[Emerging-updates] Daily Ruleset Update Summary 2020/04/01

Jack Mott jmott at emergingthreats.net
Wed Apr 1 14:20:35 HDT 2020


[***]            Summary:            [***]

6 new Open, 29 new Pro (6 + 23). Various COVID-19 Phish/Scam,
Linux/Agent.HX CnC,  Win32/Vendetta Backdoor, Win32/Remcos, Various
Phishing.

Thanks: @michalmalik

Suricata 2/3 Support from Emerging Threats will be become End-Of-Life on
April 15th, 2020.

Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

[+++]          Added rules:          [+++]

Open:

  2029782 - ET CURRENT_EVENTS Successful Canada Revenue Agency COVID-19
Assistance Eligibility Phish 2020-04-01 (current_events.rules)
  2029783 - ET CURRENT_EVENTS Successful Canada Revenue Agency COVID-19
Assistance Eligibility (FR) Phish 2020-04-01 (current_events.rules)
  2029784 - ET GAMES Growtopia Hack - WrongGrow CnC Activity (games.rules)
  2029785 - ET TROJAN Linux/Agent.HX CnC Activity (set) (trojan.rules)
  2029786 - ET TROJAN Linux/Agent.HX CnC Activity M1 (trojan.rules)
  2029787 - ET TROJAN Linux/Agent.HX CnC Activity M2 (trojan.rules)

Pro:

  2841804 - ETPRO TROJAN Win32/Vendetta Backdoor CnC Command (Hidden
Updates) (trojan.rules)
  2841805 - ETPRO TROJAN Win32/Vendetta Backdoor CnC Response (userlist)
(trojan.rules)
  2841807 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-04-01 1) (trojan.rules)
  2841808 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-04-01 2) (trojan.rules)
  2841809 - ETPRO CURRENT_EVENTS Successful Shaw Webmail Phish 2020-04-01
(current_events.rules)
  2841810 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-04-01 (current_events.rules)
  2841811 - ETPRO CURRENT_EVENTS Successful Microsoft Sharepoint Phish
2020-04-01 (current_events.rules)
  2841812 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-04-01
(current_events.rules)
  2841813 - ETPRO CURRENT_EVENTS Successful IRS Tax Refund Phish 2020-04-01
(current_events.rules)
  2841814 - ETPRO TROJAN W32/TrojanDownloader.Agent.FBF Variant CnC Host
Checkin (trojan.rules)
  2841815 - ETPRO TROJAN W32/TrojanDownloader.Agent.FBF Variant CnC
Activity (trojan.rules)
  2841816 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-04-01 (current_events.rules)
  2841817 - ETPRO CURRENT_EVENTS Successful Santander Phish 2020-04-01
(current_events.rules)
  2841818 - ETPRO TROJAN Possible W32/Unk Iplogger Host Checkin
(trojan.rules)
  2841819 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2020-04-01
(current_events.rules)
  2841820 - ETPRO CURRENT_EVENTS Successful Telestra Phish 2020-04-01
(current_events.rules)
  2841821 - ETPRO TROJAN Win32/PSW.Agent.OIN CnC Activity (trojan.rules)
  2841823 - ETPRO TROJAN Win32/Remcos RAT Checkin 380 (trojan.rules)
  2841824 - ETPRO TROJAN Win32/Remcos RAT Checkin 381 (trojan.rules)
  2841825 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2841826 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)

 [///]     Modified active rules:     [///]

 2827391 - ETPRO TROJAN MSIL/FriendlyBot CnC Checkin (trojan.rules)
  2827456 - ETPRO MOBILE_MALWARE Android.Trojan.DDLight.E Checkin
(mobile_malware.rules)
  2827509 - ETPRO TROJAN Win32/Downloader.Banload.YAZ CnC Activity
(trojan.rules)
  2827605 - ETPRO TROJAN Win32/1ms0rry CoinMiner Botnet CnC Checkin
(trojan.rules)
  2827607 - ETPRO TROJAN MSIL/HookUp Bot CnC Checkin (trojan.rules)
  2827629 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 13
(mobile_malware.rules)
  2827630 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 14
(mobile_malware.rules)
  2827633 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.GV CnC Beacon
(mobile_malware.rules)
  2827695 - ETPRO TROJAN Win32/Banload.Downloader POST request CnC Checkin
(trojan.rules)
  2827700 - ETPRO MOBILE_MALWARE PUP Android/SMSFlooder.Agent.BN
<http://smsflooder.agent.bn/> CnC Beacon 3 (mobile_malware.rules)
  2827718 - ETPRO TROJAN W32.PooLen Coinminer Requesting Commands
(trojan.rules)
  2827762 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.am
<http://trojan.androidos.triada.am/> CnC Beacon (mobile_malware.rules)
  2827809 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.IT
<http://android.riskware.smspay.it/> CnC Beacon (mobile_malware.rules)
  2827913 - ETPRO TROJAN Win32/Virut.NBP Checkin (trojan.rules)
  2841781 - ETPRO TROJAN Win32/Vendetta Backdoor CnC Command (userlist)
(trojan.rules)

 [---]         Disabled rules:        [---]

  2827760 - ETPRO WEB_CLIENT FakeAV/TechSupport Scam Aug 30 2017
(web_client.rules)
  2827775 - ETPRO TROJAN MSIL/CA MacroBot CnC Activity  (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200401/46b6d647/attachment.html>


More information about the Emerging-updates mailing list