[Emerging-updates] Daily Ruleset Update Summary 2020/12/10

bmurphy at emergingthreats.net bmurphy at emergingthreats.net
Thu Dec 10 13:24:03 HST 2020


[***]            Summary:            [***]

  1 new OPEN, 29 new PRO (1 + 28). Cobalt Strike, Android FreeEeggs, AZORult
and VARIOUS PHISHING.
  
  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2031315 - ET TROJAN APT28/Sofacy Zebrocy CnC DNS Lookup (support-cloud
.life) (trojan.rules)

Pro:

  2845951 - ETPRO MOBILE_MALWARE Android FreeEggs Checkin
(mobile_malware.rules)
  2845952 - ETPRO MOBILE_MALWARE Android Hiddad Checkin
(mobile_malware.rules)
  2845953 - ETPRO MOBILE_MALWARE Android Triada.fxjp Checkin
(mobile_malware.rules)
  2845954 - ETPRO MOBILE_MALWARE Android XuanMing Checkin
(mobile_malware.rules)
  2845955 - ETPRO MOBILE_MALWARE Android LoadBlast Checkin
(mobile_malware.rules)
  2845956 - ETPRO MOBILE_MALWARE Android/Monitor.Reptilicus.F CnC Beacon
(mobile_malware.rules)
  2845957 - ETPRO MOBILE_MALWARE Android/Monitor.Reptilicus.F CnC Beacon 2
(mobile_malware.rules)
  2845958 - ETPRO MOBILE_MALWARE Trojan.Android.Spy.fhcalt CnC Beacon
(mobile_malware.rules)
  2845959 - ETPRO MOBILE_MALWARE Android/Monitor.PanSpy.C Reporting Location
(mobile_malware.rules)
  2845960 - ETPRO MOBILE_MALWARE Android/Monitor.PanSpy.C Reporting Wifi
Logs (mobile_malware.rules)
  2845961 - ETPRO MOBILE_MALWARE Android/Monitor.PanSpy.C Reporting Device
Info (mobile_malware.rules)
  2845962 - ETPRO MOBILE_MALWARE Android Sangria Checkin
(mobile_malware.rules)
  2845963 - ETPRO TROJAN Cobalt Strike Malleable C2 (Custom Webex Profile)
(trojan.rules)
  2845964 - ETPRO TROJAN Observed Cobalt Strike Domain in TLS SNI
(trojan.rules)
  2845965 - ETPRO TROJAN Win32/Chapak.emqd Stealer Exfiltrating System
Information (trojan.rules)
  2845966 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-10 1) (trojan.rules)
  2845967 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-10 2) (trojan.rules)
  2845968 - ETPRO CURRENT_EVENTS Successful Banco de la Ciudad Phish
2020-12-10 (current_events.rules)
  2845969 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-12-10
(current_events.rules)
  2845970 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-12-10
(current_events.rules)
  2845971 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish 2020-12-10
(current_events.rules)
  2845972 - ETPRO CURRENT_EVENTS Successful GCI Phish 2020-12-10
(current_events.rules)
  2845973 - ETPRO CURRENT_EVENTS Successful Amex Phish 2020-12-10
(current_events.rules)
  2845974 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish 2020-12-10
(current_events.rules)
  2845975 - ETPRO CURRENT_EVENTS Successful Getform.io Hosted Phish
2020-12-10 (current_events.rules)
  2845976 - ETPRO CURRENT_EVENTS Successful IRS Phish 2020-12-10
(current_events.rules)
  2845977 - ETPRO CURRENT_EVENTS Successful Indeed Phish 2020-12-10
(current_events.rules)
  2845978 - ETPRO TROJAN Observed AZORult CnC Domain in TLS SNI
(trojan.rules)

[///]     Modified active rules:     [///]

  2015980 - ET CURRENT_EVENTS Successful Google Account Phish Dec 04 2012
(current_events.rules)
  2024387 - ET CURRENT_EVENTS Possible Docusign Phishing Landing - Title
over non SSL (current_events.rules)
  2031313 - ET TROJAN APT LuckyMouse Polpo Malware CnC (trojan.rules)
  2031314 - ET TROJAN APT LuckyMouse Polpo Malware CnC (trojan.rules)
  2824134 - ETPRO CURRENT_EVENTS Successful Generic Phish (Meta HTTP-Equiv
Refresh) Dec 29 2016 (current_events.rules)
  2825169 - ETPRO CURRENT_EVENTS Successful Fidelity Phish Mar 1 2017
(current_events.rules)
  2830486 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2018-04-19
(current_events.rules)
  2837530 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-07-16 (current_events.rules)
  2837831 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-08-02 (current_events.rules)
  2839213 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-11-04 (current_events.rules)
  2845937 - ETPRO CURRENT_EVENTS Successful Volksbanken Phish 2020-12-09
(current_events.rules)



More information about the Emerging-updates mailing list