[Emerging-updates] Daily Ruleset Update Summary 2020/01/08

Jack Mott jmott at emergingthreats.net
Wed Jan 8 13:52:16 HST 2020


[***]            Summary:            [***]

  6 new Open, 26 new Pro (6 + 20). Rarog, Oski, Magician/M461c14n
Ransomware, MuddyWater DNSClient, Remcos, Various Coinminers and Various
Phish.

  tks: @malwrhunterteam

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2029235 - ET TROJAN Win32/Rarog Stealer CnC Checkin (trojan.rules)
  2029236 - ET TROJAN Win32/Oski Stealer Data Exfil (trojan.rules)
  2029237 - ET TROJAN Magician/M461c14n Ransomware CnC Checkin
(trojan.rules)
  2029238 - ET MALWARE Legion Loader Activity Observed (malware.rules)
  2029239 - ET TROJAN DonotGroup Staging Domain Observed in DNS Query
(trojan.rules)
  2029240 - ET TROJAN Win32/Filecoder.NZK Variant (trojan.rules)

Pro:

  2840313 - ETPRO TROJAN Observed DNS Query to MuddyWater DNSClient Domain
(trojan.rules)
  2840314 - ETPRO TROJAN Observed DNS Query to MuddyWater DNSClient Domain
(trojan.rules)
  2840315 - ETPRO POLICY Observed HTTP Request to *.pythonanywhere .com
Domain (policy.rules)
  2840316 - ETPRO USER_AGENTS Observed Suspicious UA (HttpSend)
(user_agents.rules)
  2840317 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-08 1) (trojan.rules)
  2840318 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-08 2) (trojan.rules)
  2840319 - ETPRO CURRENT_EVENTS Successful My3 Phish 2020-01-08
(current_events.rules)
  2840320 - ETPRO CURRENT_EVENTS Successful AOL Phish 2020-01-08
(current_events.rules)
  2840321 - ETPRO CURRENT_EVENTS Successful Agibank Phish 2020-01-08
(current_events.rules)
  2840322 - ETPRO CURRENT_EVENTS Successful BNP Paribas Phish 2020-01-08
(current_events.rules)
  2840323 - ETPRO CURRENT_EVENTS Successful BNP Paribas Phish 2020-01-08
(current_events.rules)
  2840324 - ETPRO CURRENT_EVENTS Successful DHL Phish 2020-01-08
(current_events.rules)
  2840325 - ETPRO CURRENT_EVENTS Successful Verified by Visa Phish
2020-01-08 (current_events.rules)
  2840326 - ETPRO CURRENT_EVENTS Successful Apple Phish 2020-01-08
(current_events.rules)
  2840327 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-01-08 (current_events.rules)
  2840328 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi CnC)
(trojan.rules)
  2840329 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
  2840330 - ETPRO TROJAN Win32/Agent.AAON Variant Checkin (trojan.rules)
  2840331 - ETPRO TROJAN Win32/Agent.AAON Variant Downloading Stage 2
(trojan.rules)
  2840332 - ETPRO TROJAN Win32/Remcos RAT Checkin 301 (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200108/a72a4441/attachment.html>


More information about the Emerging-updates mailing list