[Emerging-Sigs] Daily Ruleset Update Summary 2020/06/29

Jason Taylor jastaylor at emergingthreats.net
Mon Jun 29 14:17:40 HDT 2020


[***]            Summary:            [***]

6 new OPEN, 35 new PRO (6 + 29). RezoStealer, LumOffice, LokiBot,
Win32/TMKv3, Various Phishing.

Many rules in the Suricata 5 ruleset have been updated with Suricata 5
rule syntax/keywords. A complete list of rules that were  changed can
be found via the changelog here:
https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.etpro.2020-06-29T22:58:40.txt

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2030403 - ET TROJAN RezoStealer CnC Checkin (trojan.rules)
2030404 - ET CURRENT_EVENTS Successful Lucy Server Phish (current_events.rules)
2030405 - ET CURRENT_EVENTS Successful Wombat Phishing Test
(current_events.rules)
2030406 - ET CURRENT_EVENTS T-Mobile Phishing Landing (current_events.rules)
2030407 - ET TROJAN LumOffice Checkin (trojan.rules)
2030408 - ET POLICY LumOffice Uploading Screenshot (policy.rules)

Pro:

2843231 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.PDAK-6 CnC Beacon
(mobile_malware.rules)
2843232 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC) (trojan.rules)
2843233 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC) (trojan.rules)
2843234 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-26 1) (trojan.rules)
2843235 - ETPRO CURRENT_EVENTS Successful IRS Phish 2020-06-29
(current_events.rules)
2843236 - ETPRO CURRENT_EVENTS Successful Mimecast Phish 2020-06-29
(current_events.rules)
2843237 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-06-29
(current_events.rules)
2843238 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2020-06-29
(current_events.rules)
2843239 - ETPRO CURRENT_EVENTS Successful Generic Personalized Phish
2020-06-29 (current_events.rules)
2843240 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-06-29
(current_events.rules)
2843241 - ETPRO CURRENT_EVENTS Successful e-Devlet Phish 2020-06-29
(current_events.rules)
2843242 - ETPRO CURRENT_EVENTS Successful Google Account Phish
2020-06-29 (current_events.rules)
2843243 - ETPRO CURRENT_EVENTS Successful Made in China Phish
2020-06-29 (current_events.rules)
2843244 - ETPRO CURRENT_EVENTS Successful TikTok Phish 2020-06-29
(current_events.rules)
2843245 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-06-29 (current_events.rules)
2843246 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-06-29
(current_events.rules)
2843247 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2020-06-29 (current_events.rules)
2843248 - ETPRO CURRENT_EVENTS Successful Citizens Bank Phish
2020-06-29 (current_events.rules)
2843249 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-06-29
(current_events.rules)
2843250 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2020-06-29 (current_events.rules)
2843251 - ETPRO CURRENT_EVENTS Successful All South Federal Credit
Union Phish 2020-06-29 (current_events.rules)
2843252 - ETPRO TROJAN Win32/TMKv3 CnC Checkin (trojan.rules)
2843253 - ETPRO TROJAN Win32/Agent.AAON Variant Checkin (trojan.rules)
2843254 - ETPRO TROJAN Win32/Remcos RAT Checkin 470 (trojan.rules)
2843255 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC) (trojan.rules)
2843256 - ETPRO WEB_CLIENT LokiBot Panel Accessed on Externally
Compromised Server (web_client.rules)
2843257 - ETPRO WEB_CLIENT LokiBot Panel Accessed on Internally
Compromised Server (web_client.rules)
2843258 - ETPRO CURRENT_EVENTS Microsoft Credential Landing 2020-06-29
(current_events.rules)
2843259 - ETPRO TROJAN Win32/Injector.DGXX Variant (trojan.rules)

[+++]         Enabled rules:         [+++]

2842821 - ETPRO TROJAN Java/Ratty Windows Checkin (trojan.rules)

[///]     Modified active rules:     [///]

2020936 - ET TROJAN PunkeyPOS HTTP CnC Beacon 2 (trojan.rules)
2022654 - ET TROJAN Genome User-Agent (Http Down) (trojan.rules)
2022655 - ET TROJAN IrcBot Fantasy Name Gen (trojan.rules)
2022665 - ET TROJAN Ransomware Locky CnC Beacon (trojan.rules)
2842546 - ETPRO TROJAN SamoRAT CnC Host Checkin (trojan.rules)
2842547 - ETPRO TROJAN SamoRAT CnC Activity (trojan.rules)


More information about the Emerging-sigs mailing list