[Emerging-updates] Daily Ruleset Update Summary 2020/02/17

James Emery-Callcott jcallcott at emergingthreats.net
Mon Feb 17 14:55:38 HST 2020


[***]            Summary:            [***]

  5 new Open, 18 new Pro (5 + 13).  AZORult, Parallax, Kimsuky, Various
SSL/TLS, Various Phish, Others.

  Thanks @james_inthe_box.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2029471 - ET TROJAN Win32/Sarwent Variant CnC Activity (trojan.rules)
  2029472 - ET TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2029473 - ET SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2029474 - ET TROJAN Win32/Sarwent Initial Checkin (trojan.rules)
  2029475 - ET TROJAN Win32/Sarwent Initial Checkin CnC Response
(trojan.rules)

Pro:

  2841060 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-02-15 1) (trojan.rules)
  2841061 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-02-17 (current_events.rules)
  2841062 - ETPRO CURRENT_EVENTS Successful Zimbra Phish 2020-02-17
(current_events.rules)
  2841063 - ETPRO CURRENT_EVENTS Successful Google Drive Phish 2020-02-17
(current_events.rules)
  2841064 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2020-02-17
(current_events.rules)
  2841065 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2841066 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2841067 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-17 (current_events.rules)
  2841068 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-17 (current_events.rules)
  2841069 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-02-17
(current_events.rules)
  2841070 - ETPRO TROJAN Win32/Presenoker Requesting Batch File M5
(trojan.rules)
  2841071 - ETPRO TROJAN Win32/Presenoker Requesting Batch File M6
(trojan.rules)
  2841072 - ETPRO TROJAN Win32/Remcos RAT Checkin 347 (trojan.rules)

[///]     Modified active rules:     [///]

  2029236 - ET TROJAN Vidar/Arkei/Megumin/Oski Stealer Data Exfil
(trojan.rules)

[---]         Disabled rules:        [---]

  2014471 - ET POLICY DRIVEBY Generic - EXE Download by Java (policy.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200218/57f7f436/attachment.html>


More information about the Emerging-updates mailing list