[prev in list] [next in list] [prev in thread] [next in thread]
List: emerging-sigs
Subject: [Emerging-Sigs] Subject: Daily Ruleset Update Summary 2020/06/15
From: Brandon Murphy <bmurphy () emergingthreats ! net>
Date: 2020-06-15 22:22:07
Message-ID: CAGK-Uv+_=1GHG5vuO64du5WSdUzbaHYe8sFDU-VQk3UNqrdKqA () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
[***] Summary: [***]
9 new OPEN, 35 new PRO (9 + 26). KarenLogger, Get2 Cert, VMware Spring
Cloud Directory Traversal and Various Phishing.
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2030334 - ET TROJAN Request for Malicious .dat File (trojan.rules)
2030335 - ET EXPLOIT Possible D-Link Command Injection Attempt Inbound
(CVE-2020-13782) (exploit.rules)
2030336 - ET EXPLOIT VMware Spring Cloud Directory Traversal
(CVE-2020-5405) (exploit.rules)
2030337 - ET EXPLOIT VMware Spring Cloud Directory Traversal
(CVE-2020-5410) (exploit.rules)
2030338 - ET EXPLOIT Centreon 20.04 Authenticated RCE (CVE-2020-12688)
(exploit.rules)
2030339 - ET DOS CallStranger - Attempted UPnP Reflected Amplified TCP with
Multiple Callbacks (CVE-2020-12695) (dos.rules)
2030340 - ET INFO GnuTLS Cryptographic Flaw Observed (CVE-2020-13777)
(info.rules)
2030341 - ET TROJAN Observed Koadic Header Structure (trojan.rules)
2030342 - ET MOBILE_MALWARE ActionSpy CnC (POST) (mobile_malware.rules)
Pro:
2843019 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC) (trojan.rules)
2843020 - ETPRO CURRENT_EVENTS Successful Credit Agricole (FR) Phish
2020-06-15 (current_events.rules)
2843021 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2020-06-15
(current_events.rules)
2843022 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2020-06-15
(current_events.rules)
2843023 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2020-06-15
(current_events.rules)
2843024 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-06-15 (current_events.rules)
2843025 - ETPRO CURRENT_EVENTS Successful Zimbra Phish 2020-06-15
(current_events.rules)
2843026 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-13 1) (trojan.rules)
2843027 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-13 2) (trojan.rules)
2843028 - ETPRO CURRENT_EVENTS Successful BNP Paribas Phish 2020-06-15
(current_events.rules)
2843029 - ETPRO TROJAN KarenLogger CnC Host Checkin (trojan.rules)
2843030 - ETPRO TROJAN KarenLogger CnC Sending Screenshot (trojan.rules)
2843031 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-06-15 (current_events.rules)
2843032 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2020-06-15
(current_events.rules)
2843036 - ETPRO TROJAN StressCity Hacking Tool CnC Activity (trojan.rules)
2843037 - ETPRO TROJAN Win32/Remcos RAT Checkin 460 (trojan.rules)
2843038 - ETPRO TROJAN Win32/Remcos RAT Checkin 461 (trojan.rules)
2843039 - ETPRO TROJAN Win32/Remcos RAT Checkin 462 (trojan.rules)
2843040 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2020-06-15
(current_events.rules)
2843041 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-06-15
(current_events.rules)
2843042 - ETPRO CURRENT_EVENTS Successful Facebook Phish (VN) 2020-06-14
(current_events.rules)
2843043 - ETPRO CURRENT_EVENTS Successful Amazon Phish (DE) 2020-06-14
(current_events.rules)
2843044 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-06-14
(current_events.rules)
[///] Modified active rules: [///]
2028990 - ET TROJAN ELF/Mirai Variant UA Outbound (Ouija_x.86)
(trojan.rules)
2029060 - ET TROJAN Win32/Emotet CnC Activity (POST) M6 (trojan.rules)
2839469 - ETPRO TROJAN Observed ELF/Mirai Variant UA Inbound (Ouija_x.86)
(trojan.rules)
2842713 - ETPRO CURRENT_EVENTS Successful Xfinity/Comcast Phish 2020-05-26
(current_events.rules)
[Attachment #5 (text/html)]
<div dir="ltr">[***] Summary: [***]<br><br> 9 new \
OPEN, 35 new PRO (9 + 26).
KarenLogger, Get2 Cert, VMware Spring Cloud Directory Traversal and Various \
Phishing.<br><br> Please share issues, feedback, and requests at <a \
href="https://feedback.emergingthreats.net/feedback">https://feedback.emergingthreats.net/feedback</a><br><br>[+++] \
Added rules: [+++]<br><br>Open:<br><br> 2030334 - ET TROJAN Request for \
Malicious .dat File (trojan.rules)<br> 2030335 - ET EXPLOIT Possible D-Link Command \
Injection Attempt Inbound (CVE-2020-13782) (exploit.rules)<br> 2030336 - ET EXPLOIT \
VMware Spring Cloud Directory Traversal (CVE-2020-5405) (exploit.rules)<br> 2030337 - \
ET EXPLOIT VMware Spring Cloud Directory Traversal (CVE-2020-5410) \
(exploit.rules)<br> 2030338 - ET EXPLOIT Centreon 20.04 Authenticated RCE \
(CVE-2020-12688) (exploit.rules)<br> 2030339 - ET DOS CallStranger - Attempted UPnP \
Reflected Amplified TCP with Multiple Callbacks (CVE-2020-12695) \
(dos.rules)<br> 2030340 - ET INFO GnuTLS Cryptographic Flaw Observed (CVE-2020-13777) \
(info.rules)<br> 2030341 - ET TROJAN Observed Koadic Header Structure \
(trojan.rules)<br> 2030342 - ET MOBILE_MALWARE ActionSpy CnC (POST) \
(mobile_malware.rules)<br><br>Pro:<br><br> 2843019 - ETPRO TROJAN Observed Malicious \
SSL Cert (Get2 CnC) (trojan.rules)<br> 2843020 - ETPRO CURRENT_EVENTS Successful \
Credit Agricole (FR) Phish 2020-06-15 (current_events.rules)<br> 2843021 - ETPRO \
CURRENT_EVENTS Successful Bank of America Phish 2020-06-15 \
(current_events.rules)<br> 2843022 - ETPRO CURRENT_EVENTS Successful Bank of America \
Phish 2020-06-15 (current_events.rules)<br> 2843023 - ETPRO CURRENT_EVENTS Successful \
Instagram Phish 2020-06-15 (current_events.rules)<br> 2843024 - ETPRO CURRENT_EVENTS \
Successful Microsoft Account Phish 2020-06-15 (current_events.rules)<br> 2843025 - \
ETPRO CURRENT_EVENTS Successful Zimbra Phish 2020-06-15 \
(current_events.rules)<br> 2843026 - ETPRO TROJAN CoinMiner Known Malicious Stratum \
Authline (2020-06-13 1) (trojan.rules)<br> 2843027 - ETPRO TROJAN CoinMiner Known \
Malicious Stratum Authline (2020-06-13 2) (trojan.rules)<br> 2843028 - ETPRO \
CURRENT_EVENTS Successful BNP Paribas Phish 2020-06-15 \
(current_events.rules)<br> 2843029 - ETPRO TROJAN KarenLogger CnC Host Checkin \
(trojan.rules)<br> 2843030 - ETPRO TROJAN KarenLogger CnC Sending Screenshot \
(trojan.rules)<br> 2843031 - ETPRO CURRENT_EVENTS Successful Generic Credit Card \
Information Phish 2020-06-15 (current_events.rules)<br> 2843032 - ETPRO \
CURRENT_EVENTS Successful WeTransfer Phish 2020-06-15 \
(current_events.rules)<br> 2843036 - ETPRO TROJAN StressCity Hacking Tool CnC \
Activity (trojan.rules)<br> 2843037 - ETPRO TROJAN Win32/Remcos RAT Checkin 460 \
(trojan.rules)<br> 2843038 - ETPRO TROJAN Win32/Remcos RAT Checkin 461 \
(trojan.rules)<br> 2843039 - ETPRO TROJAN Win32/Remcos RAT Checkin 462 \
(trojan.rules)<br> 2843040 - ETPRO CURRENT_EVENTS Successful Linkedin Phish \
2020-06-15 (current_events.rules)<br> 2843041 - ETPRO CURRENT_EVENTS Successful \
Facebook Phish 2020-06-15 (current_events.rules)<br> 2843042 - ETPRO CURRENT_EVENTS \
Successful Facebook Phish (VN) 2020-06-14 (current_events.rules)<br> 2843043 - ETPRO \
CURRENT_EVENTS Successful Amazon Phish (DE) 2020-06-14 \
(current_events.rules)<br> 2843044 - ETPRO CURRENT_EVENTS Successful Wells Fargo \
Phish 2020-06-14 (current_events.rules)<br><br>[///] Modified active rules: \
[///]<br><br> 2028990 - ET TROJAN ELF/Mirai Variant UA Outbound (Ouija_x.86) \
(trojan.rules)<br> 2029060 - ET TROJAN Win32/Emotet CnC Activity (POST) M6 \
(trojan.rules)<br> 2839469 - ETPRO TROJAN Observed ELF/Mirai Variant UA Inbound \
(Ouija_x.86) (trojan.rules)<br> 2842713 - ETPRO CURRENT_EVENTS Successful \
Xfinity/Comcast Phish 2020-05-26 (current_events.rules)<br><br></div>
[Attachment #6 (text/plain)]
_______________________________________________
Emerging-sigs mailing list
Emerging-sigs@lists.emergingthreats.net
https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreats.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic