[Emerging-Sigs] Daily Ruleset Update Summary 2020/06/05

James Emery-Callcott jcallcott at emergingthreats.net
Fri Jun 5 14:47:27 HDT 2020


[***]            Summary:            [***]

        6 new OPEN, 26 new PRO (6 + 20).  Blaze/Supreme Bot, CVE-2020-9484,
Ursnif, Various Phish, Others.

        Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

        2030251 - ET TROJAN Observed DNS Query to known Avaddon Ransomware
Payment Domain (trojan.rules)
        2030252 - ET TROJAN Observed Malicious SSL Cert (Unk.Loader CnC)
(trojan.rules)
        2030253 - ET TROJAN Win32/Avaddon Ransomware Style External IP
Address Check (trojan.rules)
        2030254 - ET TROJAN Blaze/Supreme Bot Activity (trojan.rules)
        2030255 - ET TROJAN Blaze/Supreme Bot Activity M2 (trojan.rules)
        2030256 - ET EXPLOIT Attempted Directory Traversal via HTTP Cookie
(CVE-2020-9484) (exploit.rules)

Pro:

        2842885 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-05 1) (trojan.rules)
        2842886 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-05 2) (trojan.rules)
        2842887 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish
2020-06-05 (current_events.rules)
        2842888 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-06-05
(current_events.rules)
        2842889 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2020-06-05 (current_events.rules)
        2842890 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2020-06-05 (current_events.rules)
        2842891 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2020-06-05 (current_events.rules)
        2842892 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2020-06-05 (current_events.rules)
        2842893 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2020-06-05
(current_events.rules)
        2842894 - ETPRO CURRENT_EVENTS Successful Verified by Visa Phish
2020-06-05 (current_events.rules)
        2842899 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi  CnC)
(trojan.rules)
        2842900 - ETPRO WEB_SERVER Generic Webshell CnC Activity
(web_server.rules)
        2842902 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-06-05
(current_events.rules)
        2842903 - ETPRO CURRENT_EVENTS Successful Lloyd's Bank Phish
2020-06-05 (current_events.rules)
        2842904 - ETPRO GAMES League of Angels Heaven's Fury Browser Plugin
Checkin  (games.rules)
        2842905 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)

[///]     Modified active rules:     [///]

        2022016 - ET TROJAN Vawtrak/NeverQuest Posting Data 2 (trojan.rules)
        2022017 - ET CURRENT_EVENTS Successful Paypal Account Phish Oct 30
(current_events.rules)
        2022018 - ET CURRENT_EVENTS Successful Paypal Account Phish
2015-10-30 2 (current_events.rules)
        2022019 - ET CURRENT_EVENTS Successful Paypal Account Phish
2015-10-30 3 (current_events.rules)
        2804709 - ETPRO TROJAN Backdoor.IRC.ZGQ Install (trojan.rules)
        2814666 - ETPRO TROJAN Win32/Banload.WPZ Retrieving Payload
(trojan.rules)
        2814681 - ETPRO TROJAN Suspicious Terse Download Request to
Rghost.net (trojan.rules)
        2814682 - ETPRO TROJAN Suspicious Download Request to Rghost.net 1
(trojan.rules)
        2814683 - ETPRO TROJAN Suspicious Download Request to Rghost.net 2
(trojan.rules)
        2814686 - ETPRO MOBILE_MALWARE Android/DroidRooter.B Checkin
(mobile_malware.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200606/187e6997/attachment.html>


More information about the Emerging-sigs mailing list