[Emerging-updates] Daily Ruleset Update Summary 2020/03/26

Brandon Murphy bmurphy at emergingthreats.net
Thu Mar 26 14:22:17 HDT 2020


[***]            Summary:            [***]

8 new Open, 23 new Pro (8 + 15). ROJAN Cobalt Strike Malleable Profiles
 W32/Codiby.oow, LuciferHTTP Botnet, Various Phishing.

Suricata 2/3 Support from Emerging Threats will be become End-Of-Life on
April 15th, 2020.

Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html


[+++]          Added rules:          [+++]

Open:

  2029740 - ET TROJAN Cobalt Strike Malleable C2 (Havex APT) (trojan.rules)
  2029741 - ET TROJAN Cobalt Strike Malleable C2 (Magnitude EK)
(trojan.rules)
  2029742 - ET TROJAN Cobalt Strike Malleable C2 (Meterpreter)
(trojan.rules)
  2029743 - ET TROJAN Cobalt Strike Malleable C2 (OneDrive) (trojan.rules)
  2029744 - ET TROJAN Cobalt Strike Malleable C2 (Adobe RTMP) (trojan.rules)
  2029745 - ET POLICY File Downloaded via ge.tt Filesharing Service
(policy.rules)
  2029746 - ET POLICY File Uploaded to ge.tt Filesharing Service
(policy.rules)
  2029747 - ET CURRENT_EVENTS Successful Airbnb COVID-19 Phish 2020-03-26
(current_events.rules)

Pro:

  2815658 - ETPRO MALWARE W32/Codiby.oow WebToolbar (malware.rules)
  2841719 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-26 1) (trojan.rules)
  2841720 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-03-26
(current_events.rules)
  2841721 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-03-26
(current_events.rules)
  2841722 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-03-26
(current_events.rules)
  2841723 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2020-03-26
(current_events.rules)
  2841724 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-03-26
(current_events.rules)
  2841725 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-03-26
(current_events.rules)
  2841726 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish
2020-03-26 (current_events.rules)
  2841727 - ETPRO CURRENT_EVENTS Successful DHL Phish 2020-03-26
(current_events.rules)
  2841728 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-03-26
(current_events.rules)
  2841730 - ETPRO TROJAN MSIL/Agent.TNL Variant CnC Checkin (trojan.rules)
  2841731 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2020-03-26
(current_events.rules)
  2841732 - ETPRO TROJAN LuciferHTTP Botnet CnC - Uploading File
(trojan.rules)
  2841733 - ETPRO TROJAN LuciferHTTP Botnet CnC - Uploading Screenshot
(trojan.rules)


[///]     Modified active rules:     [///]

  2022127 - ET TROJAN MegalodonHTTP/LuciferHTTP Client Action (trojan.rules)
  2804182 - ETPRO TROJAN Win32/Kryptik.WPE DDoS Bot Checkin (trojan.rules)
  2804246 - ETPRO WEB_SPECIFIC_APPS SugarCRM SQL Injection Attempt --
index.php SELECT (web_specific_apps.rules)
  2804247 - ETPRO WEB_SPECIFIC_APPS SugarCRM SQL Injection Attempt --
index.php UNION SELECT (web_specific_apps.rules)
  2804248 - ETPRO WEB_SPECIFIC_APPS SugarCRM SQL Injection Attempt --
index.php INSERT (web_specific_apps.rules)
  2804249 - ETPRO WEB_SPECIFIC_APPS SugarCRM SQL Injection Attempt --
index.php DELETE (web_specific_apps.rules)
  2804250 - ETPRO WEB_SPECIFIC_APPS SugarCRM SQL Injection Attempt --
index.php ASCII (web_specific_apps.rules)
  2804251 - ETPRO WEB_SPECIFIC_APPS SugarCRM SQL Injection Attempt --
index.php UPDATE (web_specific_apps.rules)
  2804668 - ETPRO WEB_SPECIFIC_APPS CISCO CiscoWorks Directory Traversal
(web_specific_apps.rules)
  2809367 - ETPRO TROJAN Rovnix Variant Checkin (trojan.rules)
  2809395 - ETPRO WEB_SPECIFIC_APPS Obsecure360 SQLi Attempt
(web_specific_apps.rules)
  2809466 - ETPRO WEB_SPECIFIC_APPS Pandora FMS Authentication Bypass
Attempt (web_specific_apps.rules)
  2809485 - ETPRO TROJAN Blitz CMS Community SQLi Request (trojan.rules)
  2809519 - ETPRO WEB_SPECIFIC_APPS WP PhotoGallery Plugin SQLi Attempt
(web_specific_apps.rules)
  2809566 - ETPRO WEB_SPECIFIC_APPS ArticleFR CMS SQLi Attempt
(web_specific_apps.rules)
  2810167 - ETPRO WEB_SPECIFIC_APPS Joomla ECommerce-WD Plugin SQLi Attempt
(web_specific_apps.rules)
  2810276 - ETPRO TROJAN AZORult CnC Beacon M1 (trojan.rules)
  2810814 - ETPRO TROJAN Win32/Zlader.H Checkin (trojan.rules)
  2814888 - ETPRO TROJAN Banload.WRI Requesting Zip Archive (trojan.rules)
  2815614 - ETPRO TROJAN APT.T9000 Requesting Payload M1 (trojan.rules)
  2815647 - ETPRO MALWARE PUP.SimplyInstaller Checkin (malware.rules)
  2815835 - ETPRO TROJAN Derusbi Variant CnC Beacon (trojan.rules)
  2825293 - ETPRO TROJAN StoneDrill CnC Server Selection Request
(trojan.rules)
  2825309 - ETPRO TROJAN Win32.Emdivi CnC Beacon (trojan.rules)
  2825460 - ETPRO MOBILE_MALWARE Android.Adware.Iadpush.C Checkin
(mobile_malware.rules)
  2825577 - ETPRO TROJAN MSIL/Unk.DDoS Bot CnC Checkin (trojan.rules)
  2825675 - ETPRO TROJAN Win32/HappyDayzz Ransomware CnC Checkin
(trojan.rules)
  2825679 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.k CnC Beacon
(mobile_malware.rules)
  2825704 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.IT Checkin
(mobile_malware.rules)
  2825766 - ETPRO TROJAN LokiBot Checkin M2 (trojan.rules)
  2827189 - ETPRO TROJAN MSIL/TeslaWare Ransomware Requesting Image
(trojan.rules)
  2827241 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Hqwar.jck Contact
Exfil (mobile_malware.rules)
  2827242 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Hqwar.jck CnC
Beacon (mobile_malware.rules)
  2827291 - ETPRO MOBILE_MALWARE Android Unknown Trojan CnC Beacon
(mobile_malware.rules)


[---]  Disabled and modified rules:  [---]

  2810169 - ETPRO TROJAN Win32/TrojanDownloader.Blocrypt Conn Check
(trojan.rules)
  2810409 - ETPRO POLICY ge.tt file download (policy.rules)
  2812428 - ETPRO MOBILE_MALWARE Android-Trojan/Infostealer.da87 Checkin
(mobile_malware.rules)
  2825698 - ETPRO TROJAN MSIL/Downloader Downloading NetwireRAT
(trojan.rules)


[---]         Disabled rules:        [---]

  2803272 - ETPRO TROJAN W32/Koobface.hcy Checkin (trojan.rules)
  2805879 - ETPRO TROJAN W32/Koobface.hcy CnC response (trojan.rules)
  2809703 - ETPRO TROJAN INFOSTEALER.LIMITAIL Checkin (trojan.rules)
  2812528 - ETPRO TROJAN Win32/Misdat.A CnC Checkin (trojan.rules)
  2812540 - ETPRO TROJAN Win32/Setaclod.A Checkin (trojan.rules)
  2827264 - ETPRO TROJAN MSIL/CoinMiner.WS Variant CnC Checkin
(trojan.rules)


[---]         Removed rules:         [---]

  2815658 - ETPRO TROJAN W32.Unknown Checkin (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200326/55eecf7b/attachment.html>


More information about the Emerging-updates mailing list