[Emerging-Sigs] Daily Ruleset Update Summary 2020/06/24

Jack Mott jmott at emergingthreats.net
Wed Jun 24 14:12:40 HDT 2020


[***]            Summary:            [***]

9 new OPEN, 26 new PRO (9 + 17). HiveRAT, Various Protocol Exploits,
Win32/Dogrobot.D, Win32/Spy.Vlogger.AA Variant, VARIOUS PHISHING.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030383 - ET TROJAN HiveRAT CnC Activity (trojan.rules)
  2030384 - ET POLICY Suspicious Terse Request for .bmp (policy.rules)
  2030385 - ET EXPLOIT Possible CVE-2020-11896/CVE-2020-11898 Fragments
inside IP-in-IP tunnel (exploit.rules)
  2030386 - ET EXPLOIT Possible CVE-2020-11897 IPv6 deprecated RH Type 0
source routing attack (exploit.rules)
  2030387 - ET EXPLOIT Possible CVE-2020-11899 Multicast out-of-bound read
(exploit.rules)
  2030388 - ET EXPLOIT Possible CVE-2020-11900 IP-in-IP tunnel Double-Free
(exploit.rules)
  2030389 - ET EXPLOIT Possible CVE-2020-11902 ICMPv4 parameter problem
with tunnel inside (exploit.rules)
  2030390 - ET EXPLOIT Possible CVE-2020-11910 anomalous ICMPv4 type 3,code
4 Path MTU Discovery (exploit.rules)
  2030391 - ET EXPLOIT Possible CVE-2020-1191 anomalous ICMPv4 Address Mask
Reply message (type 18, code 0) (exploit.rules)

Pro:

  2843173 - ETPRO TROJAN Observed Malicious SSL Cert (GRIFFON CnC)
(trojan.rules)
  2843174 - ETPRO TROJAN Win32/Dogrobot.D Checkin (trojan.rules)
  2843175 - ETPRO TROJAN Possible Unk.GradlewStealer Server Response
(trojan.rules)
  2843176 - ETPRO CURRENT_EVENTS Successful Bank of Guam Phish 2020-06-24
(current_events.rules)
  2843177 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-06-24
(current_events.rules)
  2843178 - ETPRO CURRENT_EVENTS Successful myGov Phish 2020-06-24
(current_events.rules)
  2843179 - ETPRO CURRENT_EVENTS Successful au ID Phish 2020-06-24
(current_events.rules)
  2843180 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-06-24
(current_events.rules)
  2843181 - ETPRO CURRENT_EVENTS Possible Successful Generic Res Phish
2020-06-24 (current_events.rules)
  2843182 - ETPRO CURRENT_EVENTS Possible Successful Generic Res Phish
2020-06-24 (current_events.rules)
  2843183 - ETPRO CURRENT_EVENTS Possible Successful Generic Res Phish
2020-06-24 (current_events.rules)
  2843184 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-06-24 (current_events.rules)
  2843185 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-24 1) (trojan.rules)
  2843186 - ETPRO TROJAN Win32/Spy.Vlogger.AA Variant CnC Host Checkin
(trojan.rules)
  2843187 - ETPRO TROJAN Win32/Spy.Vlogger.AA Variant CnC Activity
(trojan.rules)
  2843188 - ETPRO TROJAN Win32/Spy.Vlogger.AA Variant CnC Commands
(trojan.rules)
  2843189 - ETPRO CURRENT_EVENTS Successful MKB Bank Phish 2020-06-24
(current_events.rules)

[///]     Modified active rules:     [///]

  2010645 - ET POLICY User-Agent (Launcher) (policy.rules)
  2015898 - ET INFO Suspicious Windows NT version 1 User-Agent (info.rules)
  2017174 - ET WEB_SERVER Possible Apache Struts OGNL Command Execution
CVE-2013-2251 redirect (web_server.rules)
  2017175 - ET WEB_SERVER Possible Apache Struts OGNL Command Execution
CVE-2013-2251 redirectAction (web_server.rules)
  2017176 - ET WEB_SERVER Possible Apache Struts OGNL Command Execution
CVE-2013-2251 action (web_server.rules)
  2019165 - ET TROJAN Possible Banload Downloading Executable (trojan.rules)
  2019831 - ET TROJAN W32/Syndicasec.Backdoor CnC Beacon (trojan.rules)
  2022518 - ET EXPLOIT D-Link DCS-930L Remote Command Execution attempt
(exploit.rules)
  2022529 - ET TROJAN W32/GCman.Backdoor CnC Beacon (trojan.rules)
  2022533 - ET POLICY HotSpotShield Activity (policy.rules)
  2022541 - ET TROJAN Possible OceanLotus C2 Checkin (trojan.rules)
  2022564 - ET TROJAN Operation Blockbuster User-Agent (Mozillar)
(trojan.rules)
  2022568 - ET TROJAN Likely PadCrypt Locker PKG DL (trojan.rules)
  2022595 - ET TROJAN Dridex Base64 Executable (trojan.rules)
  2022596 - ET WEB_SERVER Possible Custom Content Type Manager WP Backdoor
Access (web_server.rules)
 2808365 - ETPRO TROJAN Worm.Win32/Ganelp.G Possible FTP USER (trojan.rules)
  2811888 - ETPRO TROJAN Python/Peppy RAT Checkin (trojan.rules)
  2812347 - ETPRO MOBILE_MALWARE Android Trojan BadMirror Checkin
(mobile_malware.rules)
  2815169 - ETPRO TROJAN Win32/Kapahyku.A Activity 1 (trojan.rules)
  2815175 - ETPRO TROJAN Ursnif Inject CnC (trojan.rules)
  2816057 - ETPRO TROJAN Win32/iSpySoft PWS Asset Download (trojan.rules)
  2816191 - ETPRO CURRENT_EVENTS USPS Phishing Landing 2016-02-10
(current_events.rules)
  2816203 - ETPRO TROJAN Win32/TrojanProxy.Agent.NZU HTTP Request to Baidu
(trojan.rules)
  2816217 - ETPRO TROJAN Loxes CnC Beacon (trojan.rules)
  2816219 - ETPRO TROJAN Loxes CnC Beacon Response (trojan.rules)
  2816233 - ETPRO TROJAN AlphaBot CnC Post (trojan.rules)
  2816285 - ETPRO CURRENT_EVENTS Successful Mailbox Update Phish 2016-02-17
M2 (current_events.rules)
  2816287 - ETPRO TROJAN Tendrit CnC Beacon 4 (trojan.rules)
  2816289 - ETPRO CURRENT_EVENTS Google Maps Phishing Landing 2016-02-17
(current_events.rules)
  2816292 - ETPRO CURRENT_EVENTS Possible Phishing Landing - Data URI
Inline Javascript 2016-02-09 (current_events.rules)
  2816297 - ETPRO TROJAN Andromeda CnC 2 (trojan.rules)
  2816312 - ETPRO TROJAN MSIL/TrojanDownloader.Small.AFQ CnC Checkin
(trojan.rules)
  2816314 - ETPRO TROJAN Win32/Agent.XRA (Robo) Downloading Module 1
(trojan.rules)
  2816315 - ETPRO TROJAN Win32/Agent.XRA (Robo) Downloading Module 2
(trojan.rules)
  2816335 - ETPRO MOBILE_MALWARE Trojan-Clicker.AndroidOS.Simpo.i Checkin
(mobile_malware.rules)
  2816339 - ETPRO CURRENT_EVENTS Magnitude EK Flash Payload Feb 19 2016
(current_events.rules)
  2816340 - ETPRO MOBILE_MALWARE Android.Trojan.SLocker.U Checkin
(mobile_malware.rules)
  2816362 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Agent.ds Checkin
(mobile_malware.rules)
  2816369 - ETPRO MOBILE_MALWARE Android.Trojan.HiddenApp.AW Checkin
(mobile_malware.rules)
  2816374 - ETPRO TROJAN Win32/CryptoLocker Variant CnC Checkin
(trojan.rules)
  2816379 - ETPRO TROJAN MBot CnC Checkin (trojan.rules)
  2816384 - ETPRO TROJAN Win32/Kaicone.B Checkin 1 (trojan.rules)
  2816385 - ETPRO TROJAN Win32/Kaicone.B Checkin 2 (trojan.rules)
  2816386 - ETPRO TROJAN Win32/Kaicone.B User Agent (trojan.rules)
  2816394 - ETPRO TROJAN Nymaim Checkin 5 (set) (trojan.rules)
  2816399 - ETPRO TROJAN MSIL/Agent.GX Variant CnC Checkin (trojan.rules)
  2816400 - ETPRO TROJAN MSIL/Agent.GX Variant CnC Beacon (trojan.rules)
  2816402 - ETPRO TROJAN Yeegram Downloader HTTP Request (trojan.rules)
  2816421 - ETPRO CURRENT_EVENTS USAA Phishing Landing 2016-02-26
(current_events.rules)
  2816432 - ETPRO TROJAN Win32/Kaicone.B Checkin 3 (trojan.rules)
  2816435 - ETPRO TROJAN ZeroHTTP Bot CnC Beacon (trojan.rules)
  2816453 - ETPRO CURRENT_EVENTS Successful Apple Phishing 2016-03-01 M3
(current_events.rules)
  2816456 - ETPRO CURRENT_EVENTS Apple Phishing Landing 2016-03-01 M2
(current_events.rules)
  2816457 - ETPRO CURRENT_EVENTS Apple Phishing Landing 2016-03-01 M3
(current_events.rules)
  2816458 - ETPRO CURRENT_EVENTS Successful Apple Phishing 2016-03-01 M5
(current_events.rules)
  2816467 - ETPRO MOBILE_MALWARE Android.Trojan.Downloader.BJ Checkin
(mobile_malware.rules)
  2816471 - ETPRO TROJAN Win32/VB.RZA Connectivity Check (trojan.rules)
  2816472 - ETPRO TROJAN 3r0rXx HTTP/DDoS Bot CnC Checkin (trojan.rules)
  2816487 - ETPRO TROJAN Ransomware MM Locker CnC Activity (trojan.rules)
  2816488 - ETPRO TROJAN Ransomware MM Locker CnC Key Exchange
(trojan.rules)
  2816502 - ETPRO TROJAN W32/SpyNet RAT Checkin (trojan.rules)
  2816520 - ETPRO TROJAN Win32/TrojanClicker.Agent.NMN Activity
(trojan.rules)
  2816522 - ETPRO TROJAN Win32/Liphyra HTTP Bot CnC Checkin (trojan.rules)
  2816539 - ETPRO TROJAN PadCrypt CnC Checkin 3 (trojan.rules)
  2816569 - ETPRO MOBILE_MALWARE Android.Trojan.HiddenApp.GP Checkin
(mobile_malware.rules)
  2816572 - ETPRO MOBILE_MALWARE Android/TrojanDownloader.Agent.FK Checkin
(mobile_malware.rules)
  2816573 - ETPRO TROJAN Win32/Spatet.E Checkin (trojan.rules)
  2816596 - ETPRO TROJAN MSIL/PSW.Agent.PQQ Activity (trojan.rules)
  2816619 - ETPRO CURRENT_EVENTS Ursnif Payload via Document Macro Mar 10
(current_events.rules)
  2816620 - ETPRO TROJAN W32/Syndicasec.Backdoor Downloader Retrieving
Payload (trojan.rules)
  2816621 - ETPRO TROJAN W32/Syndicasec.Backdoor Downloader CnC Beacon 1
(trojan.rules)
  2831862 - ETPRO CURRENT_EVENTS Possible Successful Generic Res Phish
2018-07-18 (current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200624/08a23b45/attachment.html>


More information about the Emerging-sigs mailing list