[Emerging-updates] Daily Ruleset Update Summary 2020/06/18

Jason Williams jwilliams at emergingthreats.net
Thu Jun 18 13:21:26 HDT 2020


[***]            Summary:            [***]

  8 Open, 18 Pro (8 + 10). Cobalt Strike, DiplomatLoader, ZEROCRAT,
Kimsuky, Various Phishing.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

 Open:

  2030349 - ET TROJAN Observed Malicious SSL Cert (Cobalt Strike Malleable
C2 Domain) (trojan.rules)
  2030350 - ET TROJAN Observed Malicious SSL Cert (MalDoc DL 2020-06-18)
(trojan.rules)
  2030351 - ET TROJAN SSL/TLS Certificate Observed (DiplomatLoader)
(trojan.rules)
  2030352 - ET TROJAN Possible DNS Tunneling Observed (trojan.rules)
  2030353 - ET MALWARE Win32/Adware.VrBrothers.AI Variant CnC Activity
(malware.rules)
  2030354 - ET MALWARE MediaDrug CnC Activity (malware.rules)
  2030355 - ET MALWARE SUPERAntiSpyware Install Checkin (malware.rules)
  2030356 - ET TROJAN Operation Interception Beacon (trojan.rules)

 Pro:

  2843097 - ETPRO TROJAN Observed DNS Query to DADSTACHE/Leviathan CnC
Domain (trojan.rules)
  2843098 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-06-18
(current_events.rules)
  2843099 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-18 1) (trojan.rules)
  2843100 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-18 2) (trojan.rules)
  2843101 - ETPRO TROJAN Kimsuky Related Host Data Exfil M3 (trojan.rules)
  2843102 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2020-06-18
(current_events.rules)
  2843103 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-06-18
(current_events.rules)
  2843104 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-06-18
(current_events.rules)
  2843105 - ETPRO TROJAN Win32/Remcos RAT Checkin 465 (trojan.rules)
  2843106 - ETPRO TROJAN ZEROCRAT Client Info Post M2 (trojan.rules)

 [///]     Modified active rules:     [///]

  2022467 - ET TROJAN Bedep Connectivity Check M2 (trojan.rules)
  2022470 - ET TROJAN CenterPOS Delete Plugins (trojan.rules)
  2022471 - ET TROJAN CenterPOS Load Plugins (trojan.rules)
  2807783 - ETPRO TROJAN Win32/TrojanProxy.Agent.NJK CnC Checkin Response
(trojan.rules)
  2812408 - ETPRO TROJAN Win32/Venik HTTP CnC Beacon Response 1
(trojan.rules)
  2815943 - ETPRO TROJAN Win32/Toga!rfn Checkin (trojan.rules)
  2815995 - ETPRO TROJAN Unknown/PyInstaller CnC Checkin M2 (trojan.rules)
  2815997 - ETPRO TROJAN Unknown.PWS CnC Checkin (trojan.rules)
  2816009 - ETPRO TROJAN Password Stealer MSIL/Spy.Agent.AIF Checkin
(trojan.rules)
  2816011 - ETPRO TROJAN Win32/Banatrix Variant Checkin (trojan.rules)
  2816013 - ETPRO CURRENT_EVENTS Navy Federal Credit Union Phishing Landing
2016-01-30 (current_events.rules)
  2816016 - ETPRO TROJAN Yuckyll CnC Beacon 1 M2 (trojan.rules)
  2836270 - ETPRO TROJAN QuasarRAT C2 Init (trojan.rules)
  2841429 - ETPRO TROJAN MSIL/Spy.Small.EU Variant Host Checkin
(trojan.rules)
  2842984 - ETPRO TROJAN Unk.Loader Retrieving Payload 2020-06-11
(trojan.rules)
  2843029 - ETPRO TROJAN KarenLogger CnC Host Checkin (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200618/2af120ed/attachment.html>


More information about the Emerging-updates mailing list