[Emerging-updates] Daily Ruleset Update Summary 2019/07/03

James Emery-Callcott jcallcott at emergingthreats.net
Wed Jul 3 13:51:14 HDT 2019 

[***]            Summary:            [***]

  9 new Open, 48 new Pro (9 + 38).  APT34, Godlua, Android.Hiddad.FCD,
Various SSL/TLS, Various Phish.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2027669 - ET TROJAN Observed Turla/APT34 CnC Domain Domain (dubaiexpo2020
.cf in TLS SNI) (trojan.rules)
  2027670 - ET TROJAN Observed Malicious SSL Cert (Turla/APT34 CnC Domain)
(trojan.rules)
  2027671 - ET POLICY Cloudflare DNS Over HTTPS Certificate Inbound
(policy.rules)
  2027672 - ET TROJAN Godlua Backdoor Stage-3 Client Heartbeat (Jun 2019-
Dec 2019) (set) (trojan.rules)
  2027673 - ET TROJAN Godlua Backdoor Stage-3 Client Heartbeat (Dec 2019-
Jul 2020) (set) (trojan.rules)
  2027674 - ET TROJAN Godlua Backdoor Stage-3 Client Heartbeat (Jul 2020-
Jan 2021) (set) (trojan.rules)
  2027675 - ET TROJAN Godlua Backdoor Stage-3 Server Heartbeat Reply (Jun
2019 - Sep 2020) (trojan.rules)
  2027676 - ET TROJAN Godlua Backdoor Stage-3 Server Heartbeat Reply (Sep
2020 - Nov 2023) (trojan.rules)
  2027677 - ET TROJAN Godlua Backdoor Downloading Encrypted Lua
(trojan.rules)

Pro:

  2837196 - ETPRO MOBILE_MALWARE Android/Hiddad.FCD Checkin 2
(mobile_malware.rules)
  2837197 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (EvilVBS DL
2019-07-03) (current_events.rules)
  2837198 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2837199 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-07-03) (current_events.rules)
  2837200 - ETPRO CURRENT_EVENTS Successful Argenta Phish 2019-07-03
(current_events.rules)
  2837201 - ETPRO CURRENT_EVENTS Successful Generic T.Goe Phish 2019-07-03
(current_events.rules)
  2837202 - ETPRO CURRENT_EVENTS Successful Generic Banking Phish
2019-07-03 (current_events.rules)
  2837203 - ETPRO CURRENT_EVENTS Successful Gmail Phish 2019-07-03
(current_events.rules)
  2837204 - ETPRO CURRENT_EVENTS Successful Paypal DE Phish 2019-07-03
(current_events.rules)
  2837205 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-07-03
(current_events.rules)
  2837206 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2019-07-03 (current_events.rules)
  2837207 - ETPRO CURRENT_EVENTS Successful TD Bank Phish 2019-07-03
(current_events.rules)
  2837208 - ETPRO CURRENT_EVENTS Successful Banco Nacional Phish 2019-07-03
(current_events.rules)
  2837209 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-07-03 (current_events.rules)
  2837210 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-07-03 (current_events.rules)
  2837211 - ETPRO CURRENT_EVENTS Successful Simplii Phish 2019-07-03
(current_events.rules)
  2837212 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-07-03 (current_events.rules)
  2837213 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-07-03
(current_events.rules)
  2837214 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-07-03 (current_events.rules)
  2837215 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-07-03
(current_events.rules)
  2837216 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-07-03 (current_events.rules)
  2837217 - ETPRO CURRENT_EVENTS Successful USAA Phish 2019-07-03
(current_events.rules)
  2837218 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-07-03 (current_events.rules)
  2837219 - ETPRO MALWARE InstallPortal Glority User-Agent (malware.rules)
  2837220 - ETPRO MALWARE PPI Download Assistant User-Agent (malware.rules)
  2837221 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-07-03 1) (trojan.rules)
  2837222 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-07-03 2) (trojan.rules)
  2837223 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-07-03 3) (trojan.rules)
  2837224 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-07-03 4) (trojan.rules)
  2837225 - ETPRO TROJAN Win32/AgentBypass Variant Check-in (trojan.rules)
  2837226 - ETPRO TROJAN PowerPho Powershell Activity M1 (trojan.rules)
  2837227 - ETPRO TROJAN PowerPho Powershell Activity M2 (trojan.rules)
  2837228 - ETPRO EXPLOIT Unk JSP WebShell - Possible Upload M1
(exploit.rules)
  2837229 - ETPRO EXPLOIT Unk JSP WebShell - Possible Upload M2
(exploit.rules)
  2837230 - ETPRO TROJAN Possible Unk JSP WebShell Access M1 (trojan.rules)
  2837231 - ETPRO TROJAN Possible Unk JSP WebShell Access M2 (trojan.rules)
  2837232 - ETPRO TROJAN Possible Unk JSP WebShell Access M3 (trojan.rules)
  2837233 - ETPRO TROJAN Possible Unk JSP WebShell Access M4 (trojan.rules)
  2837234 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)

[///]     Modified active rules:     [///]

  2816720 - ETPRO MOBILE_MALWARE Android/AdDisplay.Kuguo.V Checkin
(mobile_malware.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20190703/b181ab30/attachment.html>

More information about the Emerging-updates mailing list