[Emerging-Sigs] Daily Ruleset Update Summary 2020/03/10

James Emery-Callcott jcallcott at emergingthreats.net
Tue Mar 10 15:52:10 HDT 2020


[***]            Summary:            [***]

  4 new Open, 20 new Pro (4 + 16).  CVE-2020-0796, Win32/DiamondFox
Variant, Various SSL/TLS, Various Phish, Others.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2029602 - ET TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
  2029603 - ET TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
  2029604 - ET TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
  2029605 - ET TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)

Pro:

  2841440 - ETPRO TROJAN Win32/DiamondFox Variant CnC Checkin (trojan.rules)
  2841441 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-10 1) (trojan.rules)
  2841442 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-10 2) (trojan.rules)
  2841443 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-10 3) (trojan.rules)
  2841444 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-10 4) (trojan.rules)
  2841445 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-10 5) (trojan.rules)
  2841446 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-10 6) (trojan.rules)
  2841447 - ETPRO CURRENT_EVENTS Successful Xiaomi Cloud Phish 2020-03-10
(current_events.rules)
  2841448 - ETPRO CURRENT_EVENTS Successful Virgin Mobile Account Phish
2020-03-10 (current_events.rules)
  2841449 - ETPRO CURRENT_EVENTS Successful Comcast/Xfinity Phish
2020-03-10 (current_events.rules)
  2841450 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-03-10 (current_events.rules)
  2841451 - ETPRO CURRENT_EVENTS Successful Generic Webapp Phish 2020-03-10
(current_events.rules)
  2841452 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2020-03-10
(current_events.rules)
  2841453 - ETPRO EXPLOIT Possible SMBv3 Exploitation Attempt
(CVE-2020-0796) (exploit.rules)
  2841454 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC)
(trojan.rules)
  2841455 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC)
(trojan.rules)

[///]     Modified active rules:     [///]

  2015471 - ET WEB_SPECIFIC_APPS joomla com_edir controller parameter Local
File Inclusion vulnerability (web_specific_apps.rules)
  2029594 - ET TROJAN Observed Malicious SSL Cert (MonetizUs/LNKR)
(trojan.rules)
  2029595 - ET TROJAN Observed Malicious SSL Cert (MonetizUs/LNKR)
(trojan.rules)
  2826327 - ETPRO TROJAN W32/Emotet Empty CnC Beacon (trojan.rules)
  2826342 - ETPRO TROJAN MSIL/Agent.AUK CnC Checkin (trojan.rules)
  2826362 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 6
(mobile_malware.rules)
  2826431 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ay SMS Exfil
3 (mobile_malware.rules)
  2826455 - ETPRO MOBILE_MALWARE Android/Agent.AKX Checkin
(mobile_malware.rules)
  2826461 - ETPRO TROJAN MSIL/ClipBanker.BX CnC Checkin (trojan.rules)
  2826479 - ETPRO MOBILE_MALWARE Android.Trojan.Agent.GE Checkin
(mobile_malware.rules)
  2826484 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.hh SMS Exfil
(mobile_malware.rules)
  2826505 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 7
(mobile_malware.rules)
  2826506 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 8
(mobile_malware.rules)
  2826511 - ETPRO MOBILE_MALWARE Unknown Android Loader CnC Beacon
(mobile_malware.rules)
  2826515 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.PP CnC Beacon
(mobile_malware.rules)
  2826529 - ETPRO MOBILE_MALWARE Android/Agent.LK CnC Beacon 2
(mobile_malware.rules)
  2826562 - ETPRO TROJAN Hidden-Tear Ransomware Variant CnC Checkin
(trojan.rules)
  2826598 - ETPRO TROJAN ROKRAT Checkin (trojan.rules)
  2826599 - ETPRO TROJAN ROKRAT Checkin 2 (trojan.rules)

[---]         Removed rules:         [---]

  2029592 - ET INFO MonetizeUs Outbound Activity Observed M1 (info.rules)
  2029593 - ET INFO MonetizeUs Outbound Activity Observed M2 (info.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200311/b72fe5d1/attachment.html>


More information about the Emerging-sigs mailing list