[Emerging-updates] Daily Ruleset Update Summary 2020/03/03

Jack Mott jmott at emergingthreats.net
Tue Mar 3 13:26:29 HST 2020


[***]            Summary:            [***]

 13 new Open, 36 new Pro (13 + 23). Get2, SmokeLoader, BlackTech
ELF/TSCookie, GoBotKR, Win32/Presenoker, and VARIOUS PHISHING

 Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

 Open:

  2029555 - ET TROJAN Observed Malicious SSL Cert (Get2 CnC) (trojan.rules)
  2029556 - ET TROJAN Observed Malicious SSL Cert (SmokeLoader CnC)
(trojan.rules)
  2029557 - ET TROJAN Observed Malicious SSL Cert (SmokeLoader CnC)
(trojan.rules)
  2029558 - ET TROJAN Observed Malicious SSL Cert (SmokeLoader CnC)
(trojan.rules)
  2029559 - ET TROJAN BlackTech ELF/TSCookie CnC Observed in DNS Query
(trojan.rules)
  2029560 - ET TROJAN BlackTech ELF/TSCookie CnC Observed in DNS Query
(trojan.rules)
  2029561 - ET TROJAN Observed GoBotKR Domain in TLS SNI (trojan.rules)
  2029562 - ET TROJAN Observed GoBotKR Domain in TLS SNI (trojan.rules)
  2029563 - ET TROJAN Observed GoBotKR Domain in TLS SNI (trojan.rules)
  2029564 - ET TROJAN Observed GoBotKR Domain in TLS SNI (trojan.rules)
  2029565 - ET TROJAN Observed GoBotKR Domain in TLS SNI (trojan.rules)
  2029566 - ET TROJAN Magecart CnC Domain in DNS Lookup (trojan.rules)
  2029567 - ET TROJAN Observed Magecart Domain (webscriptly .com in TLS
SNI) (trojan.rules)

Pro:

  2841309 - ETPRO TROJAN Win32/SystemBC CnC Checkin (trojan.rules)
  2841310 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-03 1) (trojan.rules)
  2841311 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-03 2) (trojan.rules)
  2841312 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-03 3) (trojan.rules)
  2841313 - ETPRO CURRENT_EVENTS Successful BT Phish 2020-03-03
(current_events.rules)
  2841314 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-03-03 (current_events.rules)
  2841315 - ETPRO CURRENT_EVENTS Successful Minha BV Phish 2020-03-03
(current_events.rules)
  2841316 - ETPRO CURRENT_EVENTS Successful Minha BV Phish 2020-03-03
(current_events.rules)
  2841317 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-03-03
(current_events.rules)
  2841318 - ETPRO CURRENT_EVENTS Successful SECU Phish 2020-03-03
(current_events.rules)
  2841319 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-03-03
(current_events.rules)
  2841320 - ETPRO TROJAN MSIL/Spy.Agent.BYQ Variant CnC Activity
(trojan.rules)
  2841321 - ETPRO CURRENT_EVENTS Successful KBC Phish 2020-03-03
(current_events.rules)
  2841322 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-03-03
(current_events.rules)
  2841323 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-03-03 (current_events.rules)
  2841324 - ETPRO TROJAN Ursu Variant CnC Activity (trojan.rules)
  2841325 - ETPRO CURRENT_EVENTS Possible Successful Herokuapp Hosted Phish
2020-03-03 (current_events.rules)
  2841326 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Injects CnC)
(trojan.rules)
  2841327 - ETPRO TROJAN Win32/Presenoker Requesting Batch File M9
(trojan.rules)
  2841328 - ETPRO TROJAN SuperCadix MalDoc Communicating with CnC (POST)
(trojan.rules)
  2841329 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC)
(trojan.rules)
  2841330 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC)
(trojan.rules)

 [///]     Modified active rules:     [///]

  2017313 - ET TROJAN China Chopper Command Struct (trojan.rules)
  2018358 - ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake
Browser 1 (info.rules)
  2019129 - ET TROJAN Backdoor.Win32/Dervec.gen Connectivity Check to
Google (trojan.rules)
  2019141 - ET TROJAN Zbot POST Request to C2 (trojan.rules)
  2019168 - ET TROJAN Tinba Checkin (trojan.rules)
  2019749 - ET WEB_SERVER FOX-SRT - Backdoor - CryptoPHP Shell C2 POST
(fsockopen) (web_server.rules)
  2020027 - ET TROJAN Win32/Spy.Agent.OHT - AnunakAPT HTTP Checkin 1
(trojan.rules)
  2803709 - ETPRO TROJAN Trojan-Downloader.Win32.Diple.A Checkin 1
(trojan.rules)
  2803840 - ETPRO WEB_CLIENT Microsoft Active Accessibility oleacc.dll
Insecure Library Loading Code Execution - WebDAV (web_client.rules)
  2803895 - ETPRO TROJAN Win32/Gevenbu.A Checkin (trojan.rules)
  2808035 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.fe Checkin
(mobile_malware.rules)
  2808174 - ETPRO TROJAN Win32/Itsproc!gmb DLL Retrieval (trojan.rules)
  2808329 - ETPRO TROJAN Win32/SpamTool.Tedroo.BC Downloading
CryptoWall/Malex (trojan.rules)
  2808483 - ETPRO TROJAN Backdoor.APT.Lurid Checkin via POST (trojan.rules)
  2808490 - ETPRO TROJAN WORM Gammima.AG Checkin (trojan.rules)
  2808550 - ETPRO TROJAN Win32/Tofsee.av Loader Checkin (trojan.rules)
  2808621 - ETPRO MALWARE PUP/Win32.IBryte Checkin via HTTP (malware.rules)
  2808643 - ETPRO TROJAN Zeus variant C2 (trojan.rules)
  2808915 - ETPRO TROJAN Trojan.FakeAlert.CAF Checkin (trojan.rules)
  2809054 - ETPRO EXPLOIT Incredible PBX RCE Attempt (exploit.rules)
  2809127 - ETPRO MALWARE PUP.3lsoft Checkin (malware.rules)
  2810099 - ETPRO TROJAN Chthonic CnC Beacon 7 (trojan.rules)

 [---]         Disabled rules:        [---]

  2808249 - ETPRO TROJAN Win32/Gablrub Checkin (trojan.rules)
  2808359 - ETPRO MALWARE Facemoi Adware Installer Download (malware.rules)
  2808572 - ETPRO MALWARE Win32/AdWare.Laban.G Checkin (malware.rules)
  2808774 - ETPRO TROJAN Win32.Sasfis Checkin (trojan.rules)
  2809205 - ETPRO TROJAN Win32.Trojan.Win32/Agent.QRI (Korplug Related)
Checkin (trojan.rules)
  2820288 - ETPRO TROJAN Bolek/Kbot CnC Checkin (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200303/2b03ec29/attachment.html>


More information about the Emerging-updates mailing list