[Emerging-updates] Daily Ruleset Update Summary 2019/07/10

Wed Jul 10 13:26:33 HDT 2019

[***]            Summary:            [***]

  3 new Open, 44 new Pro (3 + 41).  ViceLeaker, Danabot Injects, Metamorfo,
Various Phish.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

 Open:

  2027696 - ET EXPLOIT Possible Zoom Client Auto-Join (CVE-2019-13450)
(exploit.rules)
  2027697 - ET TROJAN Win32/Unk Retrieving Malicious VBScript (trojan.rules)
  2027698 - ET TROJAN Win32/Unk.VBScript Requesting Instruction from CnC
(trojan.rules)

 Pro:

  2837414 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.ViceLeaker.a CnC
Beacon (mobile_malware.rules)
  2837415 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.ViceLeaker.a CnC
Beacon 2 (mobile_malware.rules)
  2837416 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.ViceLeaker.a CnC
Beacon 3 (mobile_malware.rules)
  2837417 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.ViceLeaker.a CnC
Beacon 4 (mobile_malware.rules)
  2837418 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.ViceLeaker.a CnC
Beacon 5 (mobile_malware.rules)
  2837419 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.ViceLeaker.a CnC
Beacon 6 (mobile_malware.rules)
  2837420 - ETPRO TROJAN Win32/MuddyWater Implant CnC Activity
(trojan.rules)
  2837421 - ETPRO CURRENT_EVENTS Successful Banque Populaire Phish
2019-07-10 (current_events.rules)
  2837422 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-07-10 (current_events.rules)
  2837423 - ETPRO CURRENT_EVENTS Successful Suncorp Bank Phish 2019-07-10
(current_events.rules)
  2837424 - ETPRO TROJAN SSL/TLS Certificate Observed (Donot Group YTY)
(trojan.rules)
  2837425 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-07-10 (current_events.rules)
  2837426 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-07-10 (current_events.rules)
  2837427 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2019-07-10
(current_events.rules)
  2837428 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-07-10 1) (trojan.rules)
  2837429 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-07-10 2) (trojan.rules)
  2837430 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-07-10 3) (trojan.rules)
  2837431 - ETPRO CURRENT_EVENTS Successful American Express Phish
2019-07-10 (current_events.rules)
  2837432 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-07-10 (current_events.rules)
  2837433 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-07-10 (current_events.rules)
  2837434 - ETPRO CURRENT_EVENTS Successful BB&T Phish 2019-07-10
(current_events.rules)
  2837435 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-07-10
(current_events.rules)
  2837436 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-07-10
(current_events.rules)
  2837437 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-07-10 (current_events.rules)
  2837438 - ETPRO CURRENT_EVENTS Successful BB&T Phish 2019-07-10
(current_events.rules)
  2837439 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-07-10 (current_events.rules)
  2837440 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-07-10
(current_events.rules)
  2837441 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-07-10 (current_events.rules)
  2837442 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-07-10 (current_events.rules)
  2837443 - ETPRO TROJAN Danabot Webinject Redirect (mBank) M1
(trojan.rules)
  2837444 - ETPRO TROJAN Danabot Webinject Redirect (mBank) M2
(trojan.rules)
  2837445 - ETPRO TROJAN Danabot Webinject Redirect (mBank) M3
(trojan.rules)
  2837446 - ETPRO TROJAN Danabot Webinject Redirect (Centrum24)
(trojan.rules)
  2837447 - ETPRO TROJAN Danabot Webinject Redirect (PBSBank) (trojan.rules)
  2837448 - ETPRO TROJAN Danabot Webinject Redirect (AliorBank) M1
(trojan.rules)
  2837449 - ETPRO TROJAN Danabot Webinject Redirect (IdeaBank)
(trojan.rules)
  2837450 - ETPRO TROJAN Danabot Webinject Redirect (AliorBank) M2
(trojan.rules)
  2837451 - ETPRO TROJAN Danabot Webinject Redirect (NestBank)
(trojan.rules)
  2837452 - ETPRO TROJAN Danabot Webinject Redirect (GetinBank)
(trojan.rules)
  2837453 - ETPRO TROJAN Win32/Metamorfo Salveinfo Variant HTTP Beacon
(trojan.rules)
  2837454 - ETPRO POLICY External IP Lookup Domain (localizaip .com .br)
(policy.rules)

 [///]     Modified active rules:     [///]

  2835637 - ETPRO TROJAN Win32/Pterodo.NG Checkin 2 (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20190710/dad41af4/attachment.html>