[Emerging-updates] Daily Ruleset Update Summary 2020/07/31

Jack Mott jmott at emergingthreats.net
Fri Jul 31 14:54:04 HDT 2020


 [***]            Summary:            [***]

10 new OPEN, 18 new PRO (10 + 8). Win32/PurpleWave, FormatFactory, OILRIG,
Coinminers, VARIOUS PHISH.

Thanks: @james_inthe_box, @3xp0rtblog.

Today it is Friday.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030625 - ET TROJAN Win32/PurpleWave Stealer Requesting Config
(trojan.rules)
  2030626 - ET TROJAN Win32/PurpleWave Stealer CnC Exfil (trojan.rules)
  2030627 - ET TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2030628 - ET INFO HTTP POST Form Submitted to 123formbuilder Free Hosting
(info.rules)
  2030629 - ET INFO HTTP POST Form Submitted to Weebly Free Hosting
(info.rules)
  2030630 - ET EXPLOIT Attempted Netgear Buffer Overflow into RCE Inbound
M1 (exploit.rules)
  2030631 - ET EXPLOIT Attempted Netgear Buffer Overflow into RCE Inbound
M2 (exploit.rules)
  2030632 - ET MALWARE FormatFactory Install Checkin (malware.rules)
  2030633 - ET TROJAN Matiex Keylogger Exfil Via Telegram (trojan.rules)
  2030634 - ET TROJAN OILRIG CnC POST (trojan.rules)

Pro:

  2843763 - ETPRO CURRENT_EVENTS Observed POST to .beget .tech Domain -
Likely Evil (current_events.rules)
  2843765 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-07-31
(current_events.rules)
  2843766 - ETPRO CURRENT_EVENTS Successful Sicredi Phish 2020-07-31
(current_events.rules)
  2843767 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2020-07-31
(current_events.rules)
  2843768 - ETPRO CURRENT_EVENTS Successful Assurance Maladie FR Phish
2020-07-31 (current_events.rules)
  2843769 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2020-07-31
(current_events.rules)
  2843770 - ETPRO CURRENT_EVENTS Successful Credit Mutuel Phish 2020-07-31
(current_events.rules)
  2843771 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-31 1) (trojan.rules)

[///]     Modified active rules:     [///]

  2023337 - ET TROJAN Win32/Infostealer.Snifula File Upload (trojan.rules)
  2023345 - ET TROJAN Win32/CryPy Ransomware CnC Checkin (trojan.rules)
  2023346 - ET TROJAN Win32/CryPy Ransomware Encrypting File (trojan.rules)
  2023351 - ET WEB_SPECIFIC_APPS User Agent (SQLi Injection / Scanning)
(web_specific_apps.rules)
  2023481 - ET TROJAN MSIL/HadesLocker Ransomware Checkin (trojan.rules)
  2804112 - ETPRO TROJAN Backdoor.Win32.Bifrose User-Agent (httpbot)
(trojan.rules)
  2820787 - ETPRO TROJAN DiamondFox HTTP POST CnC Response (trojan.rules)
  2821767 - ETPRO TROJAN W32/Joinme Dropper EXE DL (trojan.rules)
  2822394 - ETPRO TROJAN MSIL/UBN CP Downloader Requesting Payload
(trojan.rules)
  2822418 - ETPRO CURRENT_EVENTS Successful Amazon Phish M1 Oct 05 2016
(current_events.rules)
  2822422 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Oct 05 2016
(current_events.rules)
  2822429 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.bw Checkin
(mobile_malware.rules)
  2822453 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Lirose.a Checkin
(mobile_malware.rules)
  2822457 - ETPRO TROJAN W32.Palibu Banker Checkin (trojan.rules)
  2822464 - ETPRO CURRENT_EVENTS Successful Orange (FR) Phish Oct 06 2016
(current_events.rules)
  2822473 - ETPRO TROJAN Ransomware Locky CnC Beacon Oct 3 (trojan.rules)
  2822484 - ETPRO TROJAN Kostya Ransomware CnC Checkin (trojan.rules)
  2822489 - ETPRO CURRENT_EVENTS Successful Supplier Portal Phish Oct 07
2016 (current_events.rules)
  2822490 - ETPRO CURRENT_EVENTS Successful DHL Phish Oct 07 2016
(current_events.rules)
  2822494 - ETPRO CURRENT_EVENTS Successful Apple Phish (FR) M1 Oct 07 2016
(current_events.rules)
  2822495 - ETPRO CURRENT_EVENTS Successful Apple Phish (FR) M2 Oct 07 2016
(current_events.rules)
  2822506 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Oct 07 M2
(current_events.rules)
  2822520 - ETPRO TROJAN Vulnerable HTTP Server Version (Linux.Mirai)
(trojan.rules)
  2822551 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Oct 10 2016
(current_events.rules)
  2822568 - ETPRO CURRENT_EVENTS Successful Gmail Phish M2 Oct 11 2016
(current_events.rules)
  2822579 - ETPRO TROJAN Backdoor.Win32.Mocker Variant Checkin M1
(trojan.rules)
  2822580 - ETPRO TROJAN Backdoor.Win32.Mocker Variant Checkin M2
(trojan.rules)
  2822600 - ETPRO TROJAN Win32/CONFUCIUS_A CnC Beacon (trojan.rules)
  2822603 - ETPRO CURRENT_EVENTS Phishing Landing via Webeden.net Oct 13
2016 (current_events.rules)
  2822620 - ETPRO TROJAN Win32/Wemosis.C Checkin (trojan.rules)
  2822642 - ETPRO CURRENT_EVENTS Successful Yahoo Phish Oct 14 2016
(current_events.rules)
  2822658 - ETPRO TROJAN AutoLOG v2 Keylogger Client Checkin (trojan.rules)
  2822662 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Oct 17 2016
(current_events.rules)
  2822711 - ETPRO CURRENT_EVENTS Successful DHL Phish Oct 18 2016
(current_events.rules)
  2822735 - ETPRO TROJAN Known Malicious User-Agent (pb) Possible
Win32.ProxyBack or Win32.Htbot.B (trojan.rules)
  2822772 - ETPRO TROJAN MSIL/Zaebalo Checkin (trojan.rules)
  2822777 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.AVPass.i Checkin
(mobile_malware.rules)
  2822782 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish Oct 20
2016 (current_events.rules)
  2822789 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish Oct 20 2016
(current_events.rules)
  2827457 - ETPRO CURRENT_EVENTS Successful Fidelity Phish M1 Aug 08 2017
(current_events.rules)
  2834158 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2018-12-31
(current_events.rules)
  2839763 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-12-05
(current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200731/cf0de1bc/attachment.html>


More information about the Emerging-updates mailing list