[Emerging-updates] Daily Ruleset Update Summary 2020/07/09

James Emery-Callcott jcallcott at emergingthreats.net
Thu Jul 9 13:55:35 HDT 2020


[***]            Summary:            [***]

        6 new OPEN, 24 new PRO (6 + 18).  FRAT, SpyGate, Mirai, Various
Others.

        Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

        2030486 - ET TROJAN Observed Malicious SSL Cert (Zloader CnC)
(trojan.rules)
        2030487 - ET EXPLOIT Attempted HiSilicon DVR/NVR/IPCam RCE
(Inbound) (exploit.rules)
        2030488 - ET EXPLOIT Attempted HiSilicon DVR/NVR/IPCam RCE
(Outbound) (exploit.rules)
        2030489 - ET TROJAN ELF/MooBot Mirai DDoS Variant Server Response
(trojan.rules)
        2030490 - ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1
(Group String Len 1) (trojan.rules)
        2030491 - ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M2
(Group String Len 2+) (trojan.rules)

Pro:

        2843426 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.PDAK-6 Checkin
(mobile_malware.rules)
        2843427 - ETPRO TROJAN MSIL/Unk.SpyGate Retrieving Config
(trojan.rules)
        2843428 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
        2843430 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-09 1) (trojan.rules)
        2843432 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2020-07-09 (current_events.rules)
        2843433 - ETPRO CURRENT_EVENTS Successful Santander Phish
2020-07-09 (current_events.rules)
        2843434 - ETPRO CURRENT_EVENTS Successful Reserve Bank of India
Phish 2020-07-09 (current_events.rules)
        2843435 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-07-09 (current_events.rules)
        2843437 - ETPRO CURRENT_EVENTS Successful Delta Community Credit
Union Phish 2020-07-09 (current_events.rules)
        2843438 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish
2020-07-09 (current_events.rules)
        2843439 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2020-07-09 (current_events.rules)
        2843440 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-07-09
(current_events.rules)
        2843441 - ETPRO TROJAN FRAT Downloader Activity (trojan.rules)
        2843442 - ETPRO TROJAN FRAT Downloader Error Report POST
(trojan.rules)
        2843443 - ETPRO TROJAN DownloaderWINHTTP Downloader Activity
(trojan.rules)

[///]     Modified active rules:     [///]

        2026040 - ET TROJAN CobaltStrike DNS Beacon Response (trojan.rules)
        2030378 - ET TROJAN Patchwork Staging Domain in DNS Query
(trojan.rules)
        2841368 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04
M11 (current_events.rules)
        2841463 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)
        2841464 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)
        2841465 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)
        2841466 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04
(current_events.rules)
        2841467 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)
        2841468 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)
        2841469 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)
        2841470 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)
        2841471 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)
        2841486 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-12
(current_events.rules)

[---]         Removed rules:         [---]

        2841360 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04
M3 (current_events.rules)
        2841361 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04
M4 (current_events.rules)
        2841362 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04
M5 (current_events.rules)
        2841363 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04
M6 (current_events.rules)
        2841364 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04
M7 (current_events.rules)
        2841365 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04
M8 (current_events.rules)
        2841366 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04
M9 (current_events.rules)
        2841367 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04
M10 (current_events.rules)
        2841472 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)
        2841487 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-12
(current_events.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200709/03379d3e/attachment.html>


More information about the Emerging-updates mailing list