[Emerging-Sigs] Daily Ruleset Update Summary 2020/06/26

Jack Mott jmott at emergingthreats.net
Fri Jun 26 13:27:03 HDT 2020


 [***]            Summary:            [***]

3 new OPEN, 33 new PRO (3 + 30). IndigoDrop/Cobalt Strike, RCtrl Backdoor
CnC, ToxicEye Stealer, Various SSL, VARIOUS PHISH.

TIIF.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030400 - ET TROJAN Possible IndigoDrop/Cobalt Strike Download
(trojan.rules)
  2030401 - ET TROJAN RCtrl Backdoor CnC Checkin M1 (trojan.rules)
  2030402 - ET POLICY COCCOC Browser (VN) Installed (policy.rules)

Pro:

  2843202 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2020-06-26)
(trojan.rules)
  2843203 - ETPRO TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
  2843204 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2020-06-26
2) (trojan.rules)
  2843205 - ETPRO TROJAN Malicious Encoded EXE Inbound (trojan.rules)
  2843206 - ETPRO TROJAN ToxicEye Stealer Checkin via Telegram
(trojan.rules)
  2843207 - ETPRO TROJAN ToxicEye Stealer Command via Telegram (starting
autostealer) (trojan.rules)
  2843208 - ETPRO TROJAN ToxicEye Stealer Command via Telegram (uploading
file) (trojan.rules)
  2843209 - ETPRO TROJAN ToxicEye Stealer Credit Card Exfil via Telegram
(trojan.rules)
  2843210 - ETPRO TROJAN ToxicEye Stealer Cookies Exfil via Telegram
(trojan.rules)
  2843211 - ETPRO TROJAN ToxicEye Stealer Passwords Exfil via Telegram
(trojan.rules)
  2843212 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC)
(trojan.rules)
  2843213 - ETPRO TROJAN MSIL/Spy.Small.EU Variant exfil (firefoxpwd)
(trojan.rules)
  2843216 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-06-26
(current_events.rules)
  2843217 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-06-26
(current_events.rules)
  2843218 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-06-26
(current_events.rules)
  2843219 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish
2020-06-26 (current_events.rules)
  2843220 - ETPRO CURRENT_EVENTS Successful China Mobile Phish 2020-06-26
(current_events.rules)
  2843221 - ETPRO CURRENT_EVENTS Successful Shaw Webmail Phish 2020-06-26
(current_events.rules)
  2843222 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2020-06-26
(current_events.rules)
  2843223 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-06-26
(current_events.rules)
  2843224 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-06-26
(current_events.rules)
  2843225 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-06-26 (current_events.rules)
  2843226 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2020-06-26
(current_events.rules)
  2843227 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-06-26
(current_events.rules)
  2843229 - ETPRO CURRENT_EVENTS Wells Fargo Phish 2020-06-26
(current_events.rules)
  2843228 - ETPRO TROJAN PawnBAT CnC Activity (getjob) (trojan.rules)
  2843230 - ETPRO TROJAN PawnBAT CnC Activity (active) (trojan.rules)
  2843201 - ETPRO TROJAN PawnBAT CnC Activity (trojan.rules)

[///]     Modified active rules:     [///]

  2821683 - ETPRO SCADA DNP3 Cold Restart (scada.rules)

[---]  Disabled and modified rules:  [---]

  2812204 - ETPRO TROJAN Nlex UDP CnC Beacon (trojan.rules)

[---]         Disabled rules:        [---]

  2812203 - ETPRO TROJAN Nlex TCP CnC Beacon (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200626/8736c427/attachment.html>


More information about the Emerging-sigs mailing list