[Emerging-Sigs] Daily Ruleset Update Summary 2020/03/20

Jason Williams jwilliams at emergingthreats.net
Fri Mar 20 14:45:25 HDT 2020


[***]            Summary:            [***]

  1 Open, 28 Pro (1 + 27). COVID-19 Scam, Mirai, MZRevenge, Remcos, Various
Phish.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

 Open:

  2029695 - ET CURRENT_EVENTS Fake World Health Organization COVID-19
Portal 2020-03-20 (current_events.rules)

 Pro:

  2841618 - ETPRO INFO Observed Suspicious Hex Encoded String Inbound
(decodeURIComponent) (info.rules)
  2841620 - ETPRO WEB_CLIENT Observed Malicious JavaScript Window Resize
Function Inbound (web_client.rules)
  2841621 - ETPRO TROJAN Suspected Powershell Empire CnC (trojan.rules)
  2841622 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-20 1) (trojan.rules)
  2841623 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2841624 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2841625 - ETPRO TROJAN SSL/TLS Certificate Observed (Evil Powershell)
(trojan.rules)
  2841626 - ETPRO TROJAN W32/Winloud CnC Activity (trojan.rules)
  2841627 - ETPRO CURRENT_EVENTS Successful Mweb Phish 2020-03-20
(current_events.rules)
  2841628 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-03-20 (current_events.rules)
  2841629 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-03-20 (current_events.rules)
  2841630 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-03-20
(current_events.rules)
  2841631 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-03-20
(current_events.rules)
  2841632 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-03-20
(current_events.rules)
  2841633 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-03-20
(current_events.rules)
  2841634 - ETPRO CURRENT_EVENTS Possible Successful Generic Security
Questions Phish 2020-03-20 (current_events.rules)
  2841635 - ETPRO CURRENT_EVENTS Successful Ebay Phish 2020-03-20
(current_events.rules)
  2841636 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-03-20
(current_events.rules)
  2841637 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2020-03-20
(current_events.rules)
  2841638 - ETPRO CURRENT_EVENTS Successful Turkey Gov TR Phish 2020-03-20
(current_events.rules)
  2841639 - ETPRO CURRENT_EVENTS Successful Amazon Web Services Phish
2020-03-20 (current_events.rules)
  2841640 - ETPRO TROJAN MZRevenge Ransomware CnC Activity (trojan.rules)
  2841641 - ETPRO TROJAN MZRevenge Ransomware CnC Activity (trojan.rules)
  2841642 - ETPRO TROJAN MZRevenge Ransomware CnC Activity (trojan.rules)
  2841643 - ETPRO TROJAN Win32/Remcos RAT Checkin 368 (trojan.rules)
  2841644 - ETPRO TROJAN Win32/Remcos RAT Checkin 369 (trojan.rules)
  2841645 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)

 [///]     Modified active rules:     [///]

  2029676 - ET CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-08-02 (current_events.rules)
  2827990 - ETPRO TROJAN Malicious Miner Downloading CoinMiner
Configuration M2 (trojan.rules)
  2828006 - ETPRO TROJAN Emotet Post Drop C2 Comms M2 (trojan.rules)
  2828110 - ETPRO MOBILE_MALWARE Android Unknown Trojan CnC Beacon
(mobile_malware.rules)
  2828158 - ETPRO TROJAN JS Cryxos Downloader M2 Oct 05 2017 (trojan.rules)
  2828197 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Ubsod.c Checkin
(mobile_malware.rules)
  2828239 - ETPRO MOBILE_MALWARE Android/HiddenApp.FH CnC Beacon
(mobile_malware.rules)
  2828252 - ETPRO CURRENT_EVENTS Successful Postmaster Phish M1 Oct 12 2017
(current_events.rules)
  2828259 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh CnC Beacon 5
(mobile_malware.rules)
  2828260 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh CnC Beacon 6
(mobile_malware.rules)
  2828261 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh SMS Exfil
(mobile_malware.rules)
  2828262 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh Contact Exfil
(mobile_malware.rules)
  2828264 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh CnC Beacon 8
(mobile_malware.rules)
  2828265 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh Network
Activity Exfil (mobile_malware.rules)
  2828312 - ETPRO TROJAN Unknown Maldoc POST to CnC (trojan.rules)
  2828317 - ETPRO TROJAN Orz JavaScript Backdoor Communicating with CnC
(trojan.rules)
  2828321 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.Wapron.aun CnC Beacon
(mobile_malware.rules)
  2828322 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.Wapron.aun CnC Beacon 2
(mobile_malware.rules)
  2828494 - ETPRO TROJAN Win32/Gibon Ransomware CnC Activity (trojan.rules)
  2828503 - ETPRO MOBILE_MALWARE Android/Spy.Banker.TBE CnC Beacon
(mobile_malware.rules)
  2828538 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.dot Checkin
(mobile_malware.rules)

 [---]         Disabled rules:        [---]

  2827994 - ETPRO TROJAN Malicious Python Libraries Communicating with CnC
(trojan.rules)
  2828206 - ETPRO TROJAN APT.Vemics CnC Beacon (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200320/99308a09/attachment.html>


More information about the Emerging-sigs mailing list