[Emerging-updates] Daily Ruleset Update Summary 2020/04/10

Jason Williams jwilliams at emergingthreats.net
Fri Apr 10 14:22:32 HDT 2020


[***]            Summary:            [***]

  25 Open, 38 Pro (25 + 13). DACLS RAT, Lemon Duck, Various Webshells,
Various Phish.

  Suricata 2/3 Support from Emerging Threats will become End-Of-Life on
April 15th, 2020.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

 [+++]          Added rules:          [+++]

 Open:

  2029856 - ET TROJAN Possible DACLS RAT CnC (Log Check) (trojan.rules)
  2029857 - ET WEB_CLIENT Tech Support Scam 2020-04-10 (web_client.rules)
  2029858 - ET CURRENT_EVENTS OneDrive Phishing Landing 2020-04-10
(current_events.rules)
  2029859 - ET WEB_CLIENT WSO 2.6 Webshell Accessed on External Compromised
Server (web_client.rules)
  2029860 - ET WEB_SERVER WSO 2.6 Webshell Accessed on Internal Compromised
Server (web_server.rules)
  2029861 - ET WEB_CLIENT WSO 2.5 Webshell Accessed on External Compromised
Server (web_client.rules)
  2029862 - ET WEB_SERVER WSO 2.5 Webshell Accessed on Internal Compromised
Server (web_server.rules)
  2029863 - ET WEB_CLIENT X-Sec Webshell Accessed on External Compromised
Server (web_client.rules)
  2029864 - ET WEB_SERVER X-Sec Webshell Accessed on Internal Compromised
Server (web_server.rules)
  2029865 - ET WEB_CLIENT ALFA TEaM Webshell Accessed on External
Compromised Server (web_client.rules)
  2029866 - ET WEB_SERVER ALFA TEaM Webshell Accessed on Internal
Compromised Server (web_server.rules)
  2029867 - ET WEB_CLIENT WSO 4.2.5 Webshell Accessed on External
Compromised Server (web_client.rules)
  2029868 - ET WEB_SERVER WSO 4.2.5 Webshell Accessed on Internal
Compromised Server (web_server.rules)
  2029869 - ET WEB_CLIENT WSO 4.2.6 Webshell Accessed on External
Compromised Server (web_client.rules)
  2029870 - ET WEB_SERVER WSO 4.2.6 Webshell Accessed on Internal
Compromised Server (web_server.rules)
  2029871 - ET WEB_CLIENT Kageyama Webshell Accessed on External
Compromised Server (web_client.rules)
  2029872 - ET WEB_SERVER Kageyama Webshell Accessed on Internal
Compromised Server (web_server.rules)
  2029873 - ET WEB_CLIENT Generic WSO Webshell Accessed on External
Compromised Server (web_client.rules)
  2029874 - ET WEB_SERVER Generic WSO Webshell Accessed on Internal
Compromised Server (web_server.rules)
  2029875 - ET WEB_CLIENT MINI MO Webshell Accessed on External Compromised
Server (web_client.rules)
  2029876 - ET WEB_SERVER MINI MO Webshell Accessed on Internal Compromised
Server (web_server.rules)
  2029877 - ET CURRENT_EVENTS OneDrive Phishing Landing 2020-04-10
(current_events.rules)
  2029878 - ET CURRENT_EVENTS Instagram Phishing Landing 2020-04-10
(current_events.rules)
  2029879 - ET TROJAN Possible DACLS RAT CnC (Log Server Reporting)
(trojan.rules)
  2029880 - ET TROJAN Possible DACLS RAT Log Collector Download
(trojan.rules)

 Pro:

  2841976 - ETPRO TROJAN Lemon_Duck Powershell CnC Checkin M3 (trojan.rules)
  2841977 - ETPRO TROJAN Lemon_Duck Powershell Requesting Payload M1
(trojan.rules)
  2841978 - ETPRO TROJAN Lemon_Duck Powershell Requesting Payload M2
(trojan.rules)
  2841979 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2020-04-10
(current_events.rules)
  2841980 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-04-10 1) (trojan.rules)
  2841981 - ETPRO CURRENT_EVENTS Successful UniCredit Phish 2020-04-10
(current_events.rules)
  2841982 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-04-10 (current_events.rules)
  2841983 - ETPRO CURRENT_EVENTS Successful UBI Banca Phish 2020-04-10
(current_events.rules)
  2841984 - ETPRO CURRENT_EVENTS Successful Turbotax Phish 2020-04-10
(current_events.rules)
  2841985 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2020-04-10
(current_events.rules)
  2841986 - ETPRO CURRENT_EVENTS Successful Godaddy Phish 2020-04-10
(current_events.rules)
  2841987 - ETPRO CURRENT_EVENTS Successful ABN AMRO Phish 2020-04-10
(current_events.rules)
  2841988 - ETPRO CURRENT_EVENTS Successful Camden National Bank Phish
2020-04-10 (current_events.rules)

 [///]     Modified active rules:     [///]

  2027762 - ET USER_AGENTS AnyDesk Remote Desktop Software User-Agent
(user_agents.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200410/e20b765c/attachment.html>


More information about the Emerging-updates mailing list