[Emerging-Sigs] Daily Ruleset Update Summary 2020/03/25

Brandon Murphy bmurphy at emergingthreats.net
Wed Mar 25 14:19:18 HDT 2020


[***]            Summary:            [***]

5 new Open, 23 new Pro (5 + 18). COVID-19 Ransomware, Remcos, Various
Phishing.


[+++]          Added rules:          [+++]

Open:

  2029735 - ET TROJAN Observed MSIL/n2019cov (COVID-19) Ransomware CnC
Domain in TLS SNI (trojan.rules)
  2029736 - ET TROJAN MSIL/n2019cov (COVID-19) Ransomware CnC Checkin
(trojan.rules)
  2029737 - ET CURRENT_EVENTS Successful Colleagues Quarantined with
COVID-19 Phish 2020-03-25 (current_events.rules)
  2029738 - ET CURRENT_EVENTS Successful Airbnb COVID-19 Phish 2020-03-25
(current_events.rules)
  2029739 - ET TROJAN Win32/Milum CnC (trojan.rules)

Pro:

  2841701 - ETPRO TROJAN VBS/LanceurLoader Checkin via Telegram
(trojan.rules)
  2841702 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-25 1) (trojan.rules)
  2841703 - ETPRO CURRENT_EVENTS Successful Generic Account Settings Phish
2020-03-25 (current_events.rules)
  2841704 - ETPRO CURRENT_EVENTS Successful Generic Account Settings Phish
2020-03-25 (current_events.rules)
  2841705 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-03-25
(current_events.rules)
  2841706 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-03-25 (current_events.rules)
  2841707 - ETPRO CURRENT_EVENTS Successful Denizbank Phish 2020-03-25
(current_events.rules)
  2841708 - ETPRO CURRENT_EVENTS Successful Intesa SanPaolo Phish
2020-03-25 (current_events.rules)
  2841709 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish 2020-03-25
(current_events.rules)
  2841710 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-03-25 (current_events.rules)
  2841711 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2020-03-25
(current_events.rules)
  2841712 - ETPRO CURRENT_EVENTS Successful DHL Phish 2020-03-25
(current_events.rules)
  2841713 - ETPRO CURRENT_EVENTS Successful Generic Webmail App Phish
2020-03-25 (current_events.rules)
  2841714 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-03-25 (current_events.rules)
  2841715 - ETPRO CURRENT_EVENTS Successful Advanzia Bank Phish 2020-03-25
(current_events.rules)
  2841716 - ETPRO TROJAN Win32/Remcos RAT Checkin 375 (trojan.rules)
  2841717 - ETPRO TROJAN PowerShell/TrojanDownloader.Agent.AIU CnC
(trojan.rules)
  2841718 - ETPRO TROJAN PowerShell/TrojanDownloader.Agent.AIU CnC Domain
in TLS SNI (trojan.rules)


[///]     Modified active rules:     [///]

  2029255 - ET EXPLOIT Possible Citrix Application Delivery Controller
Arbitrary Code Execution Attempt (CVE-2019-19781) M2 (exploit.rules)
  2808465 - ETPRO TROJAN Password Stealer MSIL/VOJIN.A Sending Stolen Info
(trojan.rules)
  2809776 - ETPRO TROJAN Win32/Unruy.C Checkin 4 (trojan.rules)
  2809794 - ETPRO WEB_SPECIFIC_APPS Pandora FMS 5.1 SP1 SQLi Attempt
(web_specific_apps.rules)
  2809816 - ETPRO WEB_SPECIFIC_APPS Maarch LetterBox 2.8 PHP File Upload
(web_specific_apps.rules)
  2809861 - ETPRO TROJAN Sharik/Smoke CnC Beacon (trojan.rules)
  2809863 - ETPRO TROJAN Win32/SvcMiner.A Checkin (trojan.rules)
  2812629 - ETPRO CURRENT_EVENTS BossTDS Redirect (current_events.rules)
  2814218 - ETPRO MALWARE VSProtect PUA Checkin (malware.rules)
  2814224 - ETPRO TROJAN Win32/TrojanDownloader.Banload.WEO Receiving
compressed PE set (.z) (trojan.rules)
  2814225 - ETPRO TROJAN Win32/TrojanDownloader.Banload.WEO Receiving
compressed PE set (.Z) (trojan.rules)
  2814240 - ETPRO TROJAN Win32/TrojanDownloader.Banload.WEO Receiving
compressed PE set (.7z) (trojan.rules)
  2814261 - ETPRO TROJAN Ursnif Fetching DGA Seed (trojan.rules)
  2814360 - ETPRO TROJAN Win32/Beebone!rfn External IP Address Check
(trojan.rules)
  2814529 - ETPRO TROJAN Win32/Gamker.A Checkin (trojan.rules)
  2825290 - ETPRO TROJAN Tofu Backdoor Checkin (trojan.rules)
  2828893 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.i Checkin
(mobile_malware.rules)
  2828894 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.i CnC
Beacon (mobile_malware.rules)
  2829338 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Skygofree.a Checkin
(mobile_malware.rules)
  2829340 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Skygofree.a Checkin 3
(mobile_malware.rules)
  2841676 - ETPRO TROJAN Win32/Cobalt Strike CnC Activity (OCSP Spoof)
(trojan.rules)


[---]  Disabled and modified rules:  [---]

  2810480 - ETPRO DOS Slowloris HTTP Traffic Inbound (dos.rules)
  2814239 - ETPRO TROJAN Win32/InfoStealer.Banload Variant Retrieving
Payload (trojan.rules)
  2814676 - ETPRO TROJAN MSIL/Kryptik.CNO Retrieving Payload (trojan.rules)
  2825226 - ETPRO TROJAN Helminth/Oilrig CnC Beacon 2 (trojan.rules)


[---]         Disabled rules:        [---]

  2812634 - ETPRO TROJAN Win32.Scar Checkin (trojan.rules)
  2814385 - ETPRO TROJAN Win32/Nivdort!acf CnC Beacon (trojan.rules)


[---]         Removed rules:         [---]

  2841700 - ETPRO TROJAN Win32/Milum CnC (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200325/677fc787/attachment.html>


More information about the Emerging-sigs mailing list