[Emerging-updates] Daily Ruleset Update Summary 2020/03/24

Brandon Murphy bmurphy at emergingthreats.net
Tue Mar 24 14:32:02 HDT 2020


[***]            Summary:            [***]

5 new Open, 30 new Pro (5 + 25). Win32/RaaLoader CnC, TROJAN Win32/Milum
CnC, Linksys WRT54G Command Injection, Various Phishing.

Thanks @nstarke

[+++]          Added rules:          [+++]

Open:

  2029730 - ET TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
  2029731 - ET TROJAN Win32/RaaLoader CnC Activity (trojan.rules)
  2029732 - ET CURRENT_EVENTS Common Unhidebody Function Observed in
Phishing Landing (current_events.rules)
  2029733 - ET WEB_CLIENT Microsoft Tech Support Scam 2020-03-24
(web_client.rules)
  2029734 - ET EXPLOIT Linksys WRT54G Version 3.1 Command Injection Attempt
(exploit.rules)

Pro:

  2841676 - ETPRO TROJAN Win32/Cobalt Strike CnC Activity (OCSP Spoof)
(trojan.rules)
  2841677 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-24 1) (trojan.rules)
  2841678 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-24 2) (trojan.rules)
  2841679 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-03-24
(current_events.rules)
  2841680 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-03-24
(current_events.rules)
  2841681 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish
2020-03-24 (current_events.rules)
  2841682 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-03-24
(current_events.rules)
  2841683 - ETPRO CURRENT_EVENTS Successful Ebay Phish 2020-03-24
(current_events.rules)
  2841684 - ETPRO CURRENT_EVENTS Successful Adobe Cloud Phish 2020-03-24
(current_events.rules)
  2841685 - ETPRO CURRENT_EVENTS Successful Adobe Download Document Phish
2020-03-24 (current_events.rules)
  2841686 - ETPRO CURRENT_EVENTS Successful TSB Phish 2020-03-24
(current_events.rules)
  2841687 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-03-24
(current_events.rules)
  2841688 - ETPRO CURRENT_EVENTS Successful Adobe PDF Reader Phish
2020-03-24 (current_events.rules)
  2841689 - ETPRO CURRENT_EVENTS Successful Adobe Shared PDF Phish
2020-03-24 (current_events.rules)
  2841690 - ETPRO CURRENT_EVENTS Successful Adobe Shared PDF Phish
2020-03-24 (current_events.rules)
  2841691 - ETPRO CURRENT_EVENTS Successful First Bank Phish 2020-03-24
(current_events.rules)
  2841692 - ETPRO CURRENT_EVENTS Successful SunTrust Phish 2020-03-24
(current_events.rules)
  2841693 - ETPRO CURRENT_EVENTS Successful SunTrust Phish 2020-03-24
(current_events.rules)
  2841694 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-03-24
(current_events.rules)
  2841695 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2020-03-24
(current_events.rules)
  2841696 - ETPRO CURRENT_EVENTS Successful Gmail Phish 2020-03-24
(current_events.rules)
  2841697 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-03-24
(current_events.rules)
  2841698 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2841699 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC)
(trojan.rules)
  2841700 - ETPRO TROJAN Win32/Milum CnC (trojan.rules)


[///]     Modified active rules:     [///]

  2029700 - ET CURRENT_EVENTS Successful World Health Organization COVID-19
Phish 2020-03-23 (current_events.rules)
  2810585 - ETPRO TROJAN Trojan-Banker.Win32.ChePro Variant CnC Beacon
(trojan.rules)
  2810719 - ETPRO MALWARE Win32/FlyStudio CnC Beacon 2 (malware.rules)
  2810733 - ETPRO TROJAN TrojanSpy.Win32/Mafod Checkin (trojan.rules)
  2811630 - ETPRO TROJAN BACKDOOR.EMDIVI Checkin Response 2 (trojan.rules)
  2811810 - ETPRO TROJAN Win32/Dowector.A Checkin (trojan.rules)
  2812053 - ETPRO MALWARE Win32/Multibar.EA Variant PUP Google Connectivity
Check (malware.rules)
  2812060 - ETPRO TROJAN Win32/FakeJa Checkin (trojan.rules)
  2812063 - ETPRO TROJAN Win32/Banload2 Variant Checkin (trojan.rules)
  2812182 - ETPRO TROJAN ZIP file embedded in Large JPG (~10-100MB)
(trojan.rules)
  2812183 - ETPRO INFO ZIP file embedded in JPG (info.rules)
  2812201 - ETPRO MOBILE_MALWARE Android/Clicker.C Checkin
(mobile_malware.rules)
  2812381 - ETPRO TROJAN Win32/Bagsu!rfn Variant Checkin (trojan.rules)
  2812407 - ETPRO TROJAN Win32/Venik HTTP CnC Beacon (trojan.rules)
  2812710 - ETPRO TROJAN Linopid HTTP CnC Beacon (trojan.rules)
  2812735 - ETPRO MALWARE PUP.PCClean Install (malware.rules)
  2812746 - ETPRO TROJAN Win32/MicroFake Downloader Checkin (trojan.rules)
  2812784 - ETPRO MALWARE Adware/Illyx Install Activity (malware.rules)
  2812791 - ETPRO MALWARE IdleCrawler PUP Checkin (malware.rules)
  2812807 - ETPRO MALWARE Win32/Adware.1ClickDownload Checkin
(malware.rules)
  2812842 - ETPRO TROJAN Win32/Ghost.E CnC Checkin (trojan.rules)
  2812885 - ETPRO TROJAN Win32/TrojanDownloader.Banload.WKA Receiving Data
(trojan.rules)
  2812962 - ETPRO TROJAN MSIL/Agent.QSE CnC Activity (trojan.rules)
  2812984 - ETPRO TROJAN Win32/Banker.AEA Checkin (trojan.rules)
  2812986 - ETPRO TROJAN Trojan/Win32.SteamComplex Checkin (trojan.rules)
  2813095 - ETPRO TROJAN Unknown Downloader Likely Retrieving Ponmocup
(trojan.rules)
  2814044 - ETPRO MALWARE QQBrowser Adware PUP Activity (malware.rules)
  2841553 - ETPRO TROJAN MSIL/Poulight Stealer CnC Activity (trojan.rules)


[---]  Disabled and modified rules:  [---]

  2810602 - ETPRO TROJAN Unknown Banker .dat file download 2 (trojan.rules)
  2810923 - ETPRO TROJAN PolloLocker PS1 Script Download Response
(trojan.rules)
  2812068 - ETPRO TROJAN Win32/Ransomware Inbound PowerShell Payload
(trojan.rules)
  2812501 - ETPRO TROJAN Agent.BLVS Initial Host Data POST M1 (trojan.rules)
  2812851 - ETPRO TROJAN Unknown Powershell Backdoor Retrieve Commands M2
(trojan.rules)


[---]         Disabled rules:        [---]

  2810919 - ETPRO MALWARE ZyngaTables Downloading Malicious Chrome
Extension (malware.rules)
  2811668 - ETPRO TROJAN Pirpi Variant CnC Beacon (trojan.rules)
  2811723 - ETPRO CURRENT_EVENTS APT SWC Redirected Request June 29 2015
(current_events.rules)
  2812409 - ETPRO TROJAN Win32/Venik HTTP CnC Beacon Response 2
(trojan.rules)
  2812844 - ETPRO TROJAN Win32/Trfijan.A Checkin (trojan.rules)
  2812966 - ETPRO TROJAN MSIL/Stimilina.F Checkin (trojan.rules)
  2812979 - ETPRO TROJAN Win32/Neshta.A Checkin (trojan.rules)
  2812983 - ETPRO TROJAN TrojanDownloader.Banload.VHZ Checkin 3
(trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200324/cc5a0022/attachment.html>


More information about the Emerging-updates mailing list