[Emerging-updates] Daily Ruleset Update Summary 2020/02/04

Brandon Murphy bmurphy at emergingthreats.net
Tue Feb 4 15:23:25 HST 2020


[***]            Summary:            [***]

 3 new Open, 25 new Pro (3 + 22). Win32/ServStart.AA, ELF/Mirai,
Win32/Tefosteal Variant, WordPress Plugin DZS-VideoGallery Vuln, Various
Phish

 Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback


[+++]          Added rules:          [+++]

Open:

 2029349 - ET TROJAN CryptoPatronum Ransomware CnC Checkin (trojan.rules)
 2029350 - ET MALWARE Win32/Adware.Agent.NPP CnC Activity (malware.rules)
 2029351 - ET MALWARE GreatArcadeHits CnC Activity (malware.rules)

Pro:

 2840849 - ETPRO TROJAN Win32/ServStart.AA Variant CnC (trojan.rules)
 2840850 - ETPRO TROJAN MalDoc Request for Likely Ursnif Payload 2020-02-04
(trojan.rules)
 2840851 - ETPRO EXPLOIT WordPress Plugin DZS-VideoGallery -  Command
Injection (Outbound) (exploit.rules)
 2840852 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
 2840853 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
 2840854 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-02-04 1) (trojan.rules)
 2840855 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-02-04 2) (trojan.rules)
 2840856 - ETPRO CURRENT_EVENTS Successful Sendgrid/Twilio Phish 2020-02-04
(current_events.rules)
 2840857 - ETPRO CURRENT_EVENTS Successful TalkTalk Phish 2020-02-04
(current_events.rules)
 2840858 - ETPRO CURRENT_EVENTS Successful Denizbank Phish 2020-02-04
(current_events.rules)
 2840859 - ETPRO CURRENT_EVENTS Successful Banco Estado Phish 2020-02-04
(current_events.rules)
 2840860 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
 2840861 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
 2840862 - ETPRO TROJAN Win32/Tefosteal Variant Checkin Response (set)
(trojan.rules)
 2840863 - ETPRO TROJAN Win32/Tefosteal Variant Checkin Response
(trojan.rules)
 2840864 - ETPRO TROJAN Win32/Tefosteal Variant Data Exfil (trojan.rules)
 2840865 - ETPRO TROJAN Win32/Remcos RAT Checkin 331 (trojan.rules)
 2840866 - ETPRO TROJAN Win32/Remcos RAT Checkin 332 (trojan.rules)
 2840867 - ETPRO TROJAN Win32/Remcos RAT Checkin 333 (trojan.rules)
 2840868 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC)
(trojan.rules)
 2840869 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC)
(trojan.rules)
 2840870 - ETPRO TROJAN Observed AZORult CnC Domain in TLS SNI
(trojan.rules)


 [///]     Modified active rules:     [///]

 2009516 - ET TROJAN Generic Win32.Autorun HTTP Post (trojan.rules)
 2011825 - ET TROJAN MUROFET/Licat Trojan (trojan.rules)
 2012139 - ET TROJAN Storm/Waledac 3.0 Checkin 2 (trojan.rules)
 2013047 - ET TROJAN DonBot Checkin (trojan.rules)
 2013168 - ET TROJAN Generic Bot Checkin (trojan.rules)
 2013416 - ET SCAN libwww-perl GET to // with specific HTTP header ordering
without libwww-perl User-Agent (scan.rules)
 2013419 - ET TROJAN FakeAV FakeAlert.Rena or similar Checkin Flowbit Set 2
(trojan.rules)
 2013488 - ET TROJAN Zeus Bot GET to Bing checking Internet connectivity
(trojan.rules)
 2013499 - ET POLICY IncrediMail Install Callback (policy.rules)
 2014113 - ET TROJAN Win32-Dynamer.dtc Reporting (trojan.rules)
 2014119 - ET TROJAN W32/Lici Initial Checkin (trojan.rules)
 2014269 - ET TROJAN Backdoor.Win32.RShot HTTP Checkin (trojan.rules)
 2014330 - ET TROJAN Kelihos/Hlux GET jucheck.exe from CnC (trojan.rules)
 2014542 - ET CURRENT_EVENTS TDS Sutra - redirect received
(current_events.rules)
 2014547 - ET CURRENT_EVENTS TDS Sutra - redirect received
(current_events.rules)
 2014548 - ET CURRENT_EVENTS TDS Sutra - cookie set (current_events.rules)
 2015504 - ET TROJAN ProxyBox - HTTP CnC - POST 1-letter.php (trojan.rules)
 2015897 - ET CURRENT_EVENTS Possible TDS Exploit Kit /flow redirect at .ru
domain (current_events.rules)
 2800914 - ETPRO TROJAN Trojan.Win32.Riancon.ae Checkin (trojan.rules)
 2800919 - ETPRO TROJAN Backdoor.MSIL.Noszbot Checkin POST (trojan.rules)
 2801172 - ETPRO TROJAN Trojan.Win32.Karagany Checkin (trojan.rules)
 2801254 - ETPRO TROJAN Backdoor.Win32.Zewit.A Activity (trojan.rules)
 2801286 - ETPRO TROJAN Trojan.Win32.Lodelit Checkin (trojan.rules)
 2801634 - ETPRO TROJAN Trojan.Win32.PassStealer.wx Checkin (trojan.rules)
 2802209 - ETPRO TROJAN Carberp Checkin first.php related (trojan.rules)
 2802848 - ETPRO TROJAN Backdoor.Win32.Qakbot.E (Initial Load)
(trojan.rules)
 2803201 - ETPRO TROJAN Win32.Antavmu.hsb Checkin (trojan.rules)
 2803263 - ETPRO TROJAN Trataps/Spy.win32.gen/CI.a Post Checkin
(trojan.rules)
 2803616 - ETPRO TROJAN Trojan.Generic.5778957 Checkin (trojan.rules)
 2804018 - ETPRO TROJAN Variant.Graftor.1491 requesting exe (trojan.rules)
 2804429 - ETPRO TROJAN Backdoor.Win32/Kanav.A Checkin (trojan.rules)
 2804456 - ETPRO TROJAN
Trojan-Downloader.Win32.Adload.noq/Trojan.Win32.StartPage.fwx Checkin
(trojan.rules)
 2804482 - ETPRO TROJAN Trojan.PWS.SpySweep.271 Install (trojan.rules)
 2805001 - ETPRO TROJAN HackTool.Win32.VKTools.na Checkin 3 (trojan.rules)
 2805667 - ETPRO TROJAN Backdoor.Win32.Bredolab.absf Checkin (trojan.rules)


 [---]  Disabled and modified rules:  [---]

 2803814 - ETPRO TROJAN ZEUS Retrieving configuration file (trojan.rules)
 2840559 - ETPRO CURRENT_EVENTS Successful VK Phish 2020-01-22
(current_events.rules)


 [---]         Disabled rules:        [---]

 2014750 - ET CURRENT_EVENTS Incognito/RedKit Exploit Kit vulnerable Java
payload request to /1digit.html (current_events.rules)
 2802072 - ETPRO TROJAN Trojan.Win32.Carberp.C Checkin (trojan.rules)
 2804014 - ETPRO TROJAN Trojan.Win32/Malat Checkin (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200204/c8f568e4/attachment.html>


More information about the Emerging-updates mailing list