[Emerging-updates] Daily Ruleset Update Summary 2020/01/14

James Emery-Callcott jcallcott at emergingthreats.net
Tue Jan 14 15:27:55 HST 2020


[***]            Summary:            [***]

  5 new Open, 20 new Pro (5 + 15).  Emotet, MustangPanda, Various Phish,
Various SSL/TLS.

  Thanks gmcirt.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2029275 - ET TROJAN Observed Possible PowerSploit/PowerView .ps1 Inbound
(trojan.rules)
  2029276 - ET TROJAN PowerSploit/PowerView SMTP Data Exfil (trojan.rules)
  2029277 - ET TROJAN Observed Certificate Containing Double Base64 Encoded
Executable Inbound (trojan.rules)
  2029278 - ET TROJAN Observed Certificate Containing Possible Base64
Encoded Powershell Inbound (trojan.rules)
  2029279 - ET TROJAN Win32/Emotet CnC Activity (POST) M7 (trojan.rules)

Pro:

  2840420 - ETPRO TROJAN Icefrog/Temp.Trident Domain Observed (trojan.rules)
  2840418 - ETPRO TROJAN Observed Certificate Containing Base64 Encoded
AutoIt Script Inbound (trojan.rules)
  2840419 - ETPRO TROJAN Observed Malicious SSL Cert (APT/MustangPanda
Stager) (trojan.rules)
  2840421 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-14 1) (trojan.rules)
  2840422 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-14 2) (trojan.rules)
  2840423 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-14 3) (trojan.rules)
  2840424 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-14 4) (trojan.rules)
  2840425 - ETPRO CURRENT_EVENTS Successful Cpanel Update Password Phish
2020-01-14 (current_events.rules)
  2840426 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-01-14 (current_events.rules)
  2840427 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-14 (current_events.rules)
  2840428 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-14 (current_events.rules)
  2840429 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-14 (current_events.rules)
  2840430 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-14 (current_events.rules)
  2840431 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-14 (current_events.rules)
  2840432 - ETPRO TROJAN Observed Malicious SSL Cert (Phishing)
(trojan.rules)

[///]     Modified active rules:     [///]

  2016795 - ET TROJAN TROJ_NAIKON.A SSL Cert (trojan.rules)
  2840274 - ETPRO TROJAN BlackRouter/BlackRoot Ransomware Variant CnC
Checkin (trojan.rules)
  2840355 - ETPRO MALWARE Win32/Adposhel.gen CnC Activity (malware.rules)
  2827897 - ETPRO EXPLOIT MP4 Atom Parser Vulnerability Inbound M1
(CVE-2017-11281) (exploit.rules)
  2827898 - ETPRO EXPLOIT MP4 Atom Parser Vulnerability Inbound M2
(CVE-2017-11281) (exploit.rules)
  2840274 - ETPRO TROJAN BlackRouter/BlackRoot Ransomware Variant CnC
Checkin (trojan.rules)
  2840355 - ETPRO MALWARE Win32/Adposhel.gen CnC Activity (malware.rules)

[///]    Modified inactive rules:    [///]

  2014577 - ET CURRENT_EVENTS Italian Spam Campaign ZIP with EXE Containing
Many Underscores (current_events.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200115/5a4619bd/attachment.html>


More information about the Emerging-updates mailing list