[Emerging-updates] Daily Ruleset Update Summary 2019/12/27

Jason Williams jwilliams at emergingthreats.net
Fri Dec 27 13:43:07 HST 2019


[***]            Summary:            [***]

  2 new Open, 27 new Pro (2 + 25). Upatre, Azorult, Remcos and Various
Phish.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

 [+++]          Added rules:          [+++]

 Open:

  2029201 - ET TROJAN Observed Malicious SSL Cert (Upatre CnC)
(trojan.rules)
  2029202 - ET TROJAN Observed Upatre CnC Domain in TLS SNI (trojan.rules)

 Pro:

  2840117 - ETPRO TROJAN Base64 Encoded EXE Content-Type Mismatch
(audio/mpeg) (trojan.rules)
  2840118 - ETPRO WEB_CLIENT Evil Keitaro Set-Cookie Inbound (9a206)
(web_client.rules)
  2840119 - ETPRO CURRENT_EVENTS Successful Aruba IT Phish 2019-12-27
(current_events.rules)
  2840120 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-27
(current_events.rules)
  2840121 - ETPRO CURRENT_EVENTS Successful Google Phish 2019-12-27
(current_events.rules)
  2840122 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2019-12-27 (current_events.rules)
  2840123 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2019-12-27 (current_events.rules)
  2840124 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2019-12-27 (current_events.rules)
  2840125 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2019-12-27
(current_events.rules)
  2840126 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-27
(current_events.rules)
  2840127 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-27
(current_events.rules)
  2840128 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-12-27 (current_events.rules)
  2840129 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2019-12-27
(current_events.rules)
  2840130 - ETPRO CURRENT_EVENTS Successful Simplii Phish 2019-12-27
(current_events.rules)
  2840131 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-12-27
(current_events.rules)
  2840132 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-12-27
(current_events.rules)
  2840133 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-27
(current_events.rules)
  2840134 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-27
(current_events.rules)
  2840135 - ETPRO CURRENT_EVENTS Successful Microsoft Live Account Phish
2019-12-27 (current_events.rules)
  2840136 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-27 1) (trojan.rules)
  2840137 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-27 2) (trojan.rules)
  2840138 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-12-27 3) (trojan.rules)
  2840139 - ETPRO TROJAN Win32/Remcos RAT Checkin 292 (trojan.rules)
  2840140 - ETPRO TROJAN Win32/Remcos RAT Checkin 293 (trojan.rules)
  2840141 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC)
2019-12-27 (trojan.rules)

 [///]     Modified active rules:     [///]

  2029178 - ET TROJAN Win32/BlackNET CnC Checkin (trojan.rules)
  2029179 - ET TROJAN Win32/BlackNET CnC Keep-Alive (trojan.rules)
  2029180 - ET TROJAN Win32/BlackNET CnC Requesting Command (trojan.rules)
  2837734 - ETPRO TROJAN Win32/psiXbot CnC Checkin (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20191227/058c5a03/attachment.html>


More information about the Emerging-updates mailing list