[Emerging-updates] Daily Ruleset Update Summary 2020/01/15

James Emery-Callcott jcallcott at emergingthreats.net
Wed Jan 15 16:35:20 HST 2020


[***]            Summary:            [***]

  2 new Open, 24 new Pro (2 + 22).  SMS-Bomber, Gafygt, Remcos, Various
Phish.

  Thanks @james_inthe_box.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2029280 - ET TROJAN Observed Certificate Base64 Encoded Executable
Inbound (trojan.rules)
  2029281 - ET TROJAN SMS-Bomber Activity (trojan.rules)

Pro:

  2840433 - ETPRO TROJAN Win32/Agent.ZPC CnC Checkin (trojan.rules)
  2840434 - ETPRO MALWARE Win32/Slimware SlimDrivers Activity
(malware.rules)
  2840435 - ETPRO TROJAN ELF/Gafygt Variant Checkin (trojan.rules)
  2840436 - ETPRO TROJAN ELF/Gafygt Variant CnC Server Response
(trojan.rules)
  2840437 - ETPRO TROJAN ELF/Mirai Variant Checkin (trojan.rules)
  2840440 - ETPRO TROJAN Win32/Remcos RAT Checkin 308 (trojan.rules)
  2840441 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-15 1) (trojan.rules)
  2840442 - ETPRO CURRENT_EVENTS Successful Raiffeisen Bank Phish
2020-01-15 (current_events.rules)
  2840443 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-01-15
(current_events.rules)
  2840444 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-15 (current_events.rules)
  2840445 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-15 (current_events.rules)
  2840446 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-15 (current_events.rules)
  2840447 - ETPRO CURRENT_EVENTS Successful Banco Bradesco Phish 2020-01-15
(current_events.rules)
  2840448 - ETPRO CURRENT_EVENTS Successful Banco Bradesco Phish 2020-01-15
(current_events.rules)
  2840449 - ETPRO TROJAN Win32/TrojanDownloader.Agent.EXH Configuration
Download (trojan.rules)
  2840450 - ETPRO CURRENT_EVENTS Successful MKB Bank Phish 2020-01-15
(current_events.rules)
  2840451 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-01-15
(current_events.rules)
  2840452 - ETPRO CURRENT_EVENTS Successful Optimum Phish 2020-01-15
(current_events.rules)
  2840453 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2020-01-15
(current_events.rules)
  2840454 - ETPRO CURRENT_EVENTS Successful Nubank Phish 2020-01-15
(current_events.rules)
  2840455 - ETPRO TROJAN Inbound Base64 Executable with Substitution
Obfuscation (trojan.rules)
  2840456 - ETPRO TROJAN Observed Malicious SSL Cert (Malhost)
(trojan.rules)

 [---]  Disabled and modified rules:  [---]

  2027561 - ET CURRENT_EVENTS Generic Miarroba Phishing Landing
(current_events.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200116/a0babc0e/attachment.html>


More information about the Emerging-updates mailing list