[Emerging-updates] Daily Ruleset Update Summary 2020/07/06

James Emery-Callcott jcallcott at emergingthreats.net
Mon Jul 6 13:42:30 HDT 2020


[***]            Summary:            [***]

        5 new OPEN, 26 new PRO (5 + 21).  Win32/Echmark, Remcos, Mirai,
Various Phish, Others.

        Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

        2030470 - ET SCAN ELF/Mirai Variant User-Agent (Inbound)
(scan.rules)
        2030471 - ET TROJAN ELF/Mirai Variant User-Agent (Outbound)
(trojan.rules)
        2030472 - ET WEB_CLIENT Generic Mailer Accessed on External Server
(web_client.rules)
        2030473 - ET WEB_SERVER Generic Mailer Accessed on Internal Server
(web_server.rules)
        2030474 - ET POLICY CommandCam Download (policy.rules)

Pro:

        2843329 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Agent.y
CnC Beacon (mobile_malware.rules)
        2843330 - ETPRO TROJAN Observed Malicious SSL Cert (BR.SpyBanker
CnC) (trojan.rules)
        2843331 - ETPRO TROJAN Win32/ASteal CnC Exfil (trojan.rules)
        2843332 - ETPRO CURRENT_EVENTS Successful Outlook Phish 2020-07-06
(current_events.rules)
        2843333 - ETPRO CURRENT_EVENTS Successful Gov UK Tax Refund Phish
2020-07-06 (current_events.rules)
        2843334 - ETPRO CURRENT_EVENTS Successful Bitcoin Wallet Phish
2020-07-06 (current_events.rules)
        2843335 - ETPRO TROJAN W32/Unk.VT CnC Host Checkin (trojan.rules)
        2843336 - ETPRO TROJAN W32/Echmark CnC Host Checkin (trojan.rules)
        2843337 - ETPRO TROJAN W32/Echmark CnC Host Checkin 2 (trojan.rules)
        2843338 - ETPRO TROJAN W32/Echmark CnC Request (trojan.rules)
        2843339 - ETPRO TROJAN W32/Echmark CnC Response (trojan.rules)
        2843340 - ETPRO TROJAN W32/Echmark CnC Exfil Activity (trojan.rules)
        2843341 - ETPRO TROJAN Win32/Agent.TQJ Variant CnC Host Checkin
(trojan.rules)
        2843342 - ETPRO CURRENT_EVENTS Successful Generic Email Account
Verification Phish 2020-07-06 (current_events.rules)
        2843343 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2020-07-06
(current_events.rules)
        2843344 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2020-07-06 (current_events.rules)
        2843347 - ETPRO MALWARE Win32/Remcos RAT Checkin 475 (malware.rules)
        2843348 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT CnC)
(trojan.rules)
        2843349 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC)
(trojan.rules)

[///]     Modified active rules:     [///]

        2030329 - ET WEB_CLIENT Generic Mailer Accessed on Internal Server
(web_client.rules)
        2030469 - ET EXPLOIT F5 TMUI RCE vulnerability CVE-2020-5902
Attempt (exploit.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200706/6aa0ee48/attachment.html>


More information about the Emerging-updates mailing list