[prev in list] [next in list] [prev in thread] [next in thread]
List: emerging-sigs
Subject: [Emerging-Sigs] Daily Ruleset Update Summary 2020/03/30
From: Jack Mott <jmott () emergingthreats ! net>
Date: 2020-03-31 1:03:02
Message-ID: CAHHK96FhNMX5SOSAmrPXE=7zp3Ugt9pSh0Pn3ryd3wV6GNfFdw () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
[***] Summary: [***]
15 new Open, 45 new Pro (15 + 30). Various Possible COVID-19 Based
Phish/Scam, Telerik UI CVE-2019-18935, Android/Lightspy, Nanocore, Various
User-Agents, VARIOUS PHISHING.
Suricata 2/3 Support from Emerging Threats will be become End-Of-Life on
April 15th, 2020.
Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html
[+++] Added rules: [+++]
Open:
2029751 - ET TROJAN Observed Glupteba CnC Domain in TLS SNI (trojan.rules)
2029752 - ET USER_AGENTS Observed Suspicious UA (Http-connect)
(user_agents.rules)
2029753 - ET HUNTING Suspicious GET Request with Possible COVID-19 URI M1
(hunting.rules)
2029754 - ET INFO Suspicious GET Request with Possible COVID-19 URI M2
(info.rules)
2029755 - ET INFO Suspicious POST Request with Possible COVID-19 URI M1
(info.rules)
2029756 - ET INFO Suspicious POST Request with Possible COVID-19 URI M2
(info.rules)
2029757 - ET CURRENT_EVENTS Possible Successful COVID-19 Related Phish M1
(current_events.rules)
2029758 - ET CURRENT_EVENTS Possible Successful COVID-19 Related Phish M2
(current_events.rules)
2029759 - ET SCAN ELF/Mirai Variant User-Agent (Inbound) (scan.rules)
2029760 - ET TROJAN ELF/Mirai Variant User-Agent (Outbound) (trojan.rules)
2029761 - ET EXPLOIT Possible Telerik UI CVE-2019-18935 File Upload
Attempt M1 (exploit.rules)
2029762 - ET EXPLOIT Possible Telerik UI CVE-2019-18935 File Upload
Attempt M2 (exploit.rules)
2029763 - ET SCAN ELF/Mirai Variant User-Agent (Inbound) (scan.rules)
2029764 - ET TROJAN ELF/Mirai Variant User-Agent (Outbound) (trojan.rules)
2029765 - ET MOBILE_MALWARE Android Lightspy Implant CnC
(mobile_malware.rules)
Pro:
2841748 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Cerberus Checkin
(mobile_malware.rules)
2841749 - ETPRO MOBILE_MALWARE Android/Triada.JH Checkin
(mobile_malware.rules)
2841750 - ETPRO TROJAN Observed Malicious User-Agent (POWERDOOD)
(trojan.rules)
2841751 - ETPRO TROJAN Win32/NixBot Checkin via IRC (trojan.rules)
2841752 - ETPRO TROJAN Possible MalDoc/Loader Retrieving dll
(trojan.rules)
2841753 - ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound)
(trojan.rules)
2841754 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
2841755 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-27 1) (trojan.rules)
2841756 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-27 2) (trojan.rules)
2841757 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-03-29
(current_events.rules)
2841758 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2020-03-29
(current_events.rules)
2841759 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-03-29 (current_events.rules)
2841760 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-03-29
(current_events.rules)
2841761 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-03-29
(current_events.rules)
2841762 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish
2020-03-29 (current_events.rules)
2841763 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-30 1) (trojan.rules)
2841764 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-30 2) (trojan.rules)
2841765 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-30 3) (trojan.rules)
2841766 - ETPRO CURRENT_EVENTS Successful ABSA Phish 2020-03-30
(current_events.rules)
2841767 - ETPRO CURRENT_EVENTS Successful Societe Generale Phish
2020-03-30 (current_events.rules)
2841768 - ETPRO CURRENT_EVENTS Successful Generic Webmail Settings Phish
2020-03-30 (current_events.rules)
2841769 - ETPRO CURRENT_EVENTS Successful Generic TR Bank Phish
2020-03-30 (current_events.rules)
2841770 - ETPRO CURRENT_EVENTS Successful SunTrust Phish 2020-03-30
(current_events.rules)
2841771 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-03-30
(current_events.rules)
2841772 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-03-30
(current_events.rules)
2841773 - ETPRO CURRENT_EVENTS Successful Rakuten Phish 2020-03-30
(current_events.rules)
2841774 - ETPRO TROJAN W32/Injector.jwcqy CnC Activity M1 (trojan.rules)
2841775 - ETPRO TROJAN W32/Injector.jwcqy CnC Activity M2 (trojan.rules)
2841776 - ETPRO CURRENT_EVENTS Successful Canada Tax Return Phish
2020-03-30 (current_events.rules)
2841777 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-03-30
(current_events.rules)
[///] Modified active rules: [///]
2804834 - ETPRO MALWARE Installmate Installer Checkin (malware.rules)
2805068 - ETPRO TROJAN Backdoor.Win32.Poison Checkin (trojan.rules)
2806286 - ETPRO MALWARE Spyware/Win32.KeyMatch Checkin (malware.rules)
2806685 - ETPRO TROJAN Netdevil.1_5 reporting via ICQ WWW script
(trojan.rules)
2806873 - ETPRO TROJAN Rogue.Win32/FakeRean Checkin 3 (trojan.rules)
2808251 - ETPRO TROJAN Win32/Spy.Banker.AAYY CnC (OUTBOUND) (trojan.rules)
2809086 - ETPRO WEB_SPECIFIC_APPS CreativeContact Plugin Arbitrary File
Upload (web_specific_apps.rules)
2809167 - ETPRO TROJAN Gozi Downloader Checkin (trojan.rules)
2809240 - ETPRO MOBILE_MALWARE Android.Trojan.FakeInst.IS Checkin
(mobile_malware.rules)
2809269 - ETPRO TROJAN Rovnix CnC Beacon (trojan.rules)
2827296 - ETPRO MOBILE_MALWARE Android.Trojan.SmsSpy.GI CnC Beacon
(mobile_malware.rules)
2827378 - ETPRO MOBILE_MALWARE Android/Triada.DX Checkin
(mobile_malware.rules)
2827379 - ETPRO MOBILE_MALWARE Android/Triada.DX Checkin 2
(mobile_malware.rules)
2840472 - ETPRO CURRENT_EVENTS Successful Adobe PDF Cloud Phish
2020-01-16 (current_events.rules)
[Attachment #5 (text/html)]
<div dir="ltr">[***] Summary: [***]<br><br>15 new \
Open, 45 new Pro (15 + 30). Various Possible COVID-19 Based Phish/Scam, Telerik UI \
CVE-2019-18935, Android/Lightspy, Nanocore, Various User-Agents, VARIOUS \
PHISHING.<br><br>Suricata 2/3 Support from Emerging Threats will be become \
End-Of-Life on April 15th, 2020.<br><br>Suricata 2/3 EOL information: <a \
href="https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html" \
target="_blank">https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html</a><br><br> \
<br>[+++] Added rules: [+++]<br> \
<br>Open:<br><div><br></div><div> 2029751 - ET TROJAN Observed Glupteba CnC Domain \
in TLS SNI (trojan.rules)<br> 2029752 - ET USER_AGENTS Observed Suspicious UA \
(Http-connect) (user_agents.rules)<br> 2029753 - ET HUNTING Suspicious GET Request \
with Possible COVID-19 URI M1 (hunting.rules)<br> 2029754 - ET INFO Suspicious GET \
Request with Possible COVID-19 URI M2 (info.rules)<br> 2029755 - ET INFO Suspicious \
POST Request with Possible COVID-19 URI M1 (info.rules)<br> 2029756 - ET INFO \
Suspicious POST Request with Possible COVID-19 URI M2 (info.rules)<br> 2029757 - ET \
CURRENT_EVENTS Possible Successful COVID-19 Related Phish M1 \
(current_events.rules)<br> 2029758 - ET CURRENT_EVENTS Possible Successful COVID-19 \
Related Phish M2 (current_events.rules)<br> 2029759 - ET SCAN ELF/Mirai Variant \
User-Agent (Inbound) (scan.rules)<br> 2029760 - ET TROJAN ELF/Mirai Variant \
User-Agent (Outbound) (trojan.rules)<br> 2029761 - ET EXPLOIT Possible Telerik UI \
CVE-2019-18935 File Upload Attempt M1 (exploit.rules)<br> 2029762 - ET EXPLOIT \
Possible Telerik UI CVE-2019-18935 File Upload Attempt M2 (exploit.rules)<br> \
2029763 - ET SCAN ELF/Mirai Variant User-Agent (Inbound) (scan.rules)<br> 2029764 - \
ET TROJAN ELF/Mirai Variant User-Agent (Outbound) (trojan.rules)<br> 2029765 - ET \
MOBILE_MALWARE Android Lightspy Implant CnC \
(mobile_malware.rules)<br></div><div><br></div><div>Pro:</div><div><br></div><div> \
2841748 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Cerberus Checkin \
(mobile_malware.rules)<br> 2841749 - ETPRO MOBILE_MALWARE Android/Triada.JH Checkin \
(mobile_malware.rules)<br> 2841750 - ETPRO TROJAN Observed Malicious User-Agent \
(POWERDOOD) (trojan.rules)<br> 2841751 - ETPRO TROJAN Win32/NixBot Checkin via IRC \
(trojan.rules)<br> 2841752 - ETPRO TROJAN Possible MalDoc/Loader Retrieving dll \
(trojan.rules)<br> 2841753 - ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) \
(trojan.rules)<br> 2841754 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt \
Strike CnC) (trojan.rules)<br> 2841755 - ETPRO TROJAN CoinMiner Known Malicious \
Stratum Authline (2020-03-27 1) (trojan.rules)<br> 2841756 - ETPRO TROJAN CoinMiner \
Known Malicious Stratum Authline (2020-03-27 2) (trojan.rules)<br> 2841757 - ETPRO \
CURRENT_EVENTS Successful Chase Phish 2020-03-29 (current_events.rules)<br> 2841758 \
- ETPRO CURRENT_EVENTS Successful BBVA Phish 2020-03-29 (current_events.rules)<br> \
2841759 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish \
2020-03-29 (current_events.rules)<br> 2841760 - ETPRO CURRENT_EVENTS Successful \
Generic Phish 2020-03-29 (current_events.rules)<br> 2841761 - ETPRO CURRENT_EVENTS \
Successful Facebook Phish 2020-03-29 (current_events.rules)<br> 2841762 - ETPRO \
CURRENT_EVENTS Successful Adobe Shared Document Phish 2020-03-29 \
(current_events.rules)<br> 2841763 - ETPRO TROJAN CoinMiner Known Malicious Stratum \
Authline (2020-03-30 1) (trojan.rules)<br> 2841764 - ETPRO TROJAN CoinMiner Known \
Malicious Stratum Authline (2020-03-30 2) (trojan.rules)<br> 2841765 - ETPRO TROJAN \
CoinMiner Known Malicious Stratum Authline (2020-03-30 3) (trojan.rules)<br> \
2841766 - ETPRO CURRENT_EVENTS Successful ABSA Phish 2020-03-30 \
(current_events.rules)<br> 2841767 - ETPRO CURRENT_EVENTS Successful Societe \
Generale Phish 2020-03-30 (current_events.rules)<br> 2841768 - ETPRO CURRENT_EVENTS \
Successful Generic Webmail Settings Phish 2020-03-30 (current_events.rules)<br> \
2841769 - ETPRO CURRENT_EVENTS Successful Generic TR Bank Phish 2020-03-30 \
(current_events.rules)<br> 2841770 - ETPRO CURRENT_EVENTS Successful SunTrust Phish \
2020-03-30 (current_events.rules)<br> 2841771 - ETPRO CURRENT_EVENTS Successful \
Facebook Phish 2020-03-30 (current_events.rules)<br> 2841772 - ETPRO CURRENT_EVENTS \
Successful Chase Phish 2020-03-30 (current_events.rules)<br> 2841773 - ETPRO \
CURRENT_EVENTS Successful Rakuten Phish 2020-03-30 (current_events.rules)<br> \
2841774 - ETPRO TROJAN W32/Injector.jwcqy CnC Activity M1 (trojan.rules)<br> \
2841775 - ETPRO TROJAN W32/Injector.jwcqy CnC Activity M2 (trojan.rules)<br> \
2841776 - ETPRO CURRENT_EVENTS Successful Canada Tax Return Phish 2020-03-30 \
(current_events.rules)<br> 2841777 - ETPRO CURRENT_EVENTS Successful Generic Phish \
2020-03-30 (current_events.rules)<br></div><div><br> [///] Modified active \
rules: [///]<br></div><div><br></div><div> 2804834 - ETPRO MALWARE \
Installmate Installer Checkin (malware.rules)<br> 2805068 - ETPRO TROJAN \
Backdoor.Win32.Poison Checkin (trojan.rules)<br> 2806286 - ETPRO MALWARE \
Spyware/Win32.KeyMatch Checkin (malware.rules)<br> 2806685 - ETPRO TROJAN \
Netdevil.1_5 reporting via ICQ WWW script (trojan.rules)<br> 2806873 - ETPRO TROJAN \
Rogue.Win32/FakeRean Checkin 3 (trojan.rules)<br> 2808251 - ETPRO TROJAN \
Win32/Spy.Banker.AAYY CnC (OUTBOUND) (trojan.rules)<br> 2809086 - ETPRO \
WEB_SPECIFIC_APPS CreativeContact Plugin Arbitrary File Upload \
(web_specific_apps.rules)<br> 2809167 - ETPRO TROJAN Gozi Downloader Checkin \
(trojan.rules)<br> 2809240 - ETPRO MOBILE_MALWARE <a \
rel="noreferrer">Android.Trojan.FakeInst.IS</a> Checkin (mobile_malware.rules)<br> \
2809269 - ETPRO TROJAN Rovnix CnC Beacon (trojan.rules)<br> 2827296 - ETPRO \
MOBILE_MALWARE <a rel="noreferrer">Android.Trojan.SmsSpy.GI</a> CnC Beacon \
(mobile_malware.rules)<br> 2827378 - ETPRO MOBILE_MALWARE Android/Triada.DX Checkin \
(mobile_malware.rules)<br> 2827379 - ETPRO MOBILE_MALWARE Android/Triada.DX Checkin \
2 (mobile_malware.rules)<br> 2840472 - ETPRO CURRENT_EVENTS Successful Adobe PDF \
Cloud Phish 2020-01-16 (current_events.rules)</div></div>
[Attachment #6 (text/plain)]
_______________________________________________
Emerging-sigs mailing list
Emerging-sigs@lists.emergingthreats.net
https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreats.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic