[Emerging-updates] Subject: Daily Ruleset Update Summary 2020/07/24

Brandon Murphy bmurphy at emergingthreats.net
Fri Jul 24 14:30:38 HDT 2020


[***]            Summary:            [***]

12 new OPEN, 34 new PRO (12 + 22).  Win32/InstallMonster, ZeroShell RCE
Inbound, and VARIOUS PHISH.

Thanks: @tgreen and @401TRG.

Special thank you to Mui, who has worked with ET as an intern over the past
months.  We wish you great success in all you do.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2030586 - ET USER_AGENTS Observed Suspicious UA (.NET Framework Client)
(user_agents.rules)
2030587 - ET CURRENT_EVENTS Successful Generic Redeye Phish 2020-07-24
(current_events.rules)
2030588 - ET CURRENT_EVENTS Generic Phishing Panel Accessed on External
Server (current_events.rules)
2030589 - ET CURRENT_EVENTS Generic Phishing Panel Accessed on Internal
Server (current_events.rules)
2030590 - ET WEB_CLIENT Generic Webshell Accessed on External Server
(web_client.rules)
2030591 - ET WEB_SERVER Generic Webshell Accessed on Internal Server
(web_server.rules)
2030592 - ET WEB_CLIENT Generic Webshell Password Prompt Accessed on
External Compromised Server (web_client.rules)
2030593 - ET WEB_SERVER Generic Webshell Password Prompt Accessed on
Internal Compromised Server (web_server.rules)
2030594 - ET INFO Generic 302 Redirect to Google (info.rules)
2030595 - ET WEB_CLIENT Generic Website Ransomnote Accessed on External
Compromised Server (web_client.rules)
2030596 - ET WEB_SERVER Generic Website Ransomnote Accessed on Internal
Compromised Server (web_server.rules)
2030597 - ET EXPLOIT [401TRG] ZeroShell RCE Inbound (CVE-2019-12725)
(exploit.rules)

Pro:

2843657 - ETPRO MALWARE Win32/InstallMonster Activity (malware.rules)
2843658 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-24 1) (trojan.rules)
2843659 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-24 2) (trojan.rules)
2843660 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-24 3) (trojan.rules)
2843661 - ETPRO CURRENT_EVENTS Successful Generic 000webhostapp Phish
2020-07-24 (current_events.rules)
2843662 - ETPRO CURRENT_EVENTS Successful Banco de Cordoba Phish 2020-07-24
(current_events.rules)
2843663 - ETPRO CURRENT_EVENTS Successful Citibank Phish 2020-07-24
(current_events.rules)
2843664 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-07-24 (current_events.rules)
2843665 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-07-24 (current_events.rules)
2843666 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-07-24 (current_events.rules)
2843667 - ETPRO CURRENT_EVENTS Successful Banistmo Phish 2020-07-24
(current_events.rules)
2843668 - ETPRO CURRENT_EVENTS Successful Gov UK Tax Refund Phish
2020-07-24 (current_events.rules)
2843669 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-07-24 (current_events.rules)
2843670 - ETPRO CURRENT_EVENTS Successful Impots Gouv FR Phish 2020-07-24
(current_events.rules)
2843671 - ETPRO POLICY MSRPC Communications Observed M1 (policy.rules)
2843672 - ETPRO POLICY MSRPC Communications Observed M2 (policy.rules)
2843673 - ETPRO GAMES Province Helper Gaming Cheat keys (games.rules)
2843674 - ETPRO TROJAN Win32/Remcos RAT Checkin 502 (trojan.rules)
2843675 - ETPRO TROJAN Win32/Remcos RAT Checkin 503 (trojan.rules)
2843676 - ETPRO TROJAN Win32/Remcos RAT Checkin 504 (trojan.rules)
2843677 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
2843678 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)

[///]     Modified active rules:     [///]

2840616 - ETPRO TROJAN DiscordHaxx Token Exfil Attempt via Webhook
(trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200724/403c8621/attachment.html>


More information about the Emerging-updates mailing list