[Emerging-updates] Daily Ruleset Update Summary 2020/07/29

Jack Mott jmott at emergingthreats.net
Wed Jul 29 14:34:19 HDT 2020


 [***]            Summary:            [***]

7 new OPEN, 26 new PRO (7 + 19). ThiefQuest,
Win32/Fsysna.hlwd, Win32/Spy.Banker.QEO,  BlackClaw Ransomware, VARIOUS
PHISHING.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030607 - ET TROJAN Observed Malicious SSL Cert (MalDoc DL 2020-07-29)
(trojan.rules)
  2030608 - ET WEB_SERVER Generic Webshell Accessed on Internal Compromised
Server (web_server.rules)
  2030609 - ET WEB_CLIENT Generic Webshell Accessed on External Compromised
Server (web_client.rules)
  2030610 - ET CURRENT_EVENTS Possible Phishing Landing Captcha Check
(current_events.rules)
  2030611 - ET CURRENT_EVENTS Generic Phishing Panel Accessed on External
Server (current_events.rules)
  2030612 - ET CURRENT_EVENTS Generic Phishing Panel Accessed on Internal
Server (current_events.rules)
  2030613 - ET TROJAN ThiefQuest CnC Domain in DNS Lookup (trojan.rules)

Pro:

  2843728 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2020-07-29)
(trojan.rules)
  2843729 - ETPRO TROJAN Win32/Fsysna.hlwd CnC Checkin (trojan.rules)
  2843730 - ETPRO POLICY AppWizard Installer (Possible PUP/PUA) Activity
(policy.rules)
  2843731 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2843732 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2843733 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-29 1) (trojan.rules)
  2843734 - ETPRO TROJAN Win32/Spy.Banker.QEO Variant CnC Host Checkin
(trojan.rules)
  2843735 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-07-29
(current_events.rules)
  2843736 - ETPRO CURRENT_EVENTS Successful Ebay Phish 2020-07-29
(current_events.rules)
  2843737 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-07-29 (current_events.rules)
  2843738 - ETPRO CURRENT_EVENTS Successful Generic Phish (parent.location)
M1 2020-07-29 (current_events.rules)
  2843739 - ETPRO CURRENT_EVENTS Successful Generic Phish (parent.location)
M2 2020-07-29 (current_events.rules)
  2843740 - ETPRO CURRENT_EVENTS Possible Successful Firebase Hosted Phish
2020-07-29 (current_events.rules)
  2843741 - ETPRO CURRENT_EVENTS Possible Successful Firebase Hosted Phish
2020-07-29 (current_events.rules)
  2843742 - ETPRO CURRENT_EVENTS Successful Comcast/Xfinity Phish
2020-07-29 (current_events.rules)
  2843743 - ETPRO CURRENT_EVENTS Successful Generic Personalized Phish
2020-07-29 (current_events.rules)
  2843744 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-07-29
(current_events.rules)
  2843745 - ETPRO TROJAN BlackClaw Ransomware Domain in DNS Lookup
(trojan.rules)
  2843746 - ETPRO TROJAN BlackClaw Ransomware CnC (trojan.rules)

[///]     Modified active rules:     [///]

  2007695 - ET POLICY Windows 98 User-Agent Detected - Possible Malware or
Non-Updated System (policy.rules)
  2023306 - ET TROJAN Anuna PHP Backdoor Sucessful Exploit (trojan.rules)
  2023964 - ET CURRENT_EVENTS Successful WeTransfer Phish Oct 04 2016
(current_events.rules)
  2025002 - ET CURRENT_EVENTS Successful Personalized OWA Webmail Phish Oct
04 2016 (current_events.rules)
  2809023 - ETPRO TROJAN Pkybot Checkin (trojan.rules)
  2815287 - ETPRO TROJAN RTM Banker CnC M1 (trojan.rules)
  2815288 - ETPRO TROJAN RTM Banker CnC M2 (trojan.rules)
  2815661 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
(mobile_malware.rules)
  2815900 - ETPRO INFO Possible Phishing Landing via MoonFruit.com (set)
Jan 22 (info.rules)
  2815901 - ETPRO INFO Possible Phishing Landing via MoonFruit.com Jan 22
M1 (info.rules)
  2815902 - ETPRO INFO Possible Phishing Landing via MoonFruit.com Jan 22
M2 (info.rules)
  2815903 - ETPRO INFO Possible Phishing Landing via MoonFruit.com Jan 22
M3 (info.rules)
  2815963 - ETPRO INFO Possible Phishing Landing via Moonfruit Jan 26 M2
(info.rules)
  2822285 - ETPRO CURRENT_EVENTS Successful FreeMobile (FR) Phish Sept 28
2016 (current_events.rules)
  2822289 - ETPRO CURRENT_EVENTS Unknown MalDoc Requesting Remote Template
M1 (current_events.rules)
  2822293 - ETPRO TROJAN AgentTesla PWS Exfil via HTTP (trojan.rules)
  2822294 - ETPRO POLICY Internal Host Retrieving External IP Address (
geolocation.com) (policy.rules)
  2822295 - ETPRO TROJAN iSpy/HawkSpy Keylogger PWS Checkin via HTTP
(trojan.rules)
  2822296 - ETPRO TROJAN iSpy/HawkSpy Keylogger PWS Checkin via HTTP M2
(trojan.rules)
  2822303 - ETPRO TROJAN BKDR_ASPXSPY.A Checkin (trojan.rules)
  2822311 - ETPRO CURRENT_EVENTS Successful Apple Phish M1 Sept 29 2016
(current_events.rules)
  2822325 - ETPRO TROJAN Win32/CONFUCIUS_B CnC Checkin (trojan.rules)
  2822330 - ETPRO TROJAN MSIL/Eskimo.A Steam PWS Fake Alert (trojan.rules)
  2822334 - ETPRO CURRENT_EVENTS Successful Facebook Phish M1 Sep 30 2016
(current_events.rules)
  2822340 - ETPRO CURRENT_EVENTS Successful Postbank Online Banking Phish
M1 Sep 30 2016 (current_events.rules)
  2822341 - ETPRO CURRENT_EVENTS Successful Postbank Online Banking Phish
M2 Sep 30 2016 (current_events.rules)
  2822344 - ETPRO TROJAN MSIL/Bazidow.A CnC Checkin (trojan.rules)
  2822360 - ETPRO INFO Possible Phishing Landing via Moonfruit Oct 3 M1
(info.rules)
  2822361 - ETPRO INFO Possible Phishing Landing via Moonfruit Oct 3 M2
(info.rules)
  2822363 - ETPRO TROJAN Win32/Agent.XWB CnC Beacon (trojan.rules)
  2822364 - ETPRO CURRENT_EVENTS Unknown MalDoc Requesting Remote Template
M2 (current_events.rules)
  2822368 - ETPRO WEB_CLIENT Suspicious Byethost Phishing Redirect Oct 04
2016 (web_client.rules)
  2822373 - ETPRO CURRENT_EVENTS Successful Generic OWA Phish Oct 04 2016
(current_events.rules)
  2822381 - ETPRO CURRENT_EVENTS Paypal Phishing Landing (DE) Oct 04 2016
(current_events.rules)
  2822384 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Oct 04 2016
(fbset) (current_events.rules)
  2822385 - ETPRO CURRENT_EVENTS Possible Evil Redirector Leading to EK Oct
04 2016 (BossTDS) M1 (current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200729/ef3ec247/attachment.html>


More information about the Emerging-updates mailing list