[Emerging-updates] Daily Ruleset Update Summary 2020/07/20

Brandon Murphy bmurphy at emergingthreats.net
Mon Jul 20 13:42:44 HDT 2020


[***]            Summary:            [***]

7 new OPEN, 30 new PRO (7 + 23). Win32/Delf.BLL, Win32/RYMChromeExt,
Win32/SecurityXploded.B, Various Phishing

Thanks: @James_inthe_box.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2030558 - ET TROJAN Win32/Delf.BLL Variant CnC Activity (Outbound)
(trojan.rules)
2030559 - ET TROJAN Win32/Delf.BLL Variant CnC Activity (Inbound)
(trojan.rules)
2030560 - ET TROJAN Win32/PSW.Agent.OIN CnC Activity (trojan.rules)
2030561 - ET TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
2030562 - ET TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
2030563 - ET TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
2030564 - ET TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)

Pro:

2843576 - ETPRO MOBILE_MALWARE Android TouchTong Reporting Phone Number
(mobile_malware.rules)
2843577 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Ewind.cs Reporting Geo
Location (mobile_malware.rules)
2843578 - ETPRO MALWARE Win32/RYMChromeExt Activity (malware.rules)
2843579 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-18 1) (trojan.rules)
2843580 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-18 2) (trojan.rules)
2843581 - ETPRO CURRENT_EVENTS Successful Sparkasse Phish 2020-07-20
(current_events.rules)
2843582 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish 2020-07-20
(current_events.rules)
2843583 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-07-20
(current_events.rules)
2843584 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-07-20
(current_events.rules)
2843585 - ETPRO CURRENT_EVENTS Successful Commonwealth Bank Phish
2020-07-20 (current_events.rules)
2843586 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-07-20
(current_events.rules)
2843587 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-07-20
(current_events.rules)
2843588 - ETPRO CURRENT_EVENTS Successful Generic PDF Online Phish
2020-07-20 (current_events.rules)
2843589 - ETPRO MALWARE Win32/Caypnamer CnC Activity (malware.rules)
2843590 - ETPRO TROJAN MSIL/Agent.QUI Variant CnC Activity (trojan.rules)
2843591 - ETPRO TROJAN VBS/Dinihou Variant CnC Activity (trojan.rules)
2843592 - ETPRO TROJAN Win32/SecurityXploded.B Variant CnC Exfil
(trojan.rules)
2843593 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish 2020-07-20
(current_events.rules)
2843594 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-07-20
(current_events.rules)
2843595 - ETPRO TROJAN Win32/Remcos RAT Checkin 493 (trojan.rules)
2843596 - ETPRO TROJAN Win32/Remcos RAT Checkin 494 (trojan.rules)
2843597 - ETPRO TROJAN Win32/Remcos RAT Checkin 495 (trojan.rules)
2843598 - ETPRO TROJAN Win32/Remcos RAT Checkin 496 (trojan.rules)

[///]     Modified active rules:     [///]

2022976 - ET TROJAN Cknife Shell Command Struct Inbound (PHP) (trojan.rules)
2022977 - ET TROJAN Cknife Shell Command Struct Inbound (aspx)
(trojan.rules)
2022980 - ET WEB_CLIENT Tech Support Phone Scam Landing 2016-07-21 M1
(web_client.rules)
2022982 - ET TROJAN Evil Monero Cryptocurrency Miner Request Pools
(trojan.rules)
2027899 - ET CURRENT_EVENTS Possible Phishing Landing Obfuscation
2016-03-17 (current_events.rules)
2816849 - ETPRO CURRENT_EVENTS Phishing Landing via Tripod.com (set)
2016-03-31 (current_events.rules)
2820334 - ETPRO POLICY Tripod/Lycos Form Submission - Possible Successful
Phish (policy.rules)
2821184 - ETPRO TROJAN Win32/Injector.DCBB FB Stealer Checkin (trojan.rules)
2821233 - ETPRO CURRENT_EVENTS Webmail Account Upgrade Phishing Landing
2016-07-20 (current_events.rules)
2821334 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.FP Checkin
(mobile_malware.rules)
2836280 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-05-10
(current_events.rules)
2842107 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2020-04-20
(current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200720/e11211cc/attachment.html>


More information about the Emerging-updates mailing list