[Emerging-updates] Daily Ruleset Update Summary 2020/12/31

bmurphy at emergingthreats.net bmurphy at emergingthreats.net
Thu Dec 31 12:54:23 HST 2020


[***]            Summary:            [***]

  3 new OPEN, 16 new PRO (3 + 13). Cobalt Strike, Azula Logger, RedLine, Pop
Smoke, and VARIOUS PHISHING.
  
  Happy New Year!  There will be no release tomorrow as we observe New Years
Day.  

  Good Riddance to Adobe Flash Player. Thanks for all the vulns leveraged by
exploit kits. You will not be missed.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2031469 - ET TROJAN Observed Cobalt Strike CnC Domain in TLS SNI (cs
.lg22l .com) (trojan.rules)
  2031470 - ET TROJAN MSIL/Azula Logger CnC Activity (trojan.rules)
  2031471 - ET USER_AGENTS Suspicious User-Agent Simple Bot
(user_agents.rules)

Pro:

  2846315 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
  2846316 - ETPRO TROJAN Redline - GetTasks Request (trojan.rules)
  2846317 - ETPRO INFO Suspicious Terse Request for .dat (info.rules)
  2846318 - ETPRO TROJAN ELF/Mirai Variant CnC Activity (trojan.rules)
  2846319 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-31 1) (trojan.rules)
  2846320 - ETPRO CURRENT_EVENTS Successful Sparkasse Phish 2020-12-31
(current_events.rules)
  2846321 - ETPRO CURRENT_EVENTS Successful Facebook Gaming Phish 2020-12-31
(current_events.rules)
  2846322 - ETPRO CURRENT_EVENTS Successful Desjardins Phish 2020-12-31
(current_events.rules)
  2846323 - ETPRO TROJAN MSIL/Pop Smoke Discord Token Stealer (trojan.rules)
  2846324 - ETPRO CURRENT_EVENTS Successful RBFCU Phish 2020-12-31
(current_events.rules)
  2846325 - ETPRO CURRENT_EVENTS Successful Pentagon Federal Credit Union
Phish 2020-12-31 (current_events.rules)
  2846326 - ETPRO CURRENT_EVENTS Successful Postbank Phish 2020-12-31
(current_events.rules)
  2846327 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2020-12-31
(current_events.rules)

[///]     Modified active rules:     [///]

  2029855 - ET TROJAN MSIL/Agent.TRM Data Exfil (sysinfo) (trojan.rules)
  2841375 - ETPRO TROJAN Win32/Neshta.A CnC Activity - Retrieving Settings
(trojan.rules)
  2844248 - ETPRO TROJAN Win32/Kryptik.DNFZ Exfiltration (trojan.rules)



More information about the Emerging-updates mailing list