[Emerging-updates] Daily Ruleset Update Summary 2020/01/10

Jack Mott jmott at emergingthreats.net
Fri Jan 10 13:25:42 HST 2020


[***]            Summary:            [***]

  9 new Open, 44 new Pro (9 + 35). Ursnif SAIGON Variant, PS/PowDesk,
Win32/Agent.UAF, ChikonStealer, Remcos, Various Coinminers and Various
Phish.

  tks: @401TRG, SentialOne/Jason Reaves. TIIF.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2029246 - ET TROJAN Observed DNS Query to Ursnif SAIGON Variant CnC
Domain (trojan.rules)
  2029247 - ET TROJAN Observed DNS Query to Ursnif SAIGON Variant CnC
Domain (trojan.rules)
  2029248 - ET TROJAN Observed DNS Query to Ursnif SAIGON Variant CnC
Domain (trojan.rules)
  2029249 - ET TROJAN Observed DNS Query to Ursnif SAIGON Variant CnC
Domain (trojan.rules)
  2029250 - ET TROJAN Observed DNS Query to Ursnif SAIGON Variant CnC
Domain (trojan.rules)
  2029251 - ET TROJAN Observed DNS Query to Ursnif SAIGON Variant CnC
Domain (trojan.rules)
  2029252 - ET TROJAN Observed DNS Query to Ursnif SAIGON Variant CnC
Domain (trojan.rules)
  2029253 - ET TROJAN [401TRG] PS/PowDesk Checkin (APT34) (trojan.rules)
  2029254 - ET TROJAN DonotGroup CnC Domain Observed in DNS Query
(trojan.rules)

Pro:

  2827129 - ETPRO MALWARE Win32/LightSee.D Variant Checkin (malware.rules)
  2840358 - ETPRO TROJAN Win32/Agent.UAF Variant CnC M1 (trojan.rules)
  2840359 - ETPRO TROJAN Win32/Agent.UAF Variant CnC M2 (trojan.rules)
  2840360 - ETPRO TROJAN Win32/Agent.UAF Variant CnC M3 (trojan.rules)
  2840361 - ETPRO MALWARE Win32/Agent.UAF Adware Activity (malware.rules)
  2840362 - ETPRO TROJAN ChikonStealer CnC Data Exfil (trojan.rules)
  2840363 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2020-01-10) (current_events.rules)
  2840364 - ETPRO TROJAN Observed Malicious SSL Cert (Teamviewer Bot CnC)
(trojan.rules)
  2840365 - ETPRO CURRENT_EVENTS Successful IRS Phish 2020-01-10
(current_events.rules)
  2840366 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-10 1) (trojan.rules)
  2840367 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-10 2) (trojan.rules)
  2840368 - ETPRO CURRENT_EVENTS Successful RBFCU Phish 2020-01-10
(current_events.rules)
  2840369 - ETPRO CURRENT_EVENTS Successful Western Union Phish 2020-01-10
(current_events.rules)
  2840370 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-10 (current_events.rules)
  2840371 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-01-10
(current_events.rules)
  2840372 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish
2020-01-10 (current_events.rules)
  2840373 - ETPRO CURRENT_EVENTS Successful Banco Estado Phish 2020-01-10
(current_events.rules)
  2840374 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2020-01-10
(current_events.rules)
  2840375 - ETPRO CURRENT_EVENTS Successful Netease 163 Phish 2020-01-10
(current_events.rules)
  2840376 - ETPRO CURRENT_EVENTS Successful Nedbank Phish 2020-01-10
(current_events.rules)
  2840377 - ETPRO CURRENT_EVENTS Successful Apple iCloud Phish 2020-01-10
(current_events.rules)
  2840378 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-10 (current_events.rules)
  2840379 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-10 (current_events.rules)
  2840380 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2840381 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2840382 - ETPRO TROJAN Win32/QQWare Variant Checkin (trojan.rules)
  2840383 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
  2840384 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
  2840386 - ETPRO TROJAN Win32/Remcos RAT Checkin 302 (trojan.rules)
  2840387 - ETPRO TROJAN Win32/Remcos RAT Checkin 303 (trojan.rules)
  2840388 - ETPRO TROJAN Win32/Remcos RAT Checkin 304 (trojan.rules)
  2840389 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2840390 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC)
(trojan.rules)
  2840391 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC)
2020-01-10 (trojan.rules)

 [///]     Modified active rules:     [///]

  2815847 - ETPRO TROJAN Win32/TrojanClicker.VB.OJQ Variant Checkin
(trojan.rules)
  2816654 - ETPRO TROJAN MSIL/Agent.AJN Variant Checkin (trojan.rules)
  2825913 - ETPRO TROJAN W32/Ramnit.A Downloader Request (trojan.rules)
  2838234 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-08-29 (current_events.rules)
  2840356 - ETPRO TROJAN Clown Ransomware Telegram Checkin (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200110/048d9e0a/attachment.html>


More information about the Emerging-updates mailing list