[Emerging-updates] Daily Ruleset Update Summary 2020/01/07

Jack Mott jmott at emergingthreats.net
Tue Jan 7 14:22:46 HST 2020


[***]            Summary:            [***]

  2 new Open, 33 new Pro (2 + 31). AstroBot, Mermaid Ransomware, Parallax
CnC Activity, APT33 PowerShell Implant, Various Suspicious Zipped Filename
in Outbound POST Request, Various Coinminers and Various Phish.

  tks: @malwrhunterteam

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2029233 - ET TROJAN AstroBot CnC Activity (trojan.rules)
  2029234 - ET TROJAN Mermaid Ransomware Variant CnC Activity M1
(trojan.rules)

Pro:

  2840282 - ETPRO USER_AGENTS Observed Suspicious UA (getcmd)
(user_agents.rules)
  2840283 - ETPRO USER_AGENTS Observed Suspicious UA (Internet Explorer
8.0) (user_agents.rules)
  2840284 - ETPRO MALWARE Win32/CNighPull Activity (malware.rules)
  2840285 - ETPRO POLICY Observed PandaCoin User-Agent (policy.rules)
  2840286 - ETPRO POLICY Observed PandaCoin P2P Activity (policy.rules)
  2840287 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST
Request (Filezilla/sitemanager.xml) (trojan.rules)
  2840288 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST
Request (Browsers.txt) (trojan.rules)
  2840289 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST
Request (Domains.txt) (trojan.rules)
  2840290 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST
Request (screen.) (trojan.rules)
  2840291 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST
Request (UserAgents.txt) (trojan.rules)
  2840292 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-06 1) (trojan.rules)
  2840293 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-06 2) (trojan.rules)
  2840294 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-06 3) (trojan.rules)
  2840295 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-06 4) (trojan.rules)
  2840296 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-06 5) (trojan.rules)
  2840297 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-06 6) (trojan.rules)
  2840298 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish
2020-01-07 (current_events.rules)
  2840299 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-07 (current_events.rules)
  2840300 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-07 (current_events.rules)
  2840301 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-07 (current_events.rules)
  2840302 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-07
(current_events.rules)
  2840303 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-01-07
(current_events.rules)
  2840304 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-07 (current_events.rules)
  2840305 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-07 (current_events.rules)
  2840306 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-07 (current_events.rules)
  2840307 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2020-01-07
(current_events.rules)
  2840308 - ETPRO TROJAN Parallax CnC Activity M4 (set) (trojan.rules)
  2840309 - ETPRO TROJAN Parallax CnC Activity M4 (trojan.rules)
  2840311 - ETPRO TROJAN Suspected APT33 PowerShell Implant CnC Activity M2
(trojan.rules)
  2840312 - ETPRO TROJAN Suspected APT33 PowerShell Implant CnC Activity M1
(trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200107/4c639b2a/attachment.html>


More information about the Emerging-updates mailing list