[Emerging-updates] Daily Ruleset Update Summary 2020/07/30

James Emery-Callcott jcallcott at emergingthreats.net
Thu Jul 30 13:51:17 HDT 2020


[***]            Summary:            [***]

        11 new OPEN, 27 new PRO (11 + 16).

        Thanks: @james_inthe_box.

        Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

        2030614 - ET TROJAN Observed Malicious SSL Cert (Lazarus APT MalDoc
DL 2020-07-30) (trojan.rules)
        2030615 - ET TROJAN Observed Lazarus APT MalDoc DL Domain in TLS
SNI (trojan.rules)
        2030616 - ET POLICY XenArmor Password Recovery License Check
(policy.rules)
        2030617 - ET CURRENT_EVENTS Instagram Fake Copyright Infringement
Hosted on 000webhostapp (current_events.rules)
        2030618 - ET CURRENT_EVENTS Possible Phishing Script Hosted on
000webhostapp (current_events.rules)
        2030619 - ET CURRENT_EVENTS Observed Let's Encrypt Certificate
containing Instagram (current_events.rules)
        2030620 - ET CURRENT_EVENTS Generic Webmail Phishing Landing
(current_events.rules)
        2030621 - ET CURRENT_EVENTS Generic Financial Phone Support
Scam/Phishing Landing M1 (current_events.rules)
        2030622 - ET CURRENT_EVENTS Generic Financial Phone Support
Scam/Phishing Landing M2 (current_events.rules)
        2030623 - ET USER_AGENTS Suspicious User-Agent (firefox)
(user_agents.rules)
        2030624 - ET USER_AGENTS Suspicious User-Agent (chrome)
(user_agents.rules)

Pro:

        2843747 - ETPRO TROJAN Observed Taurus Stealer CnC Domain in TLS
SNI (trojan.rules)
        2843748 - ETPRO TROJAN Win32/DarkRat Variant CnC Activity
(trojan.rules)
        2843749 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL
2020-07-30) (trojan.rules)
        2843750 - ETPRO TROJAN Win32/Taurus Stealer CnC Checkin
(trojan.rules)
        2843751 - ETPRO TROJAN Win32/Valak Stealer v51 CnC Activity M1
(trojan.rules)
        2843752 - ETPRO TROJAN Win32/Valak Stealer v51 CnC Activity M2
(trojan.rules)
        2843753 - ETPRO TROJAN Win32/Valak Stealer Retrieving Payload
(trojan.rules)
        2843754 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-30 1) (trojan.rules)
        2843755 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-30 2) (trojan.rules)
        2843756 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2020-07-30
(current_events.rules)
        2843757 - ETPRO CURRENT_EVENTS Successful Moneygram Phish
2020-07-30 (current_events.rules)
        2843758 - ETPRO CURRENT_EVENTS Possible Successful Firebase Hosted
Phish 2020-07-30 (current_events.rules)
        2843759 - ETPRO CURRENT_EVENTS Successful Generic Inmotionhosting
Hosted Phish 2020-07-30 (current_events.rules)
        2843760 - ETPRO TROJAN Win32/Kryptik.EQDJ Variant Checkin
(trojan.rules)
        2843761 - ETPRO TROJAN Win32/Remcos RAT Checkin 506 (trojan.rules)
        2843762 - ETPRO TROJAN Win32/Remcos RAT Checkin 507 (trojan.rules)

[///]     Modified active rules:     [///]

        2806798 - ETPRO POLICY XenArmor Password Recovery License
Check/securityxploded retrieval UA (policy.rules)
        2843746 - ETPRO TROJAN BlackClaw Ransomware CnC (trojan.rules)


---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200730/0c59796d/attachment.html>


More information about the Emerging-updates mailing list