[Emerging-updates] Daily Ruleset Update Summary 2020/01/06

Jack Mott jmott at emergingthreats.net
Mon Jan 6 14:02:12 HST 2020


[***]            Summary:            [***]

  9 new Open, 32 new Pro (9 + 23). Magecart, DonotGroup, Zeoticus
Ransomware, BlackRouter/BlackRoot Ransomware Variants, Win32/KPOT Stealer,
Win32/Remcos, Coinminers and Various Phish.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2029224 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
  2029225 - ET TROJAN Observed Magecart CnC Domain in TLS SNI (trojan.rules)
  2029226 - ET TROJAN Malicious SSL Cert (Magecart) (trojan.rules)
  2029227 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
  2029228 - ET TROJAN Observed Magecart CnC Domain in TLS SNI (trojan.rules)
  2029229 - ET TROJAN Malicious SSL Cert (Magecart) (trojan.rules)
  2029230 - ET TROJAN DonotGroup CnC Domain Observed in DNS Query
(trojan.rules)
  2029231 - ET TROJAN Zeoticus Ransomware CnC Activity (trojan.rules)
  2029232 - ET USER_AGENTS Observed Suspicious UA (DxD) (user_agents.rules)

Pro:

  2840274 - ETPRO TROJAN BlackRouter/BlackRoot Ransomware Variant CnC
Checkin (trojan.rules)
  2840259 - ETPRO TROJAN BlackRouter/BlackRoot Ransomware Variant CnC
Checkin M2 (trojan.rules)
  2840260 - ETPRO CURRENT_EVENTS Successful Minha BV Bank Phish 2020-01-06
(current_events.rules)
  2840261 - ETPRO CURRENT_EVENTS CoinMiner Known Malicious Stratum Authline
(2020-01-04 1) (current_events.rules)
  2840262 - ETPRO CURRENT_EVENTS CoinMiner Known Malicious Stratum Authline
(2020-01-04 2) (current_events.rules)
  2840263 - ETPRO CURRENT_EVENTS CoinMiner Known Malicious Stratum Authline
(2020-01-04 3) (current_events.rules)
  2840264 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-01-06
(current_events.rules)
  2840265 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-01-06 (current_events.rules)
  2840266 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-01-06 (current_events.rules)
  2840267 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2020-01-06
(current_events.rules)
  2840268 - ETPRO CURRENT_EVENTS Successful USAA Phish 2020-01-06
(current_events.rules)
  2840269 - ETPRO CURRENT_EVENTS Successful Microsoft Outlook Phish
2020-01-06 (current_events.rules)
  2840270 - ETPRO TROJAN Win32/KPOT Stealer Initial CnC Activity M3
(trojan.rules)
  2840271 - ETPRO TROJAN Unk.JS/Downloader Activity (trojan.rules)
  2840272 - ETPRO TROJAN Win32/Zpevdo.A CnC Host Checkin (trojan.rules)
  2840273 - ETPRO CURRENT_EVENTS Successful Telstra Phish 2020-01-06
(current_events.rules)
  2840275 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
  2840276 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
  2840279 - ETPRO TROJAN Win32/Remcos RAT Checkin 298 (trojan.rules)
  2840280 - ETPRO TROJAN Win32/Remcos RAT Checkin 299 (trojan.rules)
  2840281 - ETPRO TROJAN Win32/Remcos RAT Checkin 300 (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200106/df394ad4/attachment.html>


More information about the Emerging-updates mailing list