[Emerging-updates] Daily Ruleset Update Summary 2020/03/12

James Emery-Callcott jcallcott at emergingthreats.net
Thu Mar 12 17:17:45 HDT 2020


[***]            Summary:            [***]

  7 new Open, 25 new Pro (7 + 18).  Win32/RKO (outta nowhere), Zyxel RCE,
Remcos, Various SSL/TLS, Various Phish, Others.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2029615 - ET TROJAN PXJ Ransomware CnC Activity (trojan.rules)
  2029616 - ET EXPLOIT Zyxel NAS RCE Attempt Inbound (CVE-2020-9054) M1
(exploit.rules)
  2029617 - ET EXPLOIT Zyxel NAS RCE Attempt Inbound (CVE-2020-9054) M2
(exploit.rules)
  2029618 - ET EXPLOIT Zoho ManageEngine Desktop Central RCE Inbound
(CVE-2020-10189) (exploit.rules)
  2029619 - ET MOBILE_MALWARE Suspected SandCat Related CnC
(mobile_malware.rules)
  2029621 - ET TROJAN Suspected SandCat Related Communication (POST)
(trojan.rules)
  2029622 - ET POLICY External IP Lookup (ipify .org) (policy.rules)

Pro:

  2841482 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-12 1) (trojan.rules)
  2841483 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-12 2) (trojan.rules)
  2841484 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-03-12 (current_events.rules)
  2841485 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-03-12 (current_events.rules)
  2841486 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-12
(current_events.rules)
  2841487 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-12
(current_events.rules)
  2841488 - ETPRO TROJAN Win32/Stealer.ryb Host Checkin (trojan.rules)
  2841489 - ETPRO CURRENT_EVENTS Successful Orange Phish 2020-03-12
(current_events.rules)
  2841490 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-03-12
(current_events.rules)
  2841491 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-03-12
(current_events.rules)
  2841492 - ETPRO CURRENT_EVENTS Successful ADP Phish 2020-03-12
(current_events.rules)
  2841493 - ETPRO TROJAN Win32/RKO Checkin (trojan.rules)
  2841494 - ETPRO TROJAN Win32/Remcos RAT Checkin 363 (trojan.rules)
  2841495 - ETPRO TROJAN Win32/Remcos RAT Checkin 364 (trojan.rules)
  2841496 - ETPRO TROJAN Win32/Remcos RAT Checkin 365 (trojan.rules)
  2841497 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2841498 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC)
(trojan.rules)
  2841499 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC)
(trojan.rules)

[///]     Modified active rules:     [///]

  2011839 - ET WEB_SPECIFIC_APPS PHP-Fusion mguser fotoalbum album_id
Parameter DELETE FROM SQL Injection Attempt (web_specific_apps.rules)
  2011927 - ET WEB_SPECIFIC_APPS SiteloomCMS mailform_1 variable Cross Site
Scripting Attempt (web_specific_apps.rules)
  2011929 - ET WEB_SPECIFIC_APPS Joomla Component com_banners
banners.class.php Remote File inclusion Attempt (web_specific_apps.rules)
  2012407 - ET WEB_SPECIFIC_APPS Potential Wordpress local file disclosure
vulnerability (web_specific_apps.rules)
  2012408 - ET WEB_SPECIFIC_APPS Potential Wordpress local file disclosure
vulnerability (web_specific_apps.rules)
  2826720 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 11
(mobile_malware.rules)
  2826748 - ETPRO MOBILE_MALWARE Android.Trojan.FakeApp.AS CnC Beacon
(mobile_malware.rules)
  2826786 - ETPRO MOBILE_MALWARE Trojan-PSW.AndroidOS.Inazun.h CnC Beacon 2
(mobile_malware.rules)
  2826803 - ETPRO MOBILE_MALWARE Android/Triada.DZ Checkin
(mobile_malware.rules)
  2826804 - ETPRO MOBILE_MALWARE Android/Triada.DZ Checkin 2
(mobile_malware.rules)
  2826806 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Triada.d Checkin
3 (mobile_malware.rules)
  2826807 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Triada.d Checkin
4 (mobile_malware.rules)
  2826808 - ETPRO MOBILE_MALWARE Android.Trojan.Triada.EY Checkin
(mobile_malware.rules)
  2826809 - ETPRO MOBILE_MALWARE Android.Trojan.Triada.EY Checkin 2
(mobile_malware.rules)
  2826823 - ETPRO MOBILE_MALWARE Android.Trojan.Downloader.IJ CnC Beacon
(mobile_malware.rules)
  2826836 - ETPRO MOBILE_MALWARE Android/Clicker.HA Checkin 2
(mobile_malware.rules)
  2841358 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04 M1
(current_events.rules)
  2841359 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04 M2
(current_events.rules)
  2841360 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04 M3
(current_events.rules)
  2841361 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04 M4
(current_events.rules)
  2841362 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04 M5
(current_events.rules)
  2841363 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04 M6
(current_events.rules)
  2841364 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04 M7
(current_events.rules)
  2841365 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04 M8
(current_events.rules)
  2841366 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04 M9
(current_events.rules)
  2841367 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04 M10
(current_events.rules)
  2841368 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04 M11
(current_events.rules)
  2841460 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)
  2841461 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)
  2841462 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)
  2841463 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)
  2841464 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)
  2841465 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)
  2841467 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)
  2841468 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)
  2841469 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)
  2841470 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)
  2841471 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)
  2841472 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)

[---]  Disabled and modified rules:  [---]

  2011871 - ET POLICY SubmitToTDWTF.asmx DailyWTF Potential Source Code
Leakage (policy.rules)
  2012140 - ET MOBILE_MALWARE Android Trojan Command and Control
Communication (mobile_malware.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200313/7a525ab0/attachment.html>


More information about the Emerging-updates mailing list