[Emerging-updates] Daily Ruleset Update Summary 2020/07/08

James Emery-Callcott jcallcott at emergingthreats.net
Wed Jul 8 13:34:59 HDT 2020


[***]            Summary:            [***]

        2 new OPEN, 40 new PRO (2 + 38).  Win32/SSTS Bot, Remcos, Various
Android, Others.

        Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

        2030484 - ET GAMES Dragon Raja Activity (games.rules)
        2030485 - ET TROJAN Hakbit/Thanos Ransomware BMP Download
(trojan.rules)

Pro:

        2843388 - ETPRO MOBILE_MALWARE Android Tianjim Checkin
(mobile_malware.rules)
        2843389 - ETPRO MOBILE_MALWARE Android JustIllusion Checkin
(mobile_malware.rules)
        2843390 - ETPRO MOBILE_MALWARE Android Orzunit Checkin
(mobile_malware.rules)
        2843391 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Knobot.pac
(DNS Lookup) (mobile_malware.rules)
        2843392 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Knobot.pac
(DNS Lookup) 2 (mobile_malware.rules)
        2843393 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Ewind.jg Checkin
(mobile_malware.rules)
        2843394 - ETPRO MOBILE_MALWARE Android FunnyColor Checkin
(mobile_malware.rules)
        2843395 - ETPRO MOBILE_MALWARE Android/FakeApp.LG Checkin
(mobile_malware.rules)
        2843396 - ETPRO MOBILE_MALWARE Android/Jocker.bf13ce8a Checkin
(mobile_malware.rules)
        2843397 - ETPRO MOBILE_MALWARE Android ParaDream Checkin
(mobile_malware.rules)
        2843398 - ETPRO MOBILE_MALWARE Android/Hiddad.AAJ Checkin
(mobile_malware.rules)
        2843399 - ETPRO MOBILE_MALWARE Android.HiddenAd.gk Checkin
(mobile_malware.rules)
        2843400 - ETPRO MOBILE_MALWARE Dropper.Agent.Android.65271 CnC
Beacon (mobile_malware.rules)
        2843401 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Agent.vm Checkin
(mobile_malware.rules)
        2843402 - ETPRO MOBILE_MALWARE Android Dropper GorpoNaut Checkin
(mobile_malware.rules)
        2843403 - ETPRO TROJAN Win32/SSTS Bot CnC Checkin (trojan.rules)
        2843404 - ETPRO TROJAN Win32/SSTS Bot CnC Requesting Commands
(trojan.rules)
        2843405 - ETPRO TROJAN Win32/SSTS Bot CnC System Info Exfil
(trojan.rules)
        2843406 - ETPRO TROJAN PyEXE/Spy.Agent.BR CnC Activity
(trojan.rules)
        2843407 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-08 1) (trojan.rules)
        2843408 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-08 2) (trojan.rules)
        2843409 - ETPRO CURRENT_EVENTS Successful Instagram Phish
2020-07-08 (current_events.rules)
        2843410 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-07-08
(current_events.rules)
        2843411 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-07-08 (current_events.rules)
        2843412 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-07-08 (current_events.rules)
        2843413 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2020-07-08 (current_events.rules)
        2843414 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-07-08
(current_events.rules)
        2843415 - ETPRO CURRENT_EVENTS Successful Banca en Linea Phish
2020-07-08 (current_events.rules)
        2843416 - ETPRO CURRENT_EVENTS Successful Generic Compromised
Wordpress Phish 2020-07-08 (current_events.rules)
        2843417 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish
2020-07-08 (current_events.rules)
        2843418 - ETPRO CURRENT_EVENTS Successful Microsoft Docs Phish
2020-07-08 (current_events.rules)
        2843419 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish
2020-07-08 (current_events.rules)
        2843420 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish
2020-07-08 (current_events.rules)
        2843421 - ETPRO TROJAN MSIL/Agent.BTK CnC Activity (trojan.rules)
        2843422 - ETPRO TROJAN Win32/Remcos RAT Checkin 475 (trojan.rules)
        2843423 - ETPRO TROJAN Win32/Remcos RAT Checkin 476 (trojan.rules)
        2843424 - ETPRO TROJAN Win32/Remcos RAT Checkin 477 (trojan.rules)
        2843425 - ETPRO CURRENT_EVENTS Successful Microsoft Credential
Phish 2020-07-08 (current_events.rules)

[///]     Modified active rules:     [///]

        2030156 - ET TROJAN Hakbit/Thanos Ransomware Exfil via FTP
(trojan.rules)
        2834630 - ETPRO INFO Likely Scam Callback Domain M1 (info.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200708/0495eb9b/attachment.html>


More information about the Emerging-updates mailing list