[Emerging-Sigs] Daily Ruleset Update Summary 2020/03/06

Jack Mott jmott at emergingthreats.net
Fri Mar 6 14:02:11 HST 2020


[***]            Summary:            [***]

 3 new Open, 18 new Pro (3 + 15). Kimsuky, Backdoor.Win32.Agent.myttae,
More_eggs, Win32/Kankoshev, and VARIOUS PHISHING.

TIIF

 Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2029584 - ET TROJAN Backdoor.Win32.Agent.myttae User-Agent (trojan.rules)
  2029585 - ET TROJAN Legion Loader Activity Observed (heil_moloch)
(trojan.rules)
  2029586 - ET TROJAN Kimsuky Related Host Data Exfil (trojan.rules)

Pro:

  2841403 - ETPRO TROJAN More_eggs CnC Activity (trojan.rules)
  2841404 - ETPRO EXPLOIT Blue Angel Software Suite - Authenticated Command
Execution (exploit.rules)
  2841405 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC)
(trojan.rules)
  2841406 - ETPRO TROJAN Win32/Vidar/Arkei/Oski Variant Stealer Uploading
System Information M2 (trojan.rules)
  2841407 - ETPRO TROJAN Win32/Vidar/Arkei/Oski Variant Retrieving Payload
(trojan.rules)
  2841408 - ETPRO TROJAN Win32/Kankoshev CnC Activity (trojan.rules)
  2841409 - ETPRO TROJAN Win32/Injector.EKXA Variant CnC Activity
(trojan.rules)
  2841410 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-03-06 (current_events.rules)
  2841411 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-03-06 (current_events.rules)
  2841412 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2020-03-06
(current_events.rules)
  2841413 - ETPRO TROJAN Inbound Invoke-PowerShellTcp Observed
(trojan.rules)
  2841414 - ETPRO TROJAN Win32/Remcos RAT Checkin 359 (trojan.rules)
  2841415 - ETPRO TROJAN Win32/Remcos RAT Checkin 360 (trojan.rules)
  2841416 - ETPRO TROJAN Win32/Remcos RAT Checkin 361 (trojan.rules)

[///]     Modified active rules:     [///]

  2018095 - ET MALWARE Potentially Unwanted Application AirInstaller
(malware.rules)
  2018119 - ET TROJAN Banking Trojan HTTP Cookie (trojan.rules)
  2018247 - ET TROJAN Snake rootkit usermode-centric client request
(trojan.rules)
  2019166 - ET TROJAN Stobox Connectivity Check (trojan.rules)
  2019377 - ET TROJAN Win32/Ursnif Checkin (trojan.rules)
  2019626 - ET TROJAN Cohhoc RAT CnC Response (trojan.rules)
  2019748 - ET WEB_SERVER FOX-SRT - Backdoor - CryptoPHP Shell C2 POST
(web_server.rules)
  2020301 - ET TROJAN Dridex POST CnC Beacon 2 (trojan.rules)
  2020324 - ET POLICY Onion2Web Tor Proxy Cookie (policy.rules)
  2020369 - ET TROJAN Common Upatre URI/Headers Struct (trojan.rules)
  2020746 - ET TROJAN Win32.Chroject.B Retrieving encoded payload
(trojan.rules)
  2020898 - ET TROJAN Possible APT30 or Win32/Nuclear HTTP Framework POST
(trojan.rules)
  2021616 - ET TROJAN PSEmpire Checkin via POST (trojan.rules)
  2022008 - ET TROJAN MWI Maldoc Stats Callout Oct 28 (trojan.rules)
  2022049 - ET INFO Possible MSXMLHTTP Request (no .exe) (info.rules)
  2022281 - ET TROJAN Win32/Nivdort Posting Data 2 (trojan.rules)
  2025922 - ET TROJAN Win32/Bisonal CnC Checkin (trojan.rules)
  2826206 - ETPRO TROJAN AZORult Variant.2 Checkin (trojan.rules)
  2826232 - ETPRO TROJAN AZORult Variant.2 Checkin m2 (trojan.rules)
  2826244 - ETPRO CURRENT_EVENTS Astrum EK Landing M1 May 03 2017
(current_events.rules)
  2826245 - ETPRO CURRENT_EVENTS Astrum EK Landing M2 May 03 2017
(current_events.rules)
  2826432 - ETPRO TROJAN TR/Agent.ybjxp Backdoor Request May 17 2017
(trojan.rules)
  2826510 - ETPRO TROJAN MSIL/TrojanDownloader.Agent.DJC Reporting
Infection via FTP (trojan.rules)
  2826703 - ETPRO TROJAN BadPasta sending info via SMTP (trojan.rules)

 [---]         Disabled rules:        [---]

  2020302 - ET TROJAN Dridex Post Checkin Activity 2 (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200306/744bb3fa/attachment.html>


More information about the Emerging-sigs mailing list