[Emerging-updates] Daily Ruleset Update Summary 2020/07/01

Jason Taylor jastaylor at emergingthreats.net
Wed Jul 1 13:59:44 HDT 2020


[***]            Summary:            [***]

28 new OPEN, 46 new PRO (28 + 18). StrongPity, Glupteba, AsyncRAT,
BYOB, Various Phishing.

Many rules in the Suricata 5 ruleset have been updated with Suricata 5
rule syntax/keywords. A complete list of rules that were  changed can
be found via the changelog here:
https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.etpro.2020-07-01T22:48:21.txt

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2030412 - ET TROJAN Observed Malicious SSL Cert (StrongPity CnC) (trojan.rules)
2030413 - ET TROJAN Observed StrongPity CnC Domain in TLS SNI (trojan.rules)
2030414 - ET TROJAN Observed Malicious SSL Cert (StrongPity CnC) (trojan.rules)
2030415 - ET TROJAN Observed StrongPity CnC Domain in TLS SNI (trojan.rules)
2030416 - ET TROJAN Observed Malicious SSL Cert (StrongPity CnC) (trojan.rules)
2030417 - ET TROJAN Observed StrongPity CnC Domain in TLS SNI (trojan.rules)
2030418 - ET TROJAN Observed StrongPity CnC Domain in TLS SNI (trojan.rules)
2030419 - ET TROJAN Observed StrongPity CnC Domain in TLS SNI (trojan.rules)
2030420 - ET TROJAN Observed StrongPity CnC Domain in TLS SNI (trojan.rules)
2030421 - ET TROJAN Observed StrongPity CnC Domain in TLS SNI (trojan.rules)
2030422 - ET TROJAN Observed StrongPity CnC Domain in TLS SNI (trojan.rules)
2030423 - ET TROJAN Observed StrongPity CnC Domain in TLS SNI (trojan.rules)
2030424 - ET TROJAN Observed StrongPity CnC Domain in TLS SNI (trojan.rules)
2030425 - ET TROJAN Observed StrongPity CnC Domain in TLS SNI (trojan.rules)
2030426 - ET TROJAN Observed StrongPity CnC Domain in TLS SNI (trojan.rules)
2030427 - ET TROJAN Observed StrongPity CnC Domain in TLS SNI (trojan.rules)
2030428 - ET TROJAN Observed StrongPity CnC Domain in TLS SNI (trojan.rules)
2030429 - ET TROJAN Observed StrongPity CnC Domain in TLS SNI (trojan.rules)
2030430 - ET TROJAN Observed StrongPity CnC Domain in TLS SNI (trojan.rules)
2030431 - ET TROJAN Observed StrongPity CnC Domain in TLS SNI (trojan.rules)
2030432 - ET TROJAN Observed StrongPity CnC Domain in TLS SNI (trojan.rules)
2030433 - ET TROJAN Observed StrongPity CnC Domain in TLS SNI (trojan.rules)
2030434 - ET TROJAN Observed StrongPity CnC Domain in TLS SNI (trojan.rules)
2030435 - ET TROJAN Suspected Glupteba Download (trojan.rules)
2030436 - ET TROJAN Suspected Glupteba Download (trojan.rules)
2030437 - ET TROJAN Glupteba CnC Checkin (trojan.rules)
2030438 - ET MALWARE Evil Google Drive Download (malware.rules)
2030439 - ET USER_AGENTS Observed Suspicious UA (CODE) (user_agents.rules)

Pro:

2843283 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT CnC) (trojan.rules)
2843284 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT CnC) (trojan.rules)
2843285 - ETPRO TROJAN Known Malicious CAB File Inbound (trojan.rules)
2843286 - ETPRO TROJAN Observed Malicious SSL Cert (GRIFFON CnC) (trojan.rules)
2843287 - ETPRO TROJAN Observed SocGholish Domain in TLS SNI (trojan.rules)
2843288 - ETPRO CURRENT_EVENTS Successful Webmail Verification Portal
Phish 2020-07-01 (current_events.rules)
2843289 - ETPRO CURRENT_EVENTS Successful Ruralvia Phish 2020-07-01
(current_events.rules)
2843290 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2020-07-01 (current_events.rules)
2843291 - ETPRO CURRENT_EVENTS Successful Docusign Phish 2020-07-01
(current_events.rules)
2843292 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-07-01 (current_events.rules)
2843293 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-07-01 (current_events.rules)
2843294 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-07-01 (current_events.rules)
2843295 - ETPRO TROJAN BYOB - Python Backdoor Exfiltration Activity
(trojan.rules)
2843296 - ETPRO TROJAN Facebook Cookie Stealer Checkin (trojan.rules)
2843297 - ETPRO TROJAN Win32/Remcos RAT Checkin 473 (trojan.rules)
2843298 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
2843299 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-07-01
(current_events.rules)
2843300 - ETPRO TROJAN Win32/StartSurf Activity (trojan.rules)

[///]     Modified active rules:     [///]

2843271 - ETPRO CURRENT_EVENTS Succcesful Chase Phish 2020-06-30
(current_events.rules)
2843273 - ETPRO CURRENT_EVENTS Succcesful Generic Phish 2020-06-30
(current_events.rules)


More information about the Emerging-updates mailing list