[Emerging-updates] Daily Ruleset Update Summary 2020/12/29

bmurphy at emergingthreats.net bmurphy at emergingthreats.net
Tue Dec 29 13:21:56 HST 2020


[***]            Summary:            [***]

 

  7 new OPEN, 18 new PRO (7 + 11). PurpleFox EK, DarkSide Ransomware, and
Win64/Kryptik.BZY CnC.

 

  Thanks: @nao_sec.

 

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

 

[+++]          Added rules:          [+++]

 

Open:

 

  2031459 - ET EXPLOIT Possible SolarWinds Orion API Local File Disclosure
(web.config) (exploit.rules)

  2031460 - ET EXPLOIT Possible SolarWinds Orion API Local File Disclosure
(SWNetPerfMon.db) (exploit.rules)

  2031461 - ET CURRENT_EVENTS PurpleFox EK Domain in DNS Lookup
(current_events.rules)

  2031462 - ET TROJAN Possible PurpleFox EK Framework URI Struct Payload
Request M1 (trojan.rules)

  2031463 - ET TROJAN Possible PurpleFox EK Redirect (trojan.rules)

  2031464 - ET POLICY Win32/Ymacco.AA2F Checking (Multiple OS)
(policy.rules)

  2031465 - ET POLICY Win32/Ymacco.AA2F Checking (Multiple OS)
(policy.rules)

 

Pro:

 

  2846284 - ETPRO TROJAN DarkSide Ransomware CnC Activity (trojan.rules)

  2846285 - ETPRO TROJAN DarkSide Ransomware Server Response (trojan.rules)

  2846286 - ETPRO TROJAN Observed Malicious SSL Cert (Win64/Kryptik.BZY CnC)
(trojan.rules)

  2846287 - ETPRO TROJAN Win64/Kryptik.BZY CnC Activity (trojan.rules)

  2846288 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-29 1) (trojan.rules)

  2846289 - ETPRO CURRENT_EVENTS Successful redit Card Information Phish
2020-12-29 (current_events.rules)

  2846290 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-12-29 (current_events.rules)

  2846291 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-12-29 (current_events.rules)

  2846292 - ETPRO CURRENT_EVENTS Successful TD Bank Phish 2020-12-29
(current_events.rules)

  2846293 - ETPRO TROJAN Observed DarkSide Ransomware CnC Domain in TLS SNI
(trojan.rules)

  2846294 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2020-12-29
(current_events.rules)

 

[///]     Modified active rules:     [///]

 

  2809127 - ETPRO MALWARE PUP.3lsoft Checkin (malware.rules)

  2844133 - ETPRO TROJAN DCRat Initial Checkin Server Response
(trojan.rules)

  2846256 - ETPRO TROJAN DCRat Initial Checkin Server Response M2
(trojan.rules)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20201229/d8aad5b7/attachment.html>


More information about the Emerging-updates mailing list