[Emerging-Sigs] Daily Ruleset Update Summary 2020/03/19

Jason Williams jwilliams at emergingthreats.net
Thu Mar 19 13:10:10 HDT 2020


[***]            Summary:            [***]

  47 Open, 72 Pro (47 + 25). Get2 CnC, Kimsuky, Remcos, Various Phish.

  42 Phishing rules were migrated from PRO to OPEN to improve community
detection of scams exploiting the COVID-19 outbreak.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

 Open:

  2029648 - ET TROJAN Observed Malicious SSL Cert (Get2 CnC) (trojan.rules)
  2029649 - ET TROJAN Observed Malicious SSL Cert (Get2 CnC) (trojan.rules)
  2029650 - ET TROJAN Observed Malicious SSL Cert (Get2 CnC) (trojan.rules)
  2029651 - ET TROJAN Observed Malicious SSL Cert (Get2 CnC) (trojan.rules)
  2029652 - ET CURRENT_EVENTS Possible Successful Generic Phish Aug 31 2015
(current_events.rules)
  2029653 - ET CURRENT_EVENTS Successful DHL Account Phish 2015-11-03
(current_events.rules)
  2029654 - ET CURRENT_EVENTS Successful DHL Phish 2015-09-14
(current_events.rules)
  2029655 - ET CURRENT_EVENTS Successful Mailbox Update Phish 2016-02-17
(current_events.rules)
  2029656 - ET CURRENT_EVENTS Terse POST to Wordpress Folder - Probable
Successful Phishing M2 (current_events.rules)
  2029657 - ET CURRENT_EVENTS Successful Generic Phish (302) 2016-12-16
(current_events.rules)
  2029658 - ET CURRENT_EVENTS Microsoft Office Phishing Landing 2016-12-18
(current_events.rules)
  2029659 - ET CURRENT_EVENTS Successful DHL Phish (Meta HTTP-Equiv
Refresh) 2017-02-08 (current_events.rules)
  2029660 - ET CURRENT_EVENTS Successful Generic Phish - Fake Loading Page
2017-08-03 (current_events.rules)
  2029661 - ET CURRENT_EVENTS Successful Facebook Mobile Phish 2017-08-15
(current_events.rules)
  2029662 - ET CURRENT_EVENTS Successful Generic .EDU Phish Aug 17 2017
(current_events.rules)
  2029663 - ET CURRENT_EVENTS Successful OX App Suite Phish 2017-10-12
(current_events.rules)
  2029664 - ET CURRENT_EVENTS Successful Generic 000webhostapp.com Phish
2017-10-27 (current_events.rules)
  2029665 - ET CURRENT_EVENTS Successful Facebook Phish 2018-01-26
(current_events.rules)
  2029666 - ET CURRENT_EVENTS Successful Generic Personalized Phish
2018-09-27 M2 (current_events.rules)
  2029667 - ET CURRENT_EVENTS Successful Fedex/DHL Phish 2018-10-22
(current_events.rules)
  2029668 - ET CURRENT_EVENTS Successful Microsoft Account Phish 2019-01-29
(current_events.rules)
  2029669 - ET CURRENT_EVENTS Successful Generic Personalized Phish
2019-02-13 (current_events.rules)
  2029670 - ET CURRENT_EVENTS Successful Generic Mailbox Phish 2019-03-07
(current_events.rules)
  2029671 - ET CURRENT_EVENTS Successful Generic Personalized Phish
2019-03-11 (current_events.rules)
  2029672 - ET CURRENT_EVENTS Successful Facebook Phish 2019-04-12
(current_events.rules)
  2029673 - ET CURRENT_EVENTS Successful Facebook Phish 2019-04-26
(current_events.rules)
  2029674 - ET CURRENT_EVENTS Successful Interac Phish 2019-05-15
(current_events.rules)
  2029675 - ET CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-06-04 (current_events.rules)
  2029676 - ET CURRENT_EVENTS Successful Geneneric Credit Card Information
Phish 2019-08-02 (current_events.rules)
  2029677 - ET CURRENT_EVENTS Successful Facebook Phish 2019-08-29
(current_events.rules)
  2029678 - ET CURRENT_EVENTS Successful Facebook Phish 2019-08-29
(current_events.rules)
  2029679 - ET CURRENT_EVENTS Successful DHL Phish 2019-10-18
(current_events.rules)
  2029680 - ET CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-11-04 (current_events.rules)
  2029681 - ET CURRENT_EVENTS Successful Microsoft Account Phish 2019-11-06
(current_events.rules)
  2029682 - ET CURRENT_EVENTS Successful Apple Phish 2019-12-18
(current_events.rules)
  2029683 - ET CURRENT_EVENTS Successful Facebook Phish 2020-01-10
(current_events.rules)
  2029684 - ET CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-27 (current_events.rules)
  2029685 - ET CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
  2029686 - ET CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
  2029687 - ET CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
  2029688 - ET CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
  2029689 - ET CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
  2029690 - ET CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
  2029691 - ET CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-25 (current_events.rules)
  2029692 - ET CURRENT_EVENTS Successful Microsoft Office Phish 2020-02-26
(current_events.rules)
  2029693 - ET CURRENT_EVENTS Successful Microsoft Account Phish 2020-03-04
(current_events.rules)
  2029694 - ET POLICY External IP Lookup (api .ipstack .com) (policy.rules)

 Pro:

  2841593 - ETPRO TROJAN Win32/Unk.Rewbar CnC Checkin (trojan.rules)
  2841594 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
  2841595 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-19 1) (trojan.rules)
  2841596 - ETPRO CURRENT_EVENTS Successful Personalized Adobe Phish
2020-03-19 (current_events.rules)
  2841597 - ETPRO CURRENT_EVENTS Successful My3 Phish 2020-03-19
(current_events.rules)
  2841598 - ETPRO CURRENT_EVENTS Successful Alimail Enterprise Phish
2020-03-19 (current_events.rules)
  2841599 - ETPRO CURRENT_EVENTS Successful Shared Excel Document Phish
2020-03-19 (current_events.rules)
  2841600 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-03-19
(current_events.rules)
  2841601 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-03-19
(current_events.rules)
  2841602 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-03-19
(current_events.rules)
  2841603 - ETPRO CURRENT_EVENTS Successful Amazon Web Services Phish
2020-03-19 (current_events.rules)
  2841604 - ETPRO CURRENT_EVENTS Successful DHL Phish 2020-03-19
(current_events.rules)
  2841605 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2020-03-19
(current_events.rules)
  2841606 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-03-19
(current_events.rules)
  2841607 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-03-19
(current_events.rules)
  2841608 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-03-19
(current_events.rules)
  2841609 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2020-03-19
(current_events.rules)
  2841610 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2020-03-19
(current_events.rules)
  2841611 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2020-03-19
(current_events.rules)
  2841612 - ETPRO CURRENT_EVENTS Successful Indeed Phish 2020-03-19
(current_events.rules)
  2841613 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-03-19
(current_events.rules)
  2841614 - ETPRO TROJAN W32/Oulif CnC Host Checkin (trojan.rules)
  2841615 - ETPRO MALWARE Win32/InstallCore Requesting Affiliate Install
(malware.rules)
  2841616 - ETPRO TROJAN Python Kimsuky Payload - CnC Checkin (trojan.rules)
  2841617 - ETPRO TROJAN Win32/Remcos RAT Checkin 367 (trojan.rules)

 [///]     Modified active rules:     [///]

  2020728 - ET TROJAN Possible Adwind/jSocket SSL Cert (assylias.Inc)
(trojan.rules)
  2029623 - ET TROJAN VBS/TrojanDownloader.Agent.SEB Checkin (trojan.rules)
  2029624 - ET TROJAN VBS/TrojanDownloader.Agent.SEB Keep-Alive
(trojan.rules)
  2029625 - ET TROJAN VBS/TrojanDownloader.Agent.SEB Reporting Network Info
(trojan.rules)
  2809797 - ETPRO WEB_SPECIFIC_APPS WP Video Gallery 2.7 SQLi Attempt
(web_specific_apps.rules)
  2809946 - ETPRO TROJAN Win32/Unruy.C Possible Click Fraud (trojan.rules)
  2810007 - ETPRO TROJAN Win32/Bagfi Variant Checkin (trojan.rules)
  2810055 - ETPRO TROJAN Sharik/Smoke Loader CnC Beacon Response
(trojan.rules)
  2810084 - ETPRO TROJAN Win32.Androm.gljb Trojan Checkin (trojan.rules)
  2831526 - ETPRO TROJAN W32.Unk.Stealer Checkin M2 (trojan.rules)
  2841453 - ETPRO EXPLOIT Possible SMBv3 Exploitation Attempt
(CVE-2020-0796) (exploit.rules)

 [---]         Removed rules:         [---]

  2812824 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Aug 31
2015 (current_events.rules)
  2812877 - ETPRO CURRENT_EVENTS Successful DHL Account Phish Sept 3
(current_events.rules)
  2813010 - ETPRO CURRENT_EVENTS Successful DHL Phish Sept 14 2015
(current_events.rules)
  2816284 - ETPRO CURRENT_EVENTS Successful Mailbox Update Phish Feb 17 M1
(current_events.rules)
  2820695 - ETPRO CURRENT_EVENTS Terse POST to Wordpress Folder - Probable
Successful Phishing M2 (current_events.rules)
  2823937 - ETPRO CURRENT_EVENTS Successful Generic Phish (302) Dec 16 2016
(current_events.rules)
  2823945 - ETPRO CURRENT_EVENTS Microsoft Office Phishing Landing Dec 18
2016 (current_events.rules)
  2824861 - ETPRO CURRENT_EVENTS Successful DHL Phish (Meta HTTP-Equiv
Refresh) Feb 08 2017 (current_events.rules)
  2827386 - ETPRO CURRENT_EVENTS Successful Generic Phish - Fake Loading
Page Aug 03 2017 (current_events.rules)
  2827540 - ETPRO CURRENT_EVENTS Successful Facebook Mobile Phish Aug 15
2017 (current_events.rules)
  2827572 - ETPRO CURRENT_EVENTS Successful Generic .EDU Phish Aug 17 2017
(current_events.rules)
  2828256 - ETPRO CURRENT_EVENTS Successful OX App Suite Phish Oct 12 2017
(current_events.rules)
  2828454 - ETPRO CURRENT_EVENTS Successful Generic 000webhostapp.com Phish
Oct 27 2017 (current_events.rules)
  2829449 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2018-01-26
(current_events.rules)
  2832842 - ETPRO CURRENT_EVENTS Successful Generic Personalized Phish
2018-09-27 M2 (current_events.rules)
  2833236 - ETPRO CURRENT_EVENTS Successful Fedex/DHL Phish 2018-10-22
(current_events.rules)
  2834639 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-01-29 (current_events.rules)
  2834876 - ETPRO CURRENT_EVENTS Successful Generic Personalized Phish
2019-02-13 (current_events.rules)
  2835234 - ETPRO CURRENT_EVENTS Successful Generic Mailbox Phish
2019-03-07 (current_events.rules)
  2835277 - ETPRO CURRENT_EVENTS Successful Generic Personalized Phish
2019-03-11 (current_events.rules)
  2835843 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-04-12
(current_events.rules)
  2836081 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-04-26
(current_events.rules)
  2836324 - ETPRO CURRENT_EVENTS Successful Interac Phish 2019-05-15
(current_events.rules)
  2836642 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-06-04 (current_events.rules)
  2837832 - ETPRO CURRENT_EVENTS Successful Geneneric Credit Card
Information Phish 2019-08-02 (current_events.rules)
  2838222 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-08-29
(current_events.rules)
  2838224 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-08-29
(current_events.rules)
  2838997 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-10-18
(current_events.rules)
  2839214 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-11-04 (current_events.rules)
  2839244 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-11-06 (current_events.rules)
  2839993 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-12-18
(current_events.rules)
  2840371 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-01-10
(current_events.rules)
  2840672 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-27 (current_events.rules)
  2841146 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
  2841149 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
  2841151 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
  2841152 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
  2841153 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
  2841154 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
  2841155 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
  2841197 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-25 (current_events.rules)
  2841225 - ETPRO CURRENT_EVENTS Successful Microsoft Office Phish
2020-02-26 (current_events.rules)
  2841347 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-03-04 (current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200319/aa965662/attachment-0001.html>


More information about the Emerging-sigs mailing list