[Emerging-updates] Daily Ruleset Update Summary 2020/05/07

James Emery-Callcott jcallcott at emergingthreats.net
Thu May 7 13:48:59 HDT 2020


[***]            Summary:            [***]

  8 new Open, 28 new Pro (8 + 20).  Zebrocy, GRIFFON, Various Phish, Others.

  Thanks @travisbgreen.

  Please be aware that after the deprecation of our Suricata 2/3 support
(April 15th 2020), the path for downloading the last pushed production
Suricata 2/3 rulesets have changed.  Deprecated rulesets are available at
https://rules.emergingthreatspro.com/OINK/old for ETPro and
https://rules.emergingthreatspro.com/open/old/ for ETOpen.  All requests
for the Suricata 2/3 at their previous locations will now lead to the
Suricata 4.0 production rules for ETPro and the rule download instructions
for ETOpen.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030120 - ET EXPLOIT Attempted D-Link ShareCenter (DNS-320/325) RCE
(Inbound) (exploit.rules)
  2030121 - ET TROJAN D-Link ShareCenter (DNS-320/325) RCE (Outbound)
(trojan.rules)
  2030122 - ET TROJAN Zebrocy Screenshot Upload (trojan.rules)
  2030123 - ET TROJAN W32/Agent.XXZBEN Downloader Activity (trojan.rules)
  2030124 - ET TROJAN EVILNUM CnC Connectivity Check (trojan.rules)
  2030125 - ET TROJAN EVILNUM CnC Host Checkin (trojan.rules)
  2030126 - ET POLICY External IP Lookup (moanmyip .com) (policy.rules)
  2030127 - ET POLICY moanmyip .com DNS Lookup (policy.rules)

Pro:

  2842433 - ETPRO TROJAN Win32/Unk.Fuery.B!cl Activity (trojan.rules)
  2842434 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-05-07 1) (trojan.rules)
  2842435 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-05-07 (current_events.rules)
  2842436 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2020-05-07
(current_events.rules)
  2842437 - ETPRO CURRENT_EVENTS Successful VBV JP Phish 2020-05-07
(current_events.rules)
  2842438 - ETPRO CURRENT_EVENTS Successful VBV JP Phish 2020-05-07
(current_events.rules)
  2842439 - ETPRO CURRENT_EVENTS Successful Gov UK Vehicle Tax Phish
2020-05-07 (current_events.rules)
  2842440 - ETPRO CURRENT_EVENTS Successful Gov UK Vehicle Tax Phish
2020-05-07 (current_events.rules)
  2842441 - ETPRO CURRENT_EVENTS Successful Santander Phish 2020-05-07
(current_events.rules)
  2842442 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2020-05-07
(current_events.rules)
  2842443 - ETPRO TROJAN Win32/GRIFFON CnC Activity (trojan.rules)
  2842444 - ETPRO TROJAN SSL/TLS Certificate Observed (Griffon)
(trojan.rules)
  2842445 - ETPRO TROJAN SSL/TLS Certificate Observed (Unk.VBS Loader)
(trojan.rules)
  2842446 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-05-07
(current_events.rules)
  2842447 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-05-07
(current_events.rules)
  2842448 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Barclays UK
Phish) (current_events.rules)
  2842449 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2842450 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2842451 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2842452 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)

[///]     Modified active rules:     [///]

  2025922 - ET TROJAN Win32/Bisonal CnC Checkin (trojan.rules)
  2832296 - ETPRO TROJAN njRAT/Bladabindi/LimeRAT Variant CnC Checkin
(trojan.rules)

[---]         Removed rules:         [---]

  2842156 - ETPRO TROJAN Zebrocy Screenshot Upload (trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200507/727f7efe/attachment.html>


More information about the Emerging-updates mailing list