[Emerging-Sigs] Daily Ruleset Update Summary 2020/06/03

James Emery-Callcott jcallcott at emergingthreats.net
Wed Jun 3 14:45:57 HDT 2020


[***]            Summary:            [***]

        6 new OPEN, 26 new PRO (6 + 20).  ELF/Kinsing, Ursnif, Remcos,
Others.

        Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

        2030243 - ET TROJAN Android/xDrop Ransomware CnC Checkin
(trojan.rules)
        2030244 - ET TROJAN ELF/Kinsing Payload Request M1 (trojan.rules)
        2030245 - ET TROJAN ELF/Kinsing Payload Request M2 (trojan.rules)
        2030246 - ET WEB_SERVER Generic Email Spoofing Tool Accessed on
Internal Compromised Server (web_server.rules)
        2030247 - ET WEB_CLIENT Generic Email Spoofing Tool Accessed on
External Compromised Server (web_client.rules)
        2030248 - ET POLICY Observed Potential Spyware Domain (app
.hubstaff .com) in TLS SNI (policy.rules)

Pro:

        2842842 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-03 1) (trojan.rules)
        2842843 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-03 2) (trojan.rules)
        2842844 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-06-03 (current_events.rules)
        2842845 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-06-03 (current_events.rules)
        2842846 - ETPRO TROJAN Win32/AnaFTP CnC Host Checkin (trojan.rules)
        2842847 - ETPRO TROJAN MSIL/Spy.Agent.CPT Variant CnC Host Checkin
(trojan.rules)
        2842848 - ETPRO CURRENT_EVENTS Successful Generic Phish to .ml
Domain 2020-06-03 (current_events.rules)
        2842849 - ETPRO CURRENT_EVENTS Successful Generic Byethost Phish
2020-06-03 (current_events.rules)
        2842850 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2020-06-03
(current_events.rules)
        2842851 - ETPRO MALWARE Win32/Gpcode.NAI Ransomware Variant CnC
Activity (malware.rules)
        2842852 - ETPRO TROJAN Unk/VBS Downloader Activity (trojan.rules)
        2842853 - ETPRO CURRENT_EVENTS Successful Comcast Phish 2020-06-03
(current_events.rules)
        2842854 - ETPRO TROJAN Observed MSIL/Perseus Variant CnC Domain in
TLS SNI (trojan.rules)
        2842855 - ETPRO TROJAN Observed MSIL/Perseus Variant CnC Domain in
TLS SNI (trojan.rules)
        2842856 - ETPRO TROJAN MSIL/Perseus Variant CnC Activity
(trojan.rules)
        2842857 - ETPRO TROJAN Win32/Remcos RAT Checkin 450 (trojan.rules)
        2842858 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
        2842859 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
        2842860 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
        2842861 - ETPRO TROJAN Agent Tesla Data Exfil via SMTP
(trojan.rules)

[///]     Modified active rules:     [///]

        2009475 - ET POLICY TeamViewer Dyngate User-Agent (policy.rules)
        2021944 - ET CURRENT_EVENTS Netgear Multiple Router Auth Bypass
(current_events.rules)
        2812183 - ETPRO INFO ZIP file embedded in JPG (info.rules)
        2812860 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Viser.a Checkin
(mobile_malware.rules)
        2814297 - ETPRO TROJAN Backdoor.Busadom Exfiltrated Data b64 M2
(trojan.rules)
        2814298 - ETPRO TROJAN Backdoor.Busadom Exfiltrated Data b64 M3
(trojan.rules)
        2814301 - ETPRO MOBILE_MALWARE Android.Trojan.Fjcon.K Checkin
(mobile_malware.rules)
        2814312 - ETPRO TROJAN Win32/Bancos.AMM CnC Beacon 2 (trojan.rules)
        2814316 - ETPRO TROJAN W32/Ramnnit.A Checkin 2 (trojan.rules)
        2814317 - ETPRO TROJAN W32/Zemot.A Checkin (trojan.rules)
        2814338 - ETPRO MOBILE_MALWARE Android.Trojan.HiddenApp.BT Checkin
(mobile_malware.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200604/60217194/attachment.html>


More information about the Emerging-sigs mailing list