[Emerging-updates] Daily Ruleset Update Summary 2020/04/07

Jason Williams jwilliams at emergingthreats.net
Tue Apr 7 13:26:50 HDT 2020


[***]            Summary:            [***]

  4 Open, 27 Pro (4 + 23). Sidewinder APT, Android Hiddad, Burp Collector,
Various Phish.

  Suricata 2/3 Support from Emerging Threats will become End-Of-Life on
April 15th, 2020.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

 Open:

  2029825 - ET TROJAN Observed Sidewinder APT User-Agent (trojan.rules)
  2029826 - ET POLICY Observed DNS Query to .burpcollector .net Domain
(policy.rules)
  2029827 - ET CURRENT_EVENTS Possible Successful CDC Coronavirus Related
Phish 2020-04-07 (current_events.rules)
  2029828 - ET CURRENT_EVENTS CDC Coronavirus Related Phishing Landing
2020-04-07 (current_events.rules)

 Pro:

  2841908 - ETPRO MOBILE_MALWARE Android/Hiddad.AIO DNS Lookup 1
(mobile_malware.rules)
  2841909 - ETPRO MOBILE_MALWARE Android/Hiddad.AIO DNS Lookup 2
(mobile_malware.rules)
  2841910 - ETPRO MOBILE_MALWARE Android/Hiddad.AIO DNS Lookup 3
(mobile_malware.rules)
  2841911 - ETPRO MOBILE_MALWARE Android/Hiddad.AIO DNS Lookup 4
(mobile_malware.rules)
  2841912 - ETPRO MOBILE_MALWARE Android/Hiddad.AIO DNS Lookup 5
(mobile_malware.rules)
  2841913 - ETPRO MOBILE_MALWARE Android/Hiddad.AIO DNS Lookup 6
(mobile_malware.rules)
  2841914 - ETPRO MOBILE_MALWARE Android/Hiddad.AIO DNS Lookup 7
(mobile_malware.rules)
  2841915 - ETPRO MOBILE_MALWARE Android/Hiddad.AIO Checkin
(mobile_malware.rules)
  2841916 - ETPRO MALWARE Burp Collector Reporting Group Information
(malware.rules)
  2841917 - ETPRO POLICY Observed Burp Collaborator Server Header
(policy.rules)
  2841918 - ETPRO INFO Observed Suspicious Reversed String Inbound
($env:APPDATA) (info.rules)
  2841919 - ETPRO INFO Observed Suspicious Reversed String Inbound
(start-process) (info.rules)
  2841920 - ETPRO TROJAN Observed Suspicious Reversed String Inbound (IEX)
(trojan.rules)
  2841921 - ETPRO INFO Observed Suspicious Reversed String Inbound
(New-Object -Com) (info.rules)
  2841922 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-04-06 1) (trojan.rules)
  2841923 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-04-07
(current_events.rules)
  2841924 - ETPRO CURRENT_EVENTS Successful BNP Paribas Phish 2020-04-07
(current_events.rules)
  2841925 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-04-07
(current_events.rules)
  2841926 - ETPRO CURRENT_EVENTS Successful BCP Phish 2020-04-07
(current_events.rules)
  2841927 - ETPRO CURRENT_EVENTS Successful USAA Phish 2020-04-07
(current_events.rules)
  2841928 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-04-07 (current_events.rules)
  2841932 - ETPRO TROJAN Win32/Miancha.iua CnC Activity (trojan.rules)
  2841933 - ETPRO MALWARE AD.QjwMonkey CnC Activity (malware.rules)

 [---]         Disabled rules:        [---]

  2815364 - ETPRO TROJAN Win32/Qbot/Quakbot Checkin via HTTP GET
(trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200407/8b986d73/attachment.html>


More information about the Emerging-updates mailing list