[Emerging-updates] Daily Ruleset Update Summary 2020/01/02

Brandon Murphy bmurphy at emergingthreats.net
Thu Jan 2 15:47:31 HST 2020


[***]            Summary:            [***]

  6 new Open, 38 new Pro (6 + 32). Arechclient2, Lampion, Win32/Zpevdo.A,
Win32/Likseput.B, and Various Phish.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback


[+++]          Added rules:          [+++]

Open:

  2029217 - ET TROJAN Arechclient2 Backdoor CnC Init (trojan.rules)
  2029218 - ET TROJAN Arechclient2 Backdoor CnC Checkin (trojan.rules)
  2029219 - ET TROJAN Arechclient2 Backdoor CnC Keep-Alive (trojan.rules)
  2029220 - ET TROJAN Observed Buran Ransomware UA (trojan.rules)
  2029221 - ET TROJAN Lampion CnC Activity (trojan.rules)
  2029222 - ET TROJAN Kimsuky Operation Blue Estimate CnC Activity
(trojan.rules)

Pro:

  2840192 - ETPRO WEB_CLIENT FakeAV Webpage Reporting System Information
(web_client.rules)
  2840193 - ETPRO WEB_CLIENT FakeAV Landing Page 2020-01-02
(web_client.rules)
  2840194 - ETPRO TROJAN Win32/Unk.Stealer CnC Data Exfil (trojan.rules)
  2840196 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-02 (current_events.rules)
  2840197 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-02 (current_events.rules)
  2840198 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-02 (current_events.rules)
  2840199 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union Phish
2020-01-02 (current_events.rules)
  2840200 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2020-01-02
(current_events.rules)
  2840201 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2020-01-02
(current_events.rules)
  2840202 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-01-02
(current_events.rules)
  2840203 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2020-01-02
(current_events.rules)
  2840204 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2020-01-02
(current_events.rules)
  2840205 - ETPRO CURRENT_EVENTS Successful Turkey Gov TR Phish 2020-01-02
(current_events.rules)
  2840206 - ETPRO CURRENT_EVENTS Successful Turkey Gov TR Phish 2020-01-02
(current_events.rules)
  2840207 - ETPRO CURRENT_EVENTS Successful VBV Phish 2020-01-02
(current_events.rules)
  2840208 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-01-02
(current_events.rules)
  2840209 - ETPRO CURRENT_EVENTS Successful Garanti Bank Phish 2020-01-02
(current_events.rules)
  2840210 - ETPRO CURRENT_EVENTS Successful Gmail Phish 2020-01-02
(current_events.rules)
  2840211 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-02 (current_events.rules)
  2840212 - ETPRO CURRENT_EVENTS Successful TD Bank Phish 2020-01-02
(current_events.rules)
  2840213 - ETPRO CURRENT_EVENTS Successful Nedbank Phish 2020-01-02
(current_events.rules)
  2840214 - ETPRO CURRENT_EVENTS Successful Nedbank Phish 2020-01-02
(current_events.rules)
  2840215 - ETPRO CURRENT_EVENTS Successful Telstra Phish 2020-01-02
(current_events.rules)
  2840216 - ETPRO CURRENT_EVENTS Successful Comcast/Xfinity Phish
2020-01-02 (current_events.rules)
  2840217 - ETPRO TROJAN Win32/Zpevdo.A CnC Host Checkin (trojan.rules)
  2840218 - ETPRO TROJAN Win32/Likseput.B CnC Activity (trojan.rules)
  2840224 - ETPRO TROJAN Win32/Remcos RAT Checkin 295 (trojan.rules)
  2840225 - ETPRO TROJAN Win32/Remcos RAT Checkin 296 (trojan.rules)
  2840226 - ETPRO TROJAN Win32/Remcos RAT Checkin 297 (trojan.rules)
  2840227 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC)
2020-01-02 (trojan.rules)
  2840228 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC)
2020-01-02 (trojan.rules)
  2840229 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC)
2020-01-02 (trojan.rules)


[///]     Modified active rules:     [///]

  2028991 - ET TROJAN Observed Buran Ransomware UA (trojan.rules)
  2029101 - ET TROJAN Observed Buran Ransomware UA (trojan.rules)
  2029176 - ET TROJAN Observed Buran Ransomware UA (trojan.rules)
  2840029 - ETPRO TROJAN Win32/Borr CnC Checkin (trojan.rules)


[---]         Removed rules:         [---]

  2029214 - ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command
Execution Inbound (exploit.rules)
  2837006 - ETPRO TROJAN Observed Malicious SSL Cert (APT33 CnC)
(trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200102/c68c6736/attachment.html>


More information about the Emerging-updates mailing list