[Emerging-updates] Daily Ruleset Update Summary 2020/07/14

Jason Williams jwilliams at emergingthreats.net
Tue Jul 14 14:21:33 HDT 2020


[***]            Summary:            [***]

    15 new OPEN, 35 new PRO (15 + 20). Supercharge, Sneepy.A,
CVE-2020-1350, Various Phish, Suri 5 Updates.

    Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

 [+++]          Added rules:          [+++]

 Open:

  2030503 - ET EXPLOIT AVTECH Authenticated Command Injection in
CloudSetup.cgi (Outbound) (exploit.rules)
  2030504 - ET POLICY HTTP POST to MEGA Userstorage (policy.rules)
  2030505 - ET INFO Possible Malicious Document Request to NOIP DynDNS
Domain (info.rules)
  2030506 - ET INFO Possible Malicious Document Request to NOIP DynDNS
Domain (info.rules)
  2030507 - ET INFO Possible Malicious Document Request to ChangeIP Dynamic
DNS Domain (info.rules)
  2030508 - ET INFO Possible Malicious Document Request to ChangeIP Dynamic
DNS Domain (info.rules)
  2030509 - ET INFO Possible Malicious Document Request to Afraid.org Top
100 Dynamic DNS Domain (info.rules)
  2030510 - ET INFO Possible Malicious Document Request to Afraid.org Top
100 Dynamic DNS Domain (info.rules)
  2030511 - ET INFO Possible Malicious Document Request to Hostinger
Domains (info.rules)
  2030512 - ET INFO Possible Malicious Document Request to Hostinger
Domains (info.rules)
  2030513 - ET INFO Possible Malicious Document Request to .tk domain
(info.rules)
  2030514 - ET INFO Possible Malicious Document Request to .tk domain
(info.rules)
  2030515 - ET TROJAN ZoomInfo Contact Contributor Install (trojan.rules)
  2030516 - ET TROJAN Supercharge Component Download (ps1) (trojan.rules)
  2030517 - ET TROJAN Supercharge Component Download (exe) (trojan.rules)

 Pro:

  2843505 - ETPRO TROJAN Observed DNS Query to ELF/Various Mirai Variant
CnC Domain (trojan.rules)
  2843506 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2020-07-14
(current_events.rules)
  2843507 - ETPRO CURRENT_EVENTS Successful Santander Phish 2020-07-14
(current_events.rules)
  2843508 - ETPRO CURRENT_EVENTS Successful Generic Update Account Phish
2020-07-14 (current_events.rules)
  2843509 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-07-14 (current_events.rules)
  2843510 - ETPRO CURRENT_EVENTS Successful University of Alberta Phish
2018-04-06 (current_events.rules)
  2843511 - ETPRO CURRENT_EVENTS Successful Texas State University Phish
2020-07-14 (current_events.rules)
  2843512 - ETPRO CURRENT_EVENTS Successful Bowling Green State University
Phish 2020-07-14 (current_events.rules)
  2843513 - ETPRO TROJAN MSIL/Pterodo.GY CnC Host Checkin (trojan.rules)
  2843514 - ETPRO TROJAN MSIL/Pterodo.GY CnC Ping Activity (trojan.rules)
  2843515 - ETPRO TROJAN Win32/Kryptik.HEUJ Variant Connectivity Check
(trojan.rules)
  2843525 - ETPRO EXPLOIT Possible Windows DNS Integer Overflow Attempt M1
(CVE-2020-1350) (exploit.rules)
  2843526 - ETPRO EXPLOIT Possible Windows DNS Integer Overflow Attempt M2
(CVE-2020-1350) (exploit.rules)
  2843518 - ETPRO INFO HTTP POST Request to DuckDNS Domain (info.rules)
  2843519 - ETPRO TROJAN Win32/Sneepy.A CnC Activity (trojan.rules)
  2843520 - ETPRO TROJAN Win32/Remcos RAT Checkin 484 (trojan.rules)
  2843521 - ETPRO TROJAN Win32/Remcos RAT Checkin 485 (trojan.rules)
  2843522 - ETPRO TROJAN Win32/Remcos RAT Checkin 486 (trojan.rules)
  2843523 - ETPRO CURRENT_EVENTS Successful MKB Bank Phish 2020-07-14
(current_events.rules)
  2843524 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-07-14 (current_events.rules)

 [///]     Modified active rules:     [///]

  2017371 - ET TROJAN Win32/Neurevt.A/Betabot checkin (trojan.rules)
  2021730 - ET TROJAN Joanap CnC Checkin (trojan.rules)
  2022594 - ET TROJAN Possible Godzilla Loader Base64 Filename
(trojan.rules)
  2022844 - ET TROJAN Ransomware Locky CnC Beacon 4 21 May (trojan.rules)
  2022845 - ET TROJAN Criptobit/Mobef Ransomware Checkin (trojan.rules)
  2022846 - ET WEB_SERVER Possible CVE-2016-5118 Exploit SVG attempt M1
(web_server.rules)
  2022847 - ET WEB_SERVER Possible CVE-2016-5118 Exploit SVG attempt M2
(web_server.rules)
  2022862 - ET TROJAN FastPOS Initial Checkin (trojan.rules)
  2022863 - ET TROJAN FastPOS Version Checkin (trojan.rules)
  2022864 - ET TROJAN FastPOS Sending Status Logs (trojan.rules)
  2022865 - ET TROJAN FastPOS Software Update Request (trojan.rules)
  2022866 - ET TROJAN FastPOS Reporting Error Code (trojan.rules)
  2022867 - ET TROJAN FastPOS Successful Software Update Request
(trojan.rules)
  2022871 - ET TROJAN FastPOS Sending Keystrokes (trojan.rules)
  2022872 - ET TROJAN FastPOS RAM Scraper Sending Details (trojan.rules)
  2022875 - ET TROJAN BandarChor/CryptON Ransomware Checkin (trojan.rules)
  2022881 - ET TROJAN Qarallax RAT Downloading Modules (trojan.rules)
  2022884 - ET CURRENT_EVENTS SUSPICIOUS EXE Download from specific file
share site (used in recent maldoc campaign) (current_events.rules)
  2022889 - ET TROJAN Bolek HTTP Checkin (trojan.rules)
  2028919 - ET TROJAN Patchwork APT CnC Beacon 2 (trojan.rules)
  2807428 - ETPRO TROJAN Win32/Neurevt.A/Betabot Checkin 2 (trojan.rules)
  2809670 - ETPRO TROJAN Win32/Neurevt.B/Betabot Trojan Checkin via HTTP
POST (trojan.rules)
  2816562 - ETPRO TROJAN Danti Variant CnC Beacon (trojan.rules)
  2816589 - ETPRO TROJAN Stealth Falcon PowerShell Stage 1 CnC Beacon M1
(trojan.rules)
  2816590 - ETPRO TROJAN Stealth Falcon PowerShell Stage 1 CnC Beacon M2
(trojan.rules)
  2816591 - ETPRO TROJAN Stealth Falcon PowerShell Stage 1 CnC Beacon M3
b64 1 (trojan.rules)
  2816592 - ETPRO TROJAN Stealth Falcon PowerShell Stage 1 CnC Beacon M3
b64 2 (trojan.rules)
  2816593 - ETPRO TROJAN Stealth Falcon PowerShell Stage 1 CnC Beacon M3
b64 3 (trojan.rules)
  2820319 - ETPRO TROJAN Win32/Bafruz.L Activity (trojan.rules)
  2820320 - ETPRO TROJAN Win32/Nitedrem.E CnC 2 (trojan.rules)
  2820321 - ETPRO TROJAN Cript 1.0 Ransomware Encrypt Job Complete
(trojan.rules)
  2820323 - ETPRO TROJAN MSIL/SilentShade Ransomware CnC Checkin
(trojan.rules)
  2820324 - ETPRO TROJAN MSIL/SilentShade Ransomware CnC Checkin 2
(trojan.rules)
  2820329 - ETPRO CURRENT_EVENTS Successful Citizenbank Phish 2016-05-24 M1
(current_events.rules)
  2820330 - ETPRO CURRENT_EVENTS Successful Citizenbank Phish 2016-05-24 M2
(current_events.rules)
  2820354 - ETPRO CURRENT_EVENTS Suspicious File Download Post-Phishing
2016-05-25 (current_events.rules)
  2820357 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Triada.g Checkin
(mobile_malware.rules)
  2820367 - ETPRO TROJAN Win32/Agiala Checkin (trojan.rules)
  2820373 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2016-05-26
(current_events.rules)
  2820393 - ETPRO POLICY Remote Access User-Agent (RMS) (policy.rules)
  2820399 - ETPRO TROJAN Win32/Fibot.A CnC Checkin (trojan.rules)
  2820402 - ETPRO TROJAN Ransomware/Cerber Onion Checkin (trojan.rules)
  2820403 - ETPRO EXPLOIT Oracle ATS Arbitrary File Upload (CVE-2016-0491)
(exploit.rules)
  2820450 - ETPRO CURRENT_EVENTS Avast Phishing Landing 2016-06-02
(current_events.rules)
  2820466 - ETPRO CURRENT_EVENTS Generic Email Login Phishing Landing
2016-06-02 (current_events.rules)
  2820470 - ETPRO TROJAN Targeted AutoIt FileStealer/Downloader CnC Beacon
1 (trojan.rules)
  2820472 - ETPRO TROJAN Targeted AutoIt FileStealer/Downloader CnC Beacon
3 (trojan.rules)
  2820515 - ETPRO TROJAN Fleercivet Clickfraud Activity (set) (trojan.rules)
  2820516 - ETPRO TROJAN Fleercivet Clickfraud Activity (trojan.rules)
  2820517 - ETPRO TROJAN Win32/ExtenBro.ACE Activity (trojan.rules)
  2820527 - ETPRO TROJAN Win32/Remote Keylogger Asset Download Request
(trojan.rules)
  2820530 - ETPRO CURRENT_EVENTS DrSpam Phishing Landing 2016-06-08
(current_events.rules)
  2820531 - ETPRO CURRENT_EVENTS DrSpam Phishing Landing CSS 2016-06-08
(current_events.rules)
  2820532 - ETPRO CURRENT_EVENTS Successful DrSpam Phish 2016-06-08 M1
(current_events.rules)
  2820533 - ETPRO CURRENT_EVENTS Successful DrSpam Phish 2016-06-08 M2
(current_events.rules)
  2820550 - ETPRO TROJAN APT28 XAgent User-Agent (trojan.rules)
  2820558 - ETPRO CURRENT_EVENTS Successful US Bank Phish 2016-06-09 M1
(current_events.rules)
  2820559 - ETPRO CURRENT_EVENTS Successful US Bank Phish 2016-06-09 M2
(current_events.rules)
  2820565 - ETPRO TROJAN Win32/Zeprox.B Checkin Response (trojan.rules)
  2820580 - ETPRO TROJAN Inexsmar/Darkhotel/Dubnium Stage 1 CnC Beacon
(trojan.rules)
  2839152 - ETPRO TROJAN Patchwork APT CnC Beacon 4 (trojan.rules)
  2843487 - ETPRO CURRENT_EVENTS Successful Google Drive Phish 2020-07-13
(current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200714/7d07098a/attachment.html>


More information about the Emerging-updates mailing list