[Emerging-Sigs] Daily Ruleset Update Summary 2020/03/17

Jason Williams jwilliams at emergingthreats.net
Tue Mar 17 13:24:51 HDT 2020


[***]            Summary:            [***]

  5 new Open, 22 new Pro (5 + 17). Higaisa CnC, SandCat, Cobalt Strike,
Presenoker, Various Phish.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

 Open:

  2029639 - ET TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
  2029640 - ET TROJAN Higaisa CnC Activity (trojan.rules)
  2029641 - ET TROJAN Win32/Unk.Joia CnC Activity (trojan.rules)
  2029642 - ET TROJAN Observed Malicious SSL Cert (Win32/SandCat CnC)
(trojan.rules)
  2029643 - ET TROJAN Win32/SandCat CnC Checkin (trojan.rules)

 Pro:

  2841535 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-17 1) (trojan.rules)
  2841536 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-17 2) (trojan.rules)
  2841537 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-17 3) (trojan.rules)
  2841538 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-17 4) (trojan.rules)
  2841539 - ETPRO CURRENT_EVENTS Successful Bancolumbia Phish 2020-03-17
(current_events.rules)
  2841540 - ETPRO CURRENT_EVENTS Successful Verified by Visa Phish
2020-03-17 (current_events.rules)
  2841541 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-03-17
(current_events.rules)
  2841542 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-03-17
(current_events.rules)
  2841543 - ETPRO CURRENT_EVENTS Successful Generic BR Bank Phish
2020-03-17 (current_events.rules)
  2841544 - ETPRO CURRENT_EVENTS Successful Amazon JP Phish 2020-03-17
(current_events.rules)
  2841545 - ETPRO CURRENT_EVENTS Successful Godaddy Phish 2020-03-17
(current_events.rules)
  2841546 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-03-17
(current_events.rules)
  2841547 - ETPRO CURRENT_EVENTS Successful Square Phish 2020-03-17
(current_events.rules)
  2841548 - ETPRO CURRENT_EVENTS Successful Citibank Phish 2020-03-17
(current_events.rules)
  2841549 - ETPRO CURRENT_EVENTS Successful Standard Bank Online Phish
2020-03-17 (current_events.rules)
  2841550 - ETPRO TROJAN Win32/Presenoker CnC Checkin (trojan.rules)
  2841551 - ETPRO MALWARE Win32/Presenoker Requesting Batch File M10
(malware.rules)

 [///]     Modified active rules:     [///]

  2806943 - ETPRO TROJAN Win32/Nefyn.A POST (trojan.rules)
  2808472 - ETPRO TROJAN PWS-Banker!dg Callback (trojan.rules)
  2808570 - ETPRO TROJAN Win32.Sisron.B Checkin 2 (trojan.rules)
  2809407 - ETPRO MALWARE Win32.SkySTools.A Checkin (malware.rules)
  2809576 - ETPRO EXPLOIT Arris Cable Modem Backdoor Cookie 2
(exploit.rules)
  2809652 - ETPRO TROJAN Chthonic Bot CnC Beacon 1 (trojan.rules)
  2834683 - ETPRO TROJAN Possible Danabot CnC Checkin Request (flowbit set)
(trojan.rules)

 [---]         Disabled rules:        [---]

  2808285 - ETPRO TROJAN Win32.Tooka.a Checkin (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200317/b71acd77/attachment.html>


More information about the Emerging-sigs mailing list