[Emerging-updates] Daily Ruleset Update Summary 2020/01/31

Jack Mott jmott at emergingthreats.net
Fri Jan 31 14:43:35 HST 2020


[***]            Summary:            [***]

  4 new Open, 27 new Pro (4 + 23). Amadey, Winnti, Kinstaller, Various
Phish, Win32/Remcos, Coinminers.

TIIF.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

 [+++]          Added rules:          [+++]

Open:

  2029341 - ET TROJAN Amadey Stealer CnC - BotKiller Module Checkin
(trojan.rules)
  2029342 - ET TROJAN Possible Winnti TLS Certificate Observed
(trojan.rules)
  2029343 - ET TROJAN Possible Winnti TLS Certificate Observed
(trojan.rules)
  2029346 - ET TROJAN Possible Winnti DNS Lookup (trojan.rules)
  2029347 - ET TROJAN Possible Winnti DNS Lookup (trojan.rules)

Pro:

  2840783 - ETPRO USER_AGENTS Observed Suspicious UA (Google Chrome)
(user_agents.rules)
  2840784 - ETPRO MALWARE InsanityCheats Activity (malware.rules)
  2840785 - ETPRO TROJAN Unk.CoinMiner Requesting Config (trojan.rules)
  2840786 - ETPRO INFO Request for config.txt (info.rules)
  2840787 - ETPRO INFO Request for config.json (info.rules)
  2840788 - ETPRO USER_AGENTS Suspicious User-Agent (AntiVirus)
(user_agents.rules)
  2840789 - ETPRO TROJAN DNS Query to TA429 Related CnC Domain
(trojan.rules)
  2840790 - ETPRO MALWARE Win32/FlyStudio Variant Payload Download
(malware.rules)
  2840791 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-31 1) (trojan.rules)
  2840792 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-31 2) (trojan.rules)
  2840793 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-01-31 (current_events.rules)
  2840794 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2020-01-31
(current_events.rules)
  2840795 - ETPRO CURRENT_EVENTS Successful Blockchain Phish 2020-01-31
(current_events.rules)
  2840796 - ETPRO CURRENT_EVENTS Successful USAA Phish 2020-01-31
(current_events.rules)
  2840797 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-01-31 (current_events.rules)
  2840798 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-01-31 (current_events.rules)
  2840799 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-01-31 (current_events.rules)
  2840800 - ETPRO CURRENT_EVENTS Successful Adobe PDF Cloud Phish
2020-01-31 (current_events.rules)
  2840801 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2020-01-31
(current_events.rules)
  2840802 - ETPRO MALWARE Kinstaller Checkin (malware.rules)
  2840803 - ETPRO TROJAN Win32/Remcos RAT Checkin 325 (trojan.rules)
  2840804 - ETPRO TROJAN Win32/Remcos RAT Checkin 326 (trojan.rules)

 [///]     Modified active rules:     [///]

  2029339 - ET INFO Powershell Downloader with Start-Process Inbound M1
(info.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200131/4fa180aa/attachment.html>


More information about the Emerging-updates mailing list