[Emerging-updates] Daily Ruleset Update Summary 2020/07/03

James Emery-Callcott jcallcott at emergingthreats.net
Fri Jul 3 12:36:25 HDT 2020


[***]            Summary:            [***]

        23 new OPEN, 42 new PRO (23 + 19).  CobaltStrike, Various Phish,
Various CoinMiners, Others.

        Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

        2030446 - ET WEB_CLIENT Predator the Thief Password Prompt Accessed
on External Compromised Server (web_client.rules)
        2030447 - ET WEB_SERVER Predator the Thief Password Prompt Accessed
on Internal Compromised Server (web_server.rules)
        2030448 - ET TROJAN Observed CobaltStrike CnC Domain in TLS SNI
(trojan.rules)
        2030449 - ET TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
        2030450 - ET TROJAN Observed CobaltStrike CnC Domain in TLS SNI
(trojan.rules)
        2030451 - ET TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
        2030452 - ET TROJAN Observed CobaltStrike CnC Domain in TLS SNI
(trojan.rules)
        2030453 - ET TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
        2030454 - ET TROJAN Observed CobaltStrike CnC Domain in TLS SNI
(trojan.rules)
        2030455 - ET TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
        2030456 - ET TROJAN Observed CobaltStrike CnC Domain in TLS SNI
(trojan.rules)
        2030457 - ET TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
        2030458 - ET TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
        2030459 - ET TROJAN Observed CobaltStrike CnC Domain in TLS SNI
(trojan.rules)
        2030460 - ET TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
        2030461 - ET TROJAN Observed CobaltStrike CnC Domain in TLS SNI
(trojan.rules)
        2030462 - ET TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
        2030463 - ET TROJAN Observed CobaltStrike CnC Domain in TLS SNI
(trojan.rules)
        2030464 - ET TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
        2030465 - ET TROJAN Observed CobaltStrike CnC Domain in TLS SNI
(trojan.rules)
        2030466 - ET TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
        2030467 - ET TROJAN Observed CobaltStrike CnC Domain in TLS SNI
(trojan.rules)
        2030468 - ET POLICY go-external-ip library User-Agent (policy.rules)

Pro:

        2843310 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-03 1) (trojan.rules)
        2843311 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-03 2) (trojan.rules)
        2843312 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-03 3) (trojan.rules)
        2843313 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-03 4) (trojan.rules)
        2843314 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-07-03
(current_events.rules)
        2843315 - ETPRO CURRENT_EVENTS Successful IONOS Webmail Phish
2020-07-03 (current_events.rules)
        2843316 - ETPRO CURRENT_EVENTS Successful Zimbra Phish 2020-07-03
(current_events.rules)
        2843317 - ETPRO CURRENT_EVENTS Successful Lloyds Bank Phish
2020-07-03 (current_events.rules)
        2843318 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2020-07-03 (current_events.rules)
        2843319 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-07-03 (current_events.rules)
        2843320 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-07-03 (current_events.rules)
        2843321 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-07-03 (current_events.rules)
        2843322 - ETPRO CURRENT_EVENTS Successful Posteitaliane Phish
2020-07-03 (current_events.rules)
        2843323 - ETPRO CURRENT_EVENTS Successful Santander Phish
2020-07-03 (current_events.rules)
        2843324 - ETPRO CURRENT_EVENTS Successful Santander Phish
2020-07-03 (current_events.rules)
        2843325 - ETPRO CURRENT_EVENTS Successful Telekom/Tmobile Phish
2020-07-03 (current_events.rules)
        2843326 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2020-07-03
(current_events.rules)
        2843327 - ETPRO TROJAN Win64/TrojanDownloader.Agent.FY CnC Activity
M1 (trojan.rules)
        2843328 - ETPRO TROJAN Win64/TrojanDownloader.Agent.FY CnC Activity
M2 (trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200703/7fa5a108/attachment.html>


More information about the Emerging-updates mailing list