EVENTS Successful Nexi Phish 2020-01-30
(current_events.rules)
  2840764 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-30 (current_events.rules)
  2840765 - ETPRO MALWARE Win32/FlyStudio Variant CnC (malware.rules)
  2840766 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-30 (current_events.rules)
  2840767 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-30 (current_events.rules)
  2840768 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-30 (current_events.rules)
  2840769 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-30 (current_events.rules)
  2840770 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-30 (current_events.rules)
  2840771 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-30 (current_events.rules)
  2840772 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-30 (current_events.rules)
  2840773 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-30 (current_events.rules)
  2840774 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-30 (current_events.rules)
  2840775 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-30 (current_events.rules)
  2840776 - ETPRO TROJAN Razcrypter Activity (trojan.rules)
  2840779 - ETPRO TROJAN Win32/Remcos RAT Checkin 323 (trojan.rules)
  2840780 - ETPRO TROJAN Win32/Remcos RAT Checkin 324 (trojan.rules)
  2840781 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC)
(trojan.rules)
  2840782 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)

 [///]     Modified active rules:     [///]

  2018197 - ET MALWARE Win32.AdWare.iBryte.C Install  (malware.rules)
  2808137 - ETPRO MALWARE Spyware PirritSuggestor.A (malware.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200130/4b2a1a9e/attachment.html>


More information about the Emerging-sigs mailing list