[Emerging-updates] Daily Ruleset Update Summary 2020/12/17

Jack Mott jmott at emergingthreats.net
Thu Dec 17 13:48:00 HST 2020


[***]            Summary:            [***]

14 new OPEN, 41 new PRO (14 + 27). SystemBC CnC, PhantomNet/Sanager CnC,
Android/MicroShiva, ELF/Gafgyt Variant, MSIL/Agent.DEB CnC, MSIL/VexioPL
InfoStealer, Coinminers, VARIOUS PHISH.

Thanks: @James_inthe_Box

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2031419 - ET TROJAN Observed SystemBC CnC Domain in DNS Query
(trojan.rules)
  2031420 - ET TROJAN Observed SystemBC CnC Domain in DNS Query
(trojan.rules)
  2031421 - ET TROJAN Observed SystemBC CnC Domain in DNS Query
(trojan.rules)
  2031422 - ET TROJAN Observed SystemBC CnC Domain in DNS Query
(trojan.rules)
  2031423 - ET TROJAN Observed SystemBC CnC Domain in DNS Query
(trojan.rules)
  2031424 - ET TROJAN Observed SystemBC CnC Domain in DNS Query
(trojan.rules)
  2031425 - ET TROJAN Observed SystemBC CnC Domain in DNS Query
(trojan.rules)
  2031426 - ET TROJAN Observed SystemBC CnC Domain in DNS Query
(trojan.rules)
  2031427 - ET TROJAN Observed SystemBC CnC Domain in DNS Query
(trojan.rules)
  2031428 - ET TROJAN Observed SystemBC CnC Domain in DNS Query
(trojan.rules)
  2031429 - ET WEB_SERVER Generic Webshell Accessed on Internal Compromised
Server (web_server.rules)
  2031430 - ET WEB_CLIENT Generic Webshell Accessed on External Compromised
Server (web_client.rules)
  2031431 - ET TROJAN PhantomNet/Sanager CnC Domain in DNS Lookup
(vgca.homeunix .org) (trojan.rules)
  2031432 - ET TROJAN PhantomNet/Smanager CnC Domain in DNS Lookup
(office365.blogdns .com) (trojan.rules)

Pro:

  2846073 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.Agent.by1r CnC Beacon
(mobile_malware.rules)
  2846074 - ETPRO MOBILE_MALWARE Android MicroShiva Checkin
(mobile_malware.rules)
  2846075 - ETPRO MOBILE_MALWARE Android Echa Reporting Contact List
(mobile_malware.rules)
  2846076 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Jocker.gb Checkin
(mobile_malware.rules)
  2846077 - ETPRO MOBILE_MALWARE Android EightBall CnC Beacon
(mobile_malware.rules)
  2846078 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.adn Checkin
(mobile_malware.rules)
  2846079 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.adn Checkin 2
(mobile_malware.rules)
  2846080 - ETPRO TROJAN ELF/Gafgyt Variant CnC Checkin (trojan.rules)
  2846081 - ETPRO TROJAN ELF/Gafgyt Variant Server Response (trojan.rules)
  2846082 - ETPRO TROJAN ELF/Gafgyt Variant CnC Checkin (trojan.rules)
  2846083 - ETPRO POLICY Observed SSL Cert (HashVault Monero Crypto Mining
Pool) (policy.rules)
  2846084 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
  2846085 - ETPRO TROJAN MSIL/Agent.DEB CnC Activity M2 (trojan.rules)
  2846086 - ETPRO TROJAN MalDoc Retrieving Payload 2020-12-17 (trojan.rules)
  2846087 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-17 1) (trojan.rules)
  2846088 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-17 2) (trojan.rules)
  2846089 - ETPRO CURRENT_EVENTS Successful ANZ Phish 2020-12-17
(current_events.rules)
  2846090 - ETPRO CURRENT_EVENTS Successful Keybank Phish 2020-12-17
(current_events.rules)
  2846091 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish 2020-12-17
(current_events.rules)
  2846092 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2020-12-17
(current_events.rules)
  2846093 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2020-12-17
(current_events.rules)
  2846094 - ETPRO CURRENT_EVENTS Successful Discover Phish 2020-12-17
(current_events.rules)
  2846095 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-12-17
(current_events.rules)
  2846096 - ETPRO TROJAN MSIL/Agent.DEB CnC Activity (trojan.rules)
  2846097 - ETPRO TROJAN MSIL/VexioPL InfoStealer Data Exfil M1
(trojan.rules)
  2846098 - ETPRO TROJAN MSIL/VexioPL InfoStealer Data Exfil M2
(trojan.rules)
  2846099 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-12-17
(current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20201217/8bf80e6e/attachment.html>


More information about the Emerging-updates mailing list