[Emerging-Sigs] Daily Ruleset Update Summary 2020/06/16

Brandon Murphy bmurphy at emergingthreats.net
Tue Jun 16 14:13:48 HDT 2020


[***]            Summary:            [***]

4 new OPEN, 26 new PRO (4 + 22). Lemon_Duck, Win32/Corrempa, FRat, Various
Phishing

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2030343 - ET TROJAN Observed Malicious SSL Cert (OceanLotus APT CnC)
(trojan.rules)
2030344 - ET TROJAN Cobalt Strike Malleable C2 (Safebrowse Profile) POST
(trojan.rules)
2030345 - ET SCAN Zmap User-Agent (Outbound) (scan.rules)
2030346 - ET TROJAN FRat WebSockets Request M2 (trojan.rules)

Pro:

2843045 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC) (trojan.rules)
2843046 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2020-06-16
(current_events.rules)
2843047 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2020-06-16
(current_events.rules)
2843048 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2020-06-16
(current_events.rules)
2843049 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-06-16 (current_events.rules)
2843050 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-06-16 (current_events.rules)
2843051 - ETPRO TROJAN Lemon_Duck Powershell CnC Activity M7 (trojan.rules)
2843052 - ETPRO TROJAN Lemon_Duck Powershell CnC Activity M8 (trojan.rules)
2843053 - ETPRO TROJAN Lemon_Duck Powershell CnC Activity M9 (trojan.rules)
2843054 - ETPRO TROJAN Lemon_Duck Powershell CnC Activity M10 (trojan.rules)
2843055 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC)
(trojan.rules)
2843056 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2843057 - ETPRO TROJAN FRat Powershell Loader CnC Activity M1 (trojan.rules)
2843058 - ETPRO TROJAN FRat Powershell Loader CnC Activity M2 (trojan.rules)
2843059 - ETPRO TROJAN Win32/Remcos RAT Checkin 463 (trojan.rules)
2843060 - ETPRO TROJAN FRat Powershell Loader CnC Activity M3 (trojan.rules)
2843061 - ETPRO TROJAN FRat Powershell Loader CnC Activity M5 (trojan.rules)
2843062 - ETPRO CURRENT_EVENTS Successful Dr Martens Phish 2020-06-16
(current_events.rules)
2843063 - ETPRO CURRENT_EVENTS Successful Google Phish 2020-06-16
(current_events.rules)
2843064 - ETPRO TROJAN BabyShark CnC Checkin (trojan.rules)
2843065 - ETPRO TROJAN Win32/Corrempa CnC Checkin (trojan.rules)
2843066 - ETPRO POLICY Observed MultiMiner User-Agent (policy.rules)

[///]     Modified active rules:     [///]

2029054 - ET SCAN Zmap User-Agent (Inbound) (scan.rules)
2030122 - ET TROJAN Zebrocy Screenshot Upload (trojan.rules)
2030279 - ET TROJAN FRat WebSocket Request M1 (trojan.rules)

[---]         Removed rules:         [---]

2815134 - ETPRO USER_AGENTS Zmap User-Agent (zgrab) (user_agents.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200616/0dc844db/attachment-0001.html>


More information about the Emerging-sigs mailing list