[Emerging-updates] Daily Ruleset Update Summary 2020/01/21

Jason Williams jwilliams at emergingthreats.net
Tue Jan 21 13:48:18 HST 2020


[***]            Summary:            [***]

  2 new Open, 37 new Pro (2 + 35). 2020-0674, Nexus Stealer, Magecart, and
Various Phishing.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

 Open:

  2029297 - ET TROJAN MageCart CnC Domain Observed in DNS Query
(trojan.rules)
  2029298 - ET TROJAN Nexus Stealer CnC Data Exfil (trojan.rules)

 Pro:

  2840514 - ETPRO TROJAN ELF/Gafgyt Variant Reporting Arch Type (i686)
(trojan.rules)
  2840515 - ETPRO TROJAN ELF/Gafgyt Variant Reporting Arch Type (i586)
(trojan.rules)
  2840516 - ETPRO TROJAN ELF/Gafgyt/Mirai Cayosin Variant CnC Server
Message (trojan.rules)
  2840517 - ETPRO EXPLOIT Possible CVE-2020-0674 Internet Explorer Remote
Code Execution (exploit.rules)
  2840518 - ETPRO INFO Suspicious JScript Browser Downgrade M1 (info.rules)
  2840519 - ETPRO INFO Suspicious JScript Browser Downgrade M2 (info.rules)
  2840520 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-18 1) (trojan.rules)
  2840521 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2020-01-21
(current_events.rules)
  2840522 - ETPRO CURRENT_EVENTS Successful Vodafone Phish 2020-01-21
(current_events.rules)
  2840523 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-01-21
(current_events.rules)
  2840524 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-01-21
(current_events.rules)
  2840525 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-01-21
(current_events.rules)
  2840526 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2020-01-21
(current_events.rules)
  2840527 - ETPRO CURRENT_EVENTS Successful OurTime Phish 2020-01-21
(current_events.rules)
  2840528 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-01-21
(current_events.rules)
  2840529 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-21 (current_events.rules)
  2840530 - ETPRO CURRENT_EVENTS Successful Docusign Phish 2020-01-21
(current_events.rules)
  2840531 - ETPRO CURRENT_EVENTS Successful Banco Original Phish 2020-01-21
(current_events.rules)
  2840532 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-01-21
(current_events.rules)
  2840533 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-01-21
(current_events.rules)
  2840534 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-01-21 (current_events.rules)
  2840535 - ETPRO CURRENT_EVENTS Successful Generic Form Phish 2020-01-21
(current_events.rules)
  2840536 - ETPRO CURRENT_EVENTS Successful Generic Shared Document Phish
2020-01-21 (current_events.rules)
  2840537 - ETPRO CURRENT_EVENTS Successful Nubank Phish 2020-01-21
(current_events.rules)
  2840538 - ETPRO CURRENT_EVENTS Successful Microsoft Update Your Account
Phish 2020-01-21 (current_events.rules)
  2840539 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-01-21
(current_events.rules)
  2840540 - ETPRO TROJAN Win32/Agent.AAPH Variant CnC (trojan.rules)
  2840541 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2020-01-21 (current_events.rules)
  2840542 - ETPRO TROJAN Observed Malicious SSL Cert (BoA Phish)
(trojan.rules)
  2840543 - ETPRO TROJAN Win32/TrojanClicker.Agent.OAR Variant CnC Activity
(trojan.rules)
  2840544 - ETPRO TROJAN Win32/Remcos RAT Checkin 312 (trojan.rules)
  2840545 - ETPRO TROJAN Win32/Remcos RAT Checkin 313 (trojan.rules)
  2840546 - ETPRO TROJAN Win32/Remcos RAT Checkin 314 (trojan.rules)
  2840547 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2840548 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC)
2020-01-21 (trojan.rules)

 [///]     Modified active rules:     [///]

  2028963 - ET TROJAN DADJOKE/Rail Tycoon Initial Macro Execution
(trojan.rules)
  2028964 - ET TROJAN DADJOKE/Rail Tycoon Payload Extraction (trojan.rules)
  2028965 - ET TROJAN DADJOKE/Rail Tycoon Payload Execution (trojan.rules)
  2029206 - ET EXPLOIT Possible Citrix Application Delivery Controller
Arbitrary Code Execution Attempt (CVE-2019-19781) (exploit.rules)
  2839490 - ETPRO TROJAN ELF/Gafgyt Variant Reporting Arch Type (x86)
(trojan.rules)

 [---]         Removed rules:         [---]

  2029297 - ET MALWARE MageCart CnC Domain Observed in DNS Query
(malware.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200121/5a3ee3ab/attachment.html>


More information about the Emerging-updates mailing list