[Emerging-updates] Daily Ruleset Update Summary 2020/07/10

James Emery-Callcott jcallcott at emergingthreats.net
Fri Jul 10 13:16:31 HDT 2020


[***]            Summary:            [***]

        5 new OPEN, 33 new PRO (5 + 28).  CVE-2020-1300, Win32/Elysium,
AsyncRAT, Various Others.

        Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

        2030492 - ET USER_AGENTS Observed Suspicious UA (grab)
(user_agents.rules)
        2030493 - ET EXPLOIT Potentially Malicious .cab Inbound
(CVE-2020-1300) (exploit.rules)
        2030494 - ET TROJAN FRAT Downloader Activity (trojan.rules)
        2030495 - ET TROJAN FRAT Downloader Error Report POST (trojan.rules)
        2030496 - ET TROJAN Gafgyt vbot Variant CnC (trojan.rules)

Pro:

        2843444 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.cf /
Anubis Checkin (mobile_malware.rules)
        2843445 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.cf /
Anubis Checkin 2 (mobile_malware.rules)
        2843446 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.cf /
Anubis Checkin 3 (mobile_malware.rules)
        2843447 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Jocker.ck Checkin
(mobile_malware.rules)
        2843448 - ETPRO TROJAN Win32/Elysium Stealer CnC Exfil
(trojan.rules)
        2843449 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT CnC)
(trojan.rules)
        2843450 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT CnC)
(trojan.rules)
        2843451 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT CnC)
(trojan.rules)
        2843452 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT CnC)
(trojan.rules)
        2843453 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-10 1) (trojan.rules)
        2843454 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-10 2) (trojan.rules)
        2843455 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-07-10 (current_events.rules)
        2843456 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-07-10 (current_events.rules)
        2843457 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2020-07-10
(current_events.rules)
        2843458 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-07-10
(current_events.rules)
        2843459 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2020-07-10 (current_events.rules)
        2843460 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-07-10
(current_events.rules)
        2843461 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-07-10
(current_events.rules)
        2843462 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish
2020-07-10 (current_events.rules)
        2843463 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2020-07-10 (current_events.rules)
        2843464 - ETPRO CURRENT_EVENTS Successful Generic University Phish
2020-07-10 (current_events.rules)
        2843465 - ETPRO CURRENT_EVENTS Successful Generic Update Account
Phish 2020-07-10 (current_events.rules)
        2843466 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish
2020-07-10 (current_events.rules)
        2843467 - ETPRO TROJAN MSIL/Spy.Keylogger.AVQ Variant Checkin via
Disord (trojan.rules)
        2843468 - ETPRO TROJAN Win32/Remcos RAT Checkin 478 (trojan.rules)
        2843469 - ETPRO TROJAN Win32/Remcos RAT Checkin 479 (trojan.rules)
        2843470 - ETPRO TROJAN Win32/Remcos RAT Checkin 480 (trojan.rules)
        2843471 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)

[///]     Modified active rules:     [///]

        2022815 - ET POLICY Possible SQLi Attempt in User Agent (Outbound)
(policy.rules)
        2025676 - ET CURRENT_EVENTS Mailbox Update Phishing Landing M2
2016-05-16 (current_events.rules)
        2025677 - ET CURRENT_EVENTS Mailbox Update Phishing Landing M1
2016-05-16 (current_events.rules)
        2816218 - ETPRO TROJAN Loxes CnC Beacon (trojan.rules)
        2820116 - ETPRO EXPLOIT Windows Media Center RCE Inbound Payload
(CVE-2016-0185) (exploit.rules)
        2820180 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Agent.by
Checkin (mobile_malware.rules)
        2820182 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ic
Checkin (mobile_malware.rules)
        2820194 - ETPRO EXPLOIT Novell ServiceDesk Authenticated File
Upload (CVE-2016-1593) (exploit.rules)
        2820195 - ETPRO EXPLOIT Novell ServiceDesk Authenticated Remote
Code Execution (CVE-2016-1593) (exploit.rules)
        2820196 - ETPRO TROJAN Unknown Likely APT CnC Beacon M1
(trojan.rules)
        2820197 - ETPRO TROJAN Unknown Likely APT CnC Beacon M2
(trojan.rules)
        2820205 - ETPRO TROJAN W32/Saber Checkin (trojan.rules)
        2820213 - ETPRO CURRENT_EVENTS Hunter EK Flash Exploit URI Struct
(current_events.rules)
        2820214 - ETPRO TROJAN W32/Banload.BDN Variant Checkin
(trojan.rules)
        2820235 - ETPRO TROJAN Trojan.Adkor Checkin (trojan.rules)
        2820253 - ETPRO TROJAN Unknown Python RAT Checkin (trojan.rules)
        2820254 - ETPRO TROJAN Unknown Python RAT Keepalive (trojan.rules)
        2820256 - ETPRO TROJAN Win32.Troj.Cidox Checkin 2 (trojan.rules)
        2820257 - ETPRO MOBILE_MALWARE TTrojan-FakeAV.AndroidOS.Balsec.a
Downloading APK (mobile_malware.rules)
        2820258 - ETPRO MOBILE_MALWARE Trojan-FakeAV.AndroidOS.Balsec.a
Downloading Config (mobile_malware.rules)
        2820259 - ETPRO TROJAN Ursnif Inject CnC Request 4 (trojan.rules)
        2820313 - ETPRO TROJAN Cript 1.0 Ransomware Installed (trojan.rules)
        2820314 - ETPRO TROJAN Cript 1.0 Ransomware Disk Checkin
(trojan.rules)
        2820315 - ETPRO TROJAN Cript 1.0 Ransomware File Checkin
(trojan.rules)
        2836129 - ETPRO TROJAN Observed Malicious SSL Cert (Possible
Patchwork CnC) (trojan.rules)

[---]         Removed rules:         [---]

        2843441 - ETPRO TROJAN FRAT Downloader Activity (trojan.rules)
        2843442 - ETPRO TROJAN FRAT Downloader Error Report POST
(trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200710/ce64ac0b/attachment.html>


More information about the Emerging-updates mailing list