[Emerging-updates] Daily Ruleset Update Summary 2019/07/01

James Emery-Callcott jcallcott at emergingthreats.net
Mon Jul 1 12:50:31 HDT 2019 

[***]            Summary:            [***]

  2 new Open, 30 new Pro (2 + 28).  FlawedAmmyy, Remcos, Android/Agent.BEA,
Various Phish.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2027649 - ET USER_AGENTS Observed Suspicious UA (zwt) (user_agents.rules)
  2027650 - ET USER_AGENTS Observed Suspicious UA (My Agent)
(user_agents.rules)

Pro:

  2837138 - ETPRO MOBILE_MALWARE Android/Agent.BEA CnC Beacon
(mobile_malware.rules)
  2837139 - ETPRO MOBILE_MALWARE Android/Agent.BEA CnC Beacon 2
(mobile_malware.rules)
  2837140 - ETPRO MOBILE_MALWARE Android/Agent.BEA CnC Beacon 3
(mobile_malware.rules)
  2837141 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh CnC Beacon 15
(mobile_malware.rules)
  2837143 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-06-30
(current_events.rules)
  2837144 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-06-30 (current_events.rules)
  2837145 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-06-30
(current_events.rules)
  2837146 - ETPRO CURRENT_EVENTS Successful Western Union Phish 2019-06-30
(current_events.rules)
  2837147 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-06-30 (current_events.rules)
  2837148 - ETPRO CURRENT_EVENTS Successful Huntington Bank Phish
2019-07-01 (current_events.rules)
  2837149 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-07-01 (current_events.rules)
  2837150 - ETPRO CURRENT_EVENTS Successful Spotify Phish 2019-07-01
(current_events.rules)
  2837151 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-07-01
(current_events.rules)
  2837152 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-07-01
(current_events.rules)
  2837153 - ETPRO CURRENT_EVENTS Successful Snapchat Phish 2019-07-01
(current_events.rules)
  2837154 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish 2019-07-01
(current_events.rules)
  2837155 - ETPRO CURRENT_EVENTS Successful Cpanel Webmail Phish 2019-07-01
(current_events.rules)
  2837156 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2019-07-01 (current_events.rules)
  2837157 - ETPRO CURRENT_EVENTS Successful St. George Bank Phish
2019-07-01 (current_events.rules)
  2837158 - ETPRO TROJAN Win32/Remcos RAT Checkin 103 (trojan.rules)
  2837159 - ETPRO TROJAN Win32/Remcos RAT Checkin 104 (trojan.rules)
  2837160 - ETPRO TROJAN Win32/Remcos RAT Checkin 105 (trojan.rules)
  2837161 - ETPRO TROJAN Win32/Remcos RAT Checkin 106 (trojan.rules)
  2837162 - ETPRO TROJAN Win32/Remcos RAT Checkin 107 (trojan.rules)
  2837163 - ETPRO TROJAN Win32/Remcos RAT Checkin 108 (trojan.rules)
  2837164 - ETPRO TROJAN Win32/FlawedAmmyy RAT Reporting System Details
(trojan.rules)
  2837165 - ETPRO TROJAN Win32/FlawedAmmyy RAT Reporting Loader Results
(trojan.rules)
  2837166 - ETPRO TROJAN Win32/FlawedAmmyy RAT Reporting Installed Software
(trojan.rules)

[///]     Modified active rules:     [///]

  2017318 - ET CURRENT_EVENTS SUSPICIOUS IRC - PRIVMSG *.(exe|tar|tgz|zip)
 download command (current_events.rules)
  2810991 - ETPRO TROJAN SEDNIT CnC Beacon 1 (trojan.rules)
  2835255 - ETPRO CURRENT_EVENTS Possible MalDoc DL 2019-03-08
(current_events.rules)
  2837092 - ETPRO TROJAN Win32/Various Unusual POST to ip-api .com
(trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20190701/974cb0a1/attachment.html>

More information about the Emerging-updates mailing list