[Emerging-updates] Daily Ruleset Update Summary 2020/07/27

Jack Mott jmott at emergingthreats.net
Mon Jul 27 14:12:25 HDT 2020


 [***]            Summary:            [***]

3 new OPEN, 29 new PRO (3 + 26). IP Grabber, Suspicious Bitly
Redirects, Win32/Spy.Agent.PYU, MassLogger, Various DonotGroup, VARIOUS
PHISHING.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030598 - ET USER_AGENTS Observed Suspicious UA (cctv.mtv)
(user_agents.rules)
  2030599 - ET TROJAN IP Grabber CnC Activity (trojan.rules)
  2030600 - ET USER_AGENTS Suspicious User-Agent (cso) (user_agents.rules)

Pro:

  2843679 - ETPRO CURRENT_EVENTS Suspicious Bitly Redirect to .dat
(current_events.rules)
  2843680 - ETPRO CURRENT_EVENTS Suspicious Bitly Redirect to .exe
(current_events.rules)
  2843681 - ETPRO CURRENT_EVENTS Suspicious Bitly Redirect to .dll
(current_events.rules)
  2843682 - ETPRO CURRENT_EVENTS Suspicious Bitly Redirect to .ps1
(current_events.rules)
  2843683 - ETPRO CURRENT_EVENTS Successful Vodafone Phish 2020-07-27
(current_events.rules)
  2843684 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-25 1) (trojan.rules)
  2843685 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-25 2) (trojan.rules)
  2843686 - ETPRO CURRENT_EVENTS Successful DHL Phish 2020-07-27
(current_events.rules)
  2843687 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-07-27
(current_events.rules)
  2843688 - ETPRO CURRENT_EVENTS Successful Idaho Central Credit Union
Phish 2020-07-27 (current_events.rules)
  2843689 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-07-27
(current_events.rules)
  2843690 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-07-27
(current_events.rules)
  2843691 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-07-27
(current_events.rules)
  2843692 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-07-27
(current_events.rules)
  2843693 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-07-27
(current_events.rules)
  2843694 - ETPRO CURRENT_EVENTS Successful Immowelt DE Phish 2020-07-27
(current_events.rules)
  2843695 - ETPRO TROJAN Win32/Downloader Loru (trojan.rules)
  2843696 - ETPRO CURRENT_EVENTS Successful Generic Webmail Appspot Hosted
Phish 2020-07-27 (current_events.rules)
  2843697 - ETPRO TROJAN Win32/Spy.Agent.PYU Variant CnC Exfil
(trojan.rules)
  2843698 - ETPRO TROJAN DonotGroup Staging Domain in DNS Query
(trojan.rules)
  2843699 - ETPRO TROJAN DonotGroup CnC Domain in DNS Query (trojan.rules)
  2843700 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
  2843701 - ETPRO TROJAN DonotGroup Stage 1 CnC Checkin (trojan.rules)
  2843702 - ETPRO TROJAN MassLogger Client Data Exfil SMTP (trojan.rules)
  2843703 - ETPRO TROJAN Win32/Remcos RAT Checkin 505 (trojan.rules)
  2843704 - ETPRO CURRENT_EVENTS Generic Credential Phish 2020-07-27 (set)
(current_events.rules)

[///]     Modified active rules:     [///]

  2010794 - ET WEB_SERVER DFind w00tw00t GET-Requests (web_server.rules)
  2013352 - ET TROJAN Executable Download Purporting to be JavaScript
likely 2nd stage Infection (trojan.rules)
  2018393 - ET TROJAN Plasmabot CnC Host Checkin (trojan.rules)
  2021813 - ET TROJAN Ursnif Variant CnC Beacon (trojan.rules)
  2022873 - ET TROJAN Win32/DMA Locker CnC Checkin (trojan.rules)
  2023033 - ET TROJAN Win32/Radonskra.B C2 Check-in (trojan.rules)
  2023035 - ET TROJAN Linux/Lady CnC Beacon 2 (trojan.rules)
  2023055 - ET WEB_CLIENT Tech Support Phone Scam Landing (err.mp3)
2016-08-12 (web_client.rules)
  2023056 - ET WEB_CLIENT Tech Support Phone Scam Landing (msg.mp3)
2016-08-12 (web_client.rules)
  2023057 - ET WEB_CLIENT Tech Support Phone Scam Landing M1 2016-08-12
(web_client.rules)
  2023058 - ET WEB_CLIENT Tech Support Phone Scam Landing M2 2016-08-12
(web_client.rules)
  2023062 - ET CURRENT_EVENTS Email Storage Upgrade Phishing Landing
2016-08-15 (current_events.rules)
  2023065 - ET CURRENT_EVENTS Possible Square Enix Phishing Domain
2016-08-15 (current_events.rules)
  2023067 - ET INFO Symantec Download Flowbit Set (info.rules)
  2023073 - ET CURRENT_EVENTS Netflix Phishing Landing 2016-08-17
(current_events.rules)
  2023076 - ET TROJAN Aveo Checkin (trojan.rules)
  2023077 - ET TROJAN Aveo C2 Response (trojan.rules)
  2023078 - ET TROJAN Aveo C2 Request (trojan.rules)
  2023082 - ET TROJAN Curso Banker Downloading Modules (trojan.rules)
  2023131 - ET TROJAN Possible Pegasus/Trident Related HTTP Beacon 1
(trojan.rules)
  2023132 - ET TROJAN Possible Pegasus/Trident Related HTTP Beacon 2
(trojan.rules)
  2023134 - ET TROJAN Possible Pegasus/Trident Related HTTP Beacon 4
(trojan.rules)
  2023136 - ET TROJAN Possible Pegasus/Trident Related HTTP Beacon 5
(trojan.rules)
  2023139 - ET INFO Form Data Submitted to yolasite.com - Possible Phishing
(info.rules)
  2023146 - ET CURRENT_EVENTS CVE-2014-6332 Sep 01 2016 (HFS Actor) M2
(current_events.rules)
  2023155 - ET TROJAN Linux/LuaBot CnC Beacon (trojan.rules)
  2023182 - ET TROJAN OSX/Mokes.A CnC Heartbeat Request (set) (trojan.rules)
  2023204 - ET TROJAN Quant Loader Download Response (trojan.rules)
  2023235 - ET WEB_CLIENT Microsoft Tech Support Scam M1 2016-09-15
(web_client.rules)
  2023236 - ET WEB_CLIENT Microsoft Tech Support Scam M2 2016-09-15
(web_client.rules)
  2023292 - ET TROJAN Win32.Pony Variant FOX Checkin (trojan.rules)
  2024230 - ET CURRENT_EVENTS iCloud Phishing Landing 2016-09-02
(current_events.rules)
  2025003 - ET CURRENT_EVENTS Successful TeamIPwned Phish 2016-08-30
(current_events.rules)
  2025630 - ET CURRENT_EVENTS Successful Generic Phish 2018-06-27 (set)
(current_events.rules)
  2025659 - ET INFO Suspicious Dropbox Page - Possible Phishing Landing
(info.rules)
  2025669 - ET INFO Suspicious Google Docs Page - Possible Phishing Landing
(info.rules)
  2025670 - ET CURRENT_EVENTS Wells Fargo Mobile Phishing Landing
2016-08-01 (current_events.rules)
  2025673 - ET CURRENT_EVENTS Possible Office 365 Phishing Landing
2016-08-24 (current_events.rules)
  2025684 - ET CURRENT_EVENTS Google Drive Phish Landing 2016-09-01
(current_events.rules)
  2030063 - ET WEB_CLIENT Generic Mailer Check Accessed on External Server
(web_client.rules)
  2525000 - ET 3CORESec Poor Reputation IP group 1 (3coresec.rules)
  2525001 - ET 3CORESec Poor Reputation IP group 2 (3coresec.rules)
  2525002 - ET 3CORESec Poor Reputation IP group 3 (3coresec.rules)
  2525003 - ET 3CORESec Poor Reputation IP group 4 (3coresec.rules)
  2525004 - ET 3CORESec Poor Reputation IP group 5 (3coresec.rules)
  2525005 - ET 3CORESec Poor Reputation IP group 6 (3coresec.rules)
  2525006 - ET 3CORESec Poor Reputation IP group 7 (3coresec.rules)
  2525007 - ET 3CORESec Poor Reputation IP group 8 (3coresec.rules)
  2525008 - ET 3CORESec Poor Reputation IP group 9 (3coresec.rules)
  2525009 - ET 3CORESec Poor Reputation IP group 10 (3coresec.rules)
  2525010 - ET 3CORESec Poor Reputation IP group 11 (3coresec.rules)
  2525011 - ET 3CORESec Poor Reputation IP group 12 (3coresec.rules)
  2525012 - ET 3CORESec Poor Reputation IP group 13 (3coresec.rules)
  2525013 - ET 3CORESec Poor Reputation IP group 14 (3coresec.rules)
  2525014 - ET 3CORESec Poor Reputation IP group 15 (3coresec.rules)
  2525015 - ET 3CORESec Poor Reputation IP group 16 (3coresec.rules)
  2525016 - ET 3CORESec Poor Reputation IP group 17 (3coresec.rules)
  2809355 - ETPRO TROJAN Backdoor.Win32.Speccom.A Checkin (trojan.rules)
  2810366 - ETPRO TROJAN Win32/Shade/Troldesh Ransomware External IP Check
(trojan.rules)
  2810626 - ETPRO TROJAN JavaScript Backdoor CnC Beacon M2 (b64 1)
(trojan.rules)
  2810627 - ETPRO TROJAN JavaScript Backdoor CnC Beacon M2 (b64 2)
(trojan.rules)
  2816005 - ETPRO TROJAN Win32/Agent.XTP (trojan.rules)
  2816096 - ETPRO WEB_CLIENT Possible Websc Phishing Page 2016-02-05
(web_client.rules)
  2820198 - ETPRO TROJAN APT.SVCMONDR CnC Checkin (trojan.rules)
  2820902 - ETPRO TROJAN Cookle CnC Checkin (trojan.rules)
  2820903 - ETPRO TROJAN Cookle CnC POST (trojan.rules)
  2820986 - ETPRO TROJAN Backdoor.Muirim CnC Beacon (trojan.rules)
  2820989 - ETPRO CURRENT_EVENTS RIG/Sundown/Xer EK Payload Jul 06 2016 M2
(current_events.rules)
  2821339 - ETPRO TROJAN Sefnit Checkin 2 (trojan.rules)
  2821354 - ETPRO TROJAN Win32/Spy.Banker.BR Downloading Module
(trojan.rules)
  2821364 - ETPRO TROJAN Trojan.Win32.Agentb.jwp CnC Beacon (trojan.rules)
  2821365 - ETPRO TROJAN Unknown Steam/PWS Exfil via HTTP (trojan.rules)
  2821391 - ETPRO CURRENT_EVENTS Successful Wells Fargo Mobile Phish
2016-08-01 M1 (current_events.rules)
  2821392 - ETPRO CURRENT_EVENTS Successful Wells Fargo Mobile Phish
2016-08-01 M2 (current_events.rules)
  2821393 - ETPRO CURRENT_EVENTS Successful Wells Fargo Mobile Phish
2016-08-01 M3 (current_events.rules)
  2821422 - ETPRO TROJAN Win32.Phorpiex.A EXE Download (trojan.rules)
  2821426 - ETPRO TROJAN Win32/Daserf CnC Beacon 3 (trojan.rules)
  2821450 - ETPRO TROJAN Ransomware Locky CnC Beacon Aug 2 (trojan.rules)
  2821558 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Fetcha.a CnC Beacon
(mobile_malware.rules)
  2821592 - ETPRO CURRENT_EVENTS DHL/EMS Documents Phishing Landing
2016-08-10 (current_events.rules)
  2821593 - ETPRO WEB_CLIENT Suspicious Credential POST to FormBuddy.com -
Possible Phishing Aug 10 2016 (web_client.rules)
  2821595 - ETPRO CURRENT_EVENTS Possible Phishing Landing - Tectite Web
Form Abuse (current_events.rules)
  2821597 - ETPRO INFO Successful Tectite Web Form Submission - Possible
Phishing (info.rules)
  2821599 - ETPRO CURRENT_EVENTS Adobe Shared Document Phishing Landing
Common CSS 2016-08-10 (current_events.rules)
  2821601 - ETPRO TROJAN Lance Stealer Screenshot Exfil (trojan.rules)
  2821616 - ETPRO CURRENT_EVENTS MalDoc Payload Inbound 2016-08-11
(current_events.rules)
  2821626 - ETPRO TROJAN MSIL/Bancos Variant CnC Checkin (trojan.rules)
  2821627 - ETPRO WEB_SPECIFIC_APPS Drupal Module Coder RCE PoC Inbound
(web_specific_apps.rules)
  2821628 - ETPRO WEB_SPECIFIC_APPS wSecure WP Plugin RCE
(web_specific_apps.rules)
  2821632 - ETPRO CURRENT_EVENTS Successful Gmail Phish M1 2016-08-12
(current_events.rules)
  2821656 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 2 (GET)
(trojan.rules)
  2821657 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 3 (GET)
(trojan.rules)
  2821658 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 4 (GET)
(trojan.rules)
  2821659 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 5 (GET)
(trojan.rules)
  2821660 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 6 (GET)
(trojan.rules)
  2821661 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 7 (GET)
(trojan.rules)
  2821662 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 8 (GET)
(trojan.rules)
  2821663 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 9 (GET)
(trojan.rules)
  2821664 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 10 (GET)
(trojan.rules)
  2821665 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 11 (GET)
(trojan.rules)
  2821666 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 12 (GET)
(trojan.rules)
  2821667 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 13 (GET)
(trojan.rules)
  2821668 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 14 (GET)
(trojan.rules)
  2821670 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 2 (POST)
(trojan.rules)
  2821671 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 3 (POST)
(trojan.rules)
  2821672 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 4 (POST)
(trojan.rules)
  2821673 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 5 (POST)
(trojan.rules)
  2821674 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 6 (POST)
(trojan.rules)
  2821675 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 7 (POST)
(trojan.rules)
  2821676 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 8 (POST)
(trojan.rules)
  2821677 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 9 (POST)
(trojan.rules)
  2821678 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 10 (POST)
(trojan.rules)
  2821679 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 11 (POST)
(trojan.rules)
  2821680 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 12 (POST)
(trojan.rules)
  2821681 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 13 (POST)
(trojan.rules)
  2821682 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 14 (POST)
(trojan.rules)
  2821691 - ETPRO TROJAN ZeusPOS Payload M1 (trojan.rules)
  2821695 - ETPRO TROJAN MSIL/Bancos Variant CnC Activity (trojan.rules)
  2821697 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l SMS
Exfil (mobile_malware.rules)
  2821701 - ETPRO TROJAN Unknown Likely APT CnC Beacon (trojan.rules)
  2821702 - ETPRO CURRENT_EVENTS Successful Phish OWA Credentials
2016-08-16 (current_events.rules)
  2821703 - ETPRO CURRENT_EVENTS Adobe Phishing Landing M1 2016-08-16
(current_events.rules)
  2821709 - ETPRO CURRENT_EVENTS Successful Docusign Phish M1 2016-08-17
(current_events.rules)
  2821728 - ETPRO TROJAN Wrimcom CnC Beacon (trojan.rules)
  2821729 - ETPRO TROJAN Wrimcom Fake User-Agent (trojan.rules)
  2821734 - ETPRO TROJAN Cromwi HTTP CnC Beacon 2 (trojan.rules)
  2821736 - ETPRO TROJAN Cromwi HTTP CnC Beacon (trojan.rules)
  2821752 - ETPRO TROJAN W32/Banload.XMY Variant Checkin (trojan.rules)
  2821769 - ETPRO CURRENT_EVENTS Adobe Shared Document Phishing Landing
2016-08-19 (current_events.rules)
  2821771 - ETPRO CURRENT_EVENTS Universal Webmail Phishing Landing
2016-08-19 (current_events.rules)
  2821798 - ETPRO WEB_CLIENT Possible Phishing Data Submitted to
yolasite.com M2 (web_client.rules)
  2821800 - ETPRO CURRENT_EVENTS Blocked Email Account Phishing Landing
2016-08-23 (current_events.rules)
  2821801 - ETPRO CURRENT_EVENTS Successful Blocked Email Account Phish M2
2016-08-23 (current_events.rules)
  2821805 - ETPRO TROJAN Win32/AbStealer Checkin (trojan.rules)
  2821814 - ETPRO TROJAN W32/Banload.XMY Variant Checkin (trojan.rules)
  2821815 - ETPRO CURRENT_EVENTS Targeted Office 365 Phishing Landing
2016-08-23 (current_events.rules)
  2821819 - ETPRO TROJAN Ransomware.MarsJoke CnC beacon (trojan.rules)
  2821821 - ETPRO TROJAN Godzilla CnC Beacon (trojan.rules)
  2821822 - ETPRO TROJAN Ransomware Bart CnC Beacon (trojan.rules)
  2821823 - ETPRO TROJAN Ransomware Bart User-Agent (trojan.rules)
  2821829 - ETPRO CURRENT_EVENTS Yahoo Password Strength Phishing Landing
2016-08-24 (current_events.rules)
  2821830 - ETPRO CURRENT_EVENTS Successful Yahoo Password Strength Phish
M1 2016-08-24 (current_events.rules)
  2821831 - ETPRO CURRENT_EVENTS Successful Team IPwned Phish 2016-08-24
(current_events.rules)
  2821832 - ETPRO CURRENT_EVENTS Successful Yahoo Password Strength Phish
M2 2016-08-24 (current_events.rules)
  2821833 - ETPRO TROJAN W32/Unknown Downloading Tor EXE (trojan.rules)
  2821845 - ETPRO TROJAN W32/SteamStealerX Uploading Creds (trojan.rules)
  2821846 - ETPRO CURRENT_EVENTS Successful Generic Phish - JS Redirect to
PDF 2016-08-24 (current_events.rules)
  2821851 - ETPRO CURRENT_EVENTS Google Drive Phishing Landing 2016-08-25
(current_events.rules)
  2821854 - ETPRO TROJAN Win32/Shade/Troldesh Ransomware External IP Check
2 (trojan.rules)
  2821855 - ETPRO TROJAN Win32/Shade/Troldesh Ransomware External IP Check
3 (trojan.rules)
  2821863 - ETPRO CURRENT_EVENTS Successful Chase Phish M1 2016-08-26
(current_events.rules)
  2821865 - ETPRO CURRENT_EVENTS Successful Chase Phish M3 2016-08-26
(current_events.rules)
  2821866 - ETPRO CURRENT_EVENTS Successful Chase Phish M4 2016-08-26
(current_events.rules)
  2821879 - ETPRO TROJAN MSIL/OmegaNET HTTP Bot CnC Checkin (trojan.rules)
  2821880 - ETPRO TROJAN MSIL/Unknown HTTP Bot/BTCminer CnC Checkin
(trojan.rules)
  2821882 - ETPRO INFO Suspicious Yahoo Page - Possible Phishing Landing
(info.rules)
  2821887 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2016-08-30
(current_events.rules)
  2821905 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Fakeapp.t Checkin 2
(mobile_malware.rules)
  2821906 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.lf Checkin
(mobile_malware.rules)
  2821909 - ETPRO TROJAN Sbidith CnC Beacon 2 (trojan.rules)
  2821910 - ETPRO TROJAN Sbidith CnC Beacon 3 (trojan.rules)
  2821911 - ETPRO TROJAN Sbidith CnC Beacon 4 (trojan.rules)
  2821912 - ETPRO CURRENT_EVENTS TeamIPwned/Hellion Phishing Landing
2016-08-30 (current_events.rules)
  2821915 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2016-08-30
(current_events.rules)
  2821922 - ETPRO TROJAN Ursnif Variant Connectivity Check to gnu.org
(trojan.rules)
  2821935 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2016-08-31
(current_events.rules)
  2821943 - ETPRO CURRENT_EVENTS DHL Phishing Landing 2016-08-31
(current_events.rules)
  2821944 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2016-08-31
(current_events.rules)
  2821960 - ETPRO CURRENT_EVENTS Adobe Shared Document Phishing Landing
2016-08-30 (current_events.rules)
  2821962 - ETPRO CURRENT_EVENTS Adobe Shared Document Phishing Landing M2
2016-08-31 (current_events.rules)
  2821963 - ETPRO CURRENT_EVENTS Alibaba Phishing Landing 2016-08-31
(current_events.rules)
  2821965 - ETPRO CURRENT_EVENTS Outlook 365 Encrypted Email Phishing
Landing M1 2016-08-31 (current_events.rules)
  2821967 - ETPRO INFO Data Submitted to Webeden.co.uk - Possible Phishing
(info.rules)
  2821968 - ETPRO INFO Data Submitted to Weebly.com - Possible Phishing
(info.rules)
  2821969 - ETPRO TROJAN DetoxCrypto Ransomware CnC Activity (trojan.rules)
  2821972 - ETPRO TROJAN MSIL/Grelog.A Checkin (trojan.rules)
  2821974 - ETPRO CURRENT_EVENTS Successful Google Docs Phish 2016-09-01
(current_events.rules)
  2821975 - ETPRO CURRENT_EVENTS Successful Outlook Password Update Phish
M1 2016-09-01 (current_events.rules)
  2821976 - ETPRO CURRENT_EVENTS Successful Outlook Password Update Phish
M2 2016-09-01 (current_events.rules)
  2821977 - ETPRO CURRENT_EVENTS Successful Outlook Password Update Phish
M3 2016-09-01 (current_events.rules)
  2821980 - ETPRO POLICY Suspicious Request to iplogger.ru for External IP
Address (policy.rules)
  2821981 - ETPRO MOBILE_MALWARE Android/Locker.Q Checkin
(mobile_malware.rules)
  2821982 - ETPRO CURRENT_EVENTS Facebook Phishing Landing 2016-09-02
(current_events.rules)
  2821983 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2016-09-02
(current_events.rules)
  2821984 - ETPRO CURRENT_EVENTS Successful Google Drive Phish 2016-09-02
(current_events.rules)
  2821986 - ETPRO TROJAN Backdoor.Cadelspy CnC Beacon (BITS) (trojan.rules)
  2821990 - ETPRO CURRENT_EVENTS Successful Chase Phish 2016-09-02
(current_events.rules)
  2821993 - ETPRO CURRENT_EVENTS Successful Webmail Validator Phish M2
2016-09-02 (current_events.rules)
  2821994 - ETPRO CURRENT_EVENTS Webmail Validator Phishing Landing
2016-09-02 (current_events.rules)
  2822000 - ETPRO TROJAN Cry Ransomware Fake PNG POST of System Information
to Imgur (trojan.rules)
  2822003 - ETPRO CURRENT_EVENTS Account Update Phishing Landing 2016-09-06
(current_events.rules)
  2822005 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2016-09-06
(current_events.rules)
  2822009 - ETPRO MOBILE_MALWARE Android/JSmsHider.O Checkin 2
(mobile_malware.rules)
  2822023 - ETPRO POLICY IP Check ip.tool.la (policy.rules)
  2822024 - ETPRO TROJAN Win32.Qqthief.A IP Check (trojan.rules)
  2822038 - ETPRO INFO Suspicious Minimal HTTP Refresh to Googledrive.com -
Possible Phishing (info.rules)
  2822040 - ETPRO CURRENT_EVENTS Fedex Javascript Phishing Landing
2016-09-08 (current_events.rules)
  2822051 - ETPRO TROJAN Win32/Flyper Ransomware CnC Checkin (trojan.rules)
  2822056 - ETPRO CURRENT_EVENTS Successful Microsoft Live Email Account
Phish 2016-09-08 (current_events.rules)
  2822068 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2016-09-09
(current_events.rules)
  2822073 - ETPRO TROJAN MalDoc Unknown CnC Callback Sept 9 (trojan.rules)
  2822074 - ETPRO WEB_SPECIFIC_APPS FreePBX Music.class.php Unauthenticated
RCE (web_specific_apps.rules)
  2822108 - ETPRO CURRENT_EVENTS Successful SeniorPeopleMeet Phish M1
2016-09-14 (current_events.rules)
  2822109 - ETPRO CURRENT_EVENTS Successful SeniorPeopleMeet Phish M2
2016-09-14 (current_events.rules)
  2822123 - ETPRO TROJAN MSIL/Oldbot HTTP Bot CnC Checkin M1 (trojan.rules)
  2822124 - ETPRO TROJAN MSIL/Oldbot HTTP Bot CnC Checkin M2 (trojan.rules)
  2822134 - ETPRO TROJAN Win32/Unknown HTTP Bot CnC Checkin 1 (trojan.rules)
  2822135 - ETPRO TROJAN Win32/Unknown HTTP Bot CnC Checkin 2 (trojan.rules)
  2822145 - ETPRO CURRENT_EVENTS Successful View Samples Phish 2016-09-09
(current_events.rules)
  2822147 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M1 2016-09-16
(current_events.rules)
  2822148 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M2 2016-09-16
(current_events.rules)
  2822171 - ETPRO TROJAN ClipBanker.V Configuration File Download
(trojan.rules)
  2822173 - ETPRO MOBILE_MALWARE Android/Niynuy.A Checkin 3
(mobile_malware.rules)
  2822185 - ETPRO CURRENT_EVENTS Successful US Bank Phish 2016-09-20
(current_events.rules)
  2822226 - ETPRO CURRENT_EVENTS Successful Excel Phish 2016-09-26
(current_events.rules)
  2822227 - ETPRO TROJAN Caretni Bot CnC Beacon (trojan.rules)
  2822232 - ETPRO TROJAN ORK/ARIK Keylogger Downloaded (trojan.rules)
  2822237 - ETPRO TROJAN Successful MalDoc Password Exfil (trojan.rules)
  2822243 - ETPRO TROJAN MSIL.ShopBot.avf Downloader Checkin Response
(trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200727/4d19204d/attachment-0001.html>


More information about the Emerging-updates mailing list