[Emerging-Sigs] Daily Ruleset Update Summary 2020/03/16

Jason Williams jwilliams at emergingthreats.net
Mon Mar 16 14:10:00 HDT 2020


[***]            Summary:            [***]

  2 new Open, 22 new Pro (2 + 22). Azorult, Mirai, Remcos, Various Phish,
Various rule updates and metadata reference fixes.

  Tks @James_inthe_box

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

 Open:

  2029637 - ET TROJAN HTTPTool User-Agent (trojan.rules)
  2029638 - ET POLICY DNS Query to DynDNS *.dyn-ip24 .de Domain
(policy.rules)

 Pro:

  2841512 - ETPRO TROJAN ELF/Various Mirai/Gafygt Infected Device Checkin
(trojan.rules)
  2841514 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-14 1) (trojan.rules)
  2841515 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2020-03-16
(current_events.rules)
  2841516 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-14 2) (trojan.rules)
  2841517 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2020-03-16
(current_events.rules)
  2841518 - ETPRO CURRENT_EVENTS Successful AOL Phish 2020-03-16
(current_events.rules)
  2841519 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-03-16
(current_events.rules)
  2841520 - ETPRO CURRENT_EVENTS Successful Comcast/Xfinity Phish
2020-03-16 (current_events.rules)
  2841521 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-03-16 (current_events.rules)
  2841522 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-03-16 (current_events.rules)
  2841523 - ETPRO CURRENT_EVENTS Successful CapitalOne Phish 2020-03-16
(current_events.rules)
  2841524 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-03-16 (current_events.rules)
  2841525 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-03-16 (current_events.rules)
  2841526 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-03-16 (current_events.rules)
  2841527 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
  2841528 - ETPRO TROJAN MSIL/Agent.TQA CnC Checkin (trojan.rules)
  2841529 - ETPRO TROJAN Win32/Remcos RAT Checkin 366 (trojan.rules)
  2841530 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC)
2020-03-16 (trojan.rules)
  2841531 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC)
(trojan.rules)
  2841532 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)

 [///]     Modified active rules:     [///]

  2018512 - ET MALWARE Adware.MultiInstaller (malware.rules)
  2018530 - ET TROJAN Win32.Trojan.Agent.U3D7V0 Checkin (trojan.rules)
  2019779 - ET MALWARE PUP Win32/ELEX Checkin (malware.rules)
  2021118 - ET TROJAN SPEAR CnC Beacon (trojan.rules)
  2021119 - ET TROJAN SPEAR CnC Beacon 2 (trojan.rules)
  2021983 - ET POLICY Possible ethereum traffic (policy.rules)
  2023081 - ET TROJAN Curso Banker.BR Checkin (trojan.rules)
  2023424 - ET TROJAN SA Banker Checkin (trojan.rules)
  2024425 - ET TROJAN OSX OceanLotus Checkin (trojan.rules)
  2025145 - ET TROJAN Win32/Backdoor.Randrew.A CnC Checkin (trojan.rules)
  2026851 - ET TROJAN TeamBot CnC Activity (trojan.rules)
  2800860 - ETPRO WEB_SPECIFIC_APPS FreePBX Recording Interface Directory
Traversal (web_specific_apps.rules)
  2800962 - ETPRO WEB_SPECIFIC_APPS Symantec IM Manager
IMAdminScheduleReport.asp SQL Injection via email parameter
(web_specific_apps.rules)
  2801946 - ETPRO WEB_SPECIFIC_APPS Majordomo Directory Traversal Attempt
(web_specific_apps.rules)
  2803269 - ETPRO TROJAN Dynamer.dtc/Keylog.km0/Uaneskeylogger.pl Keylogger
User-Agent Oddity (trojan.rules)
  2805862 - ETPRO MOBILE_MALWARE Android/Adware.Uapush.A Checkin
(mobile_malware.rules)
  2807232 - ETPRO TROJAN Trojan.Agent.29683 PDF Checkin (trojan.rules)
  2807321 - ETPRO TROJAN Trojan-Dropper.MSIL.Agent.akze Checkin
(trojan.rules)
  2807636 - ETPRO TROJAN Trojan-Banker.Win32.Agent.ree Checkin
(trojan.rules)
  2807881 - ETPRO TROJAN TrojanDownloader Win32/Waledac.C .exe download 2
(trojan.rules)
  2808010 - ETPRO MALWARE Win32.Boaxxe.BL windowsupdate connectivity check
(malware.rules)
  2808169 - ETPRO TROJAN Connectivity Check/Trojan-Downloader.Win32.Genome
(trojan.rules)
  2808186 - ETPRO TROJAN suspicious User-Agent and Request on Unusual Port
Win32/Jeefo.A (trojan.rules)
  2808187 - ETPRO MALWARE .exe and suspicious User-Agent Win32/FakeVimes
(malware.rules)
  2808188 - ETPRO TROJAN Win32/Kotan suspicious User-Agent .exe
(trojan.rules)
  2808195 - ETPRO TROJAN Strictor (trojan.rules)
  2808197 - ETPRO TROJAN Suspicious User-Agent Win32/Mosucker (trojan.rules)
  2808215 - ETPRO MOBILE_MALWARE Andr/SMSReg (mobile_malware.rules)
  2808274 - ETPRO TROJAN Win32/Delf.W Checkin (trojan.rules)
  2808317 - ETPRO MALWARE Adware.StartPage.AUB (malware.rules)
  2808320 - ETPRO TROJAN Win32/Expone.A Uploading information FTP
(trojan.rules)
  2808853 - ETPRO TROJAN W32/Banker.GAJ!tr Checkin via SMTP (trojan.rules)
  2809334 - ETPRO TROJAN VBS/Cechip.A SSH Banner Checkin (trojan.rules)
  2811171 - ETPRO TROJAN Backdoor.Win32.Agent.dbtl Response (trojan.rules)
  2812787 - ETPRO TROJAN Downloader Agent.wsjbj Checkin 2 (trojan.rules)
  2814087 - ETPRO POLICY RealThinClient Outbound Communication
(policy.rules)
  2814503 - ETPRO TROJAN Observed Known Malicious Ethereum Traffic
(trojan.rules)
  2814746 - ETPRO MOBILE_MALWARE Android.Trojan.AutoSMS.IP Checkin
(mobile_malware.rules)
  2820172 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.jl Checkin
(mobile_malware.rules)
  2821410 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.ue SMS Exfil
(mobile_malware.rules)
  2824651 - ETPRO MOBILE_MALWARE SpyNote RAT Checkin (mobile_malware.rules)
  2824652 - ETPRO MOBILE_MALWARE SpyNote RAT Server Response
(mobile_malware.rules)
  2825337 - ETPRO TROJAN Vortex Ransomware CnC Checkin (trojan.rules)
  2825798 - ETPRO TROJAN KASPERAGENT CnC Request (trojan.rules)
  2826994 - ETPRO MOBILE_MALWARE Android/Rootnik.BV Checkin
(mobile_malware.rules)
  2827008 - ETPRO TROJAN MSIL/TeleBot.Backdoor Beacon To CnC (trojan.rules)
  2827066 - ETPRO MOBILE_MALWARE Trojan.Android.Agent.edqmtx CnC Beacon
(mobile_malware.rules)
  2827067 - ETPRO MOBILE_MALWARE Trojan.Android.Agent.edqmtx CnC Beacon 2
(mobile_malware.rules)
  2827105 - ETPRO TROJAN JS/HTA Downloader Behavior M1 (trojan.rules)
  2827106 - ETPRO TROJAN JS/HTA Downloader Behavior M2 (trojan.rules)
  2827111 - ETPRO MOBILE_MALWARE Android/DoubleLocker.A CnC Beacon
(mobile_malware.rules)
  2827112 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.JX Download
(mobile_malware.rules)
  2827116 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.BCS Checkin
(mobile_malware.rules)
  2827132 - ETPRO TROJAN MSIL/SkyNet CnC Activity (trojan.rules)
  2827140 - ETPRO MOBILE_MALWARE Android/Monitor.OwnSpy.B CnC Beacon
(mobile_malware.rules)
  2827144 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK (Known Evil
Keitaro TDS) Jul 14 2017 (current_events.rules)
  2827911 - ETPRO TROJAN MSIL/Unk.CoinMiner CnC Activity (trojan.rules)
  2830811 - ETPRO TROJAN Possible Qbot SSL Cert (trojan.rules)
  2831769 - ETPRO TROJAN Possible Shrug Ransomware Checkin (trojan.rules)
  2831998 - ETPRO TROJAN Possible Jenxcus Variant Exfiltrating via
User-Agent (trojan.rules)
  2832198 - ETPRO MOBILE_MALWARE DonotGroup/APT-C-35 Android App C2
Response (mobile_malware.rules)

 [///]    Modified inactive rules:    [///]

  2805152 - ETPRO TROJAN HackTool.MSIL.Flooder.gen Checkin (trojan.rules)
  2827818 - ETPRO TROJAN Fake Flash Update Watering Hole Attack Domain in
SNI (trojan.rules)

 [---]         Disabled rules:        [---]

  2807148 - ETPRO TROJAN Win32/Spy.Bancos.OGH Checkin (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200316/c76188b1/attachment.html>


More information about the Emerging-sigs mailing list