Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/02/13

[***]            Summary:            [***]

24 new Open, 49 new Pro (24 + 25).  AZORult, MoleRAT, Remcos, Various Phish, Others.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029426 - ET TROJAN DNS Query to MINEBRIDGE CnC Domain (123faster .top) (trojan.rules)
2029427 - ET TROJAN DNS Query to MINEBRIDGE CnC Domain (conversia91 .top) (trojan.rules)
2029428 - ET TROJAN DNS Query to MINEBRIDGE CnC Domain (fatoftheland .top) (trojan.rules)
2029429 - ET TROJAN DNS Query to MINEBRIDGE CnC Domain (creatorz123 .top) (trojan.rules)
2029430 - ET TROJAN DNS Query to MINEBRIDGE CnC Domain (compilator333 .top) (trojan.rules)
2029431 - ET TROJAN MoleRAT/Pierogi Backdoor Activity (trojan.rules)
2029432 - ET TROJAN MoleRAT/Pierogi CnC Response (Command) (trojan.rules)
2029433 - ET TROJAN MoleRAT/Pierogi CnC Response (Download) (trojan.rules)
2029434 - ET TROJAN MoleRAT/Pierogi CnC Response (Screenshot) (trojan.rules)
2029435 - ET TROJAN MoleRAT/Pierogi CnC Activity (Upload) (trojan.rules)
2029436 - ET TROJAN Win32/AZORult V3.2 Client Checkin M4 (trojan.rules)
2029437 - ET TROJAN Win32/AZORult V3.2 Client Checkin M5 (trojan.rules)
2029438 - ET TROJAN Win32/AZORult V3.2 Client Checkin M6 (trojan.rules)
2029439 - ET TROJAN Win32/AZORult V3.3 Client Checkin M4 (trojan.rules)
2029440 - ET TROJAN Win32/AZORult V3.3 Client Checkin M5 (trojan.rules)
2029441 - ET TROJAN Win32/AZORult V3.3 Client Checkin M6 (trojan.rules)
2029442 - ET TROJAN Win32/AZORult V3.2 Client Checkin M7 (trojan.rules)
2029443 - ET TROJAN Win32/AZORult V3.2 Client Checkin M8 (trojan.rules)
2029444 - ET TROJAN Win32/AZORult V3.2 Client Checkin M9 (trojan.rules)
2029445 - ET TROJAN Win32/AZORult V3.3 Client Checkin M7 (trojan.rules)
2029446 - ET TROJAN Win32/AZORult V3.3 Client Checkin M8 (trojan.rules)
2029447 - ET TROJAN Win32/AZORult V3.3 Client Checkin M9 (trojan.rules)
2029448 - ET TROJAN POWERTON CnC Domain in DNS Lookup (trojan.rules)
2029449 - ET TROJAN Observed Malicious SSL Cert (FIN7/GRIFFON CnC) (trojan.rules)

Pro:

2839487 - ETPRO HUNTING Observed Office Doc Download From .msi Request (hunting.rules)
2841019 - ETPRO TROJAN ELF/Unk.Siggen Request for Malicious bash Script (trojan.rules)
2841020 - ETPRO TROJAN Observed Malicious SSL Cert (Get2) (trojan.rules)
2841021 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2020-02-13) (trojan.rules)
2841022 - ETPRO TROJAN ELF/Mirai Dropper Style DNS Query CnC Domain (trojan.rules)
2841023 - ETPRO TROJAN Request for Malicious Packed EXE (trojan.rules)
2841027 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-02-12 1) (trojan.rules)
2841028 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-02-12 2) (trojan.rules)
2841029 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2020-02-13 (current_events.rules)
2841030 - ETPRO CURRENT_EVENTS Successful Apple Phish 2020-02-13 (current_events.rules)
2841031 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-02-13 (current_events.rules)
2841032 - ETPRO CURRENT_EVENTS Successful Tesco Bank Phish 2020-02-13 (current_events.rules)
2841033 - ETPRO CURRENT_EVENTS Successful Telekom/Tmobile Phish 2020-02-13 (current_events.rules)
2841034 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-02-13 (current_events.rules)
2841035 - ETPRO TROJAN Win32/Detplock CnC Activity (trojan.rules)
2841036 - ETPRO TROJAN Win32/Remcos RAT Checkin 335 (trojan.rules)
2841037 - ETPRO TROJAN Win32/Remcos RAT Checkin 336 (trojan.rules)
2841038 - ETPRO TROJAN Win32/Remcos RAT Checkin 337 (trojan.rules)
2841039 - ETPRO TROJAN Win32/Remcos RAT Checkin 338 (trojan.rules)
2841040 - ETPRO TROJAN Win32/Remcos RAT Checkin 339 (trojan.rules)
2841041 - ETPRO TROJAN Win32/Remcos RAT Checkin 340 (trojan.rules)
2841042 - ETPRO TROJAN Win32/Remcos RAT Checkin 341 (trojan.rules)
2841043 - ETPRO TROJAN Win32/Remcos RAT Checkin 342 (trojan.rules)
2841044 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC) (trojan.rules)
2841045 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC) (trojan.rules)

[///]     Modified active rules:     [///]

2010217 - ET TROJAN DownloaderExchanger/Cbeplay Variant Checkin (trojan.rules)
2022990 - ET CURRENT_EVENTS Evil Redirect Leading to EK Jul 28 2016 (current_events.rules)
2025001 - ET CURRENT_EVENTS Possible Successful Websocket Credential Phish Sep 15 2017 (current_events.rules)
2029022 - ET SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
2029034 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
2029338 - ET CURRENT_EVENTS Successful Generic Phish 2020-01-29 (set) (current_events.rules)
2800850 - ETPRO WEB_SERVER Microsoft ASP.NET PKCS Padding Information Disclosure via 500 normal oracle response (web_server.rules)
2800851 - ETPRO WEB_SERVER Microsoft ASP.NET PKCS Padding Information Disclosure via 500 abnormal oracle response (web_server.rules)
2805967 - ETPRO TROJAN Trojan.Larhife.A reporting via ICQ WWW script (trojan.rules)
2808718 - ETPRO TROJAN Backdoor.Win32/Turla.A Checkin (trojan.rules)
2808719 - ETPRO TROJAN Win32.Virut.ua Dropping Files (trojan.rules)
2808958 - ETPRO TROJAN Backdoor.Cakwerd Dropping Files (trojan.rules)
2811966 - ETPRO TROJAN Win32/Zlader.J Checkin (trojan.rules)
2811970 - ETPRO MALWARE Adware.Gigaclicks.3 Checkin (malware.rules)
2811984 - ETPRO TROJAN Win32/Plugx.L Variant Checkin (trojan.rules)
2812015 - ETPRO TROJAN Python/FBook.B CnC Beacon 2 (trojan.rules)
2812414 - ETPRO TROJAN Win32.Diztakun.zsg Infostealer M1 (trojan.rules)
2816768 - ETPRO TROJAN Possible Dridex Executable Download Request (set) (trojan.rules)
2816788 - ETPRO TROJAN Ransomware.Hidden-Tear Variant CnC Checkin (trojan.rules)
2816810 - ETPRO TROJAN Godzilla Loader Set Cookie from Server (trojan.rules)
2819826 - ETPRO TROJAN MSIL/BrLock Screenlocker Activity (trojan.rules)
2819842 - ETPRO TROJAN Possible APT Win32/Chinema HTTP CnC Beacon 1 (trojan.rules)
2819858 - ETPRO TROJAN OfficeDownloader Requesting Payload (trojan.rules)
2819955 - ETPRO MOBILE_MALWARE PUP Android/NagaProtect.A Checkin (mobile_malware.rules)
2819959 - ETPRO TROJAN Vawtrak Dropper Checkin (trojan.rules)
2820008 - ETPRO TROJAN Emissary CnC Beacon Response 2 (trojan.rules)
2820023 - ETPRO TROJAN W32/Infy Config Download (trojan.rules)
2820025 - ETPRO MALWARE Kuping Config Download (malware.rules)
2820035 - ETPRO MALWARE Win32.Adware.FlyStudio.O Checkin (malware.rules)
2820681 - ETPRO TROJAN W32/XPCSpyPro/RemoteManipulator RAT Checkin (trojan.rules)
2820775 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Keitaro Jun 21 2016 T1 (current_events.rules)
2820803 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Jun 22 (current_events.rules)
2821475 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Hiddapp.l Checkin (mobile_malware.rules)
2821476 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Hiddapp.l Checkin 2 (mobile_malware.rules)
2821753 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Aug 16 2016 (current_events.rules)
2823488 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phish Nov 28 2016 (current_events.rules)
2823577 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phish M1 Dec 02 2016 (current_events.rules)
2823578 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phish M2 Dec 02 2016 (current_events.rules)
2824472 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phish Jan 17 2017 (current_events.rules)
2826551 - ETPRO CURRENT_EVENTS Successful Banking Phish M1 May 31 2017 (current_events.rules)
2829738 - ETPRO MOBILE_MALWARE Android/Coinminer.V Checkin (mobile_malware.rules)
2829823 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.DroidSpy.a Checkin (mobile_malware.rules)
2829906 - ETPRO TROJAN Win32/Onliner Spam Bot Requesting Additional Modules (trojan.rules)
2830520 - ETPRO TROJAN MSIL/TBR Screenshot Upload (trojan.rules)
2830685 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.ZooPark CnC Beacon 2 (mobile_malware.rules)
2838139 - ETPRO TROJAN Unusual Header Contents - Likely Downloader (trojan.rules)
2838303 - ETPRO EXPLOIT Cisco UCS Director - Attempted Authenticated Command Injection (CVE-2019-1936) (exploit.rules)
2838342 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-09-06 (current_events.rules)
2839211 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-11-04 (current_events.rules)
2839649 - ETPRO TROJAN Win32/Chapak Downloader Activity (trojan.rules)

[---]  Disabled and modified rules:  [---]

2022904 - ET CURRENT_EVENTS Evil Redirector Leading to EK Jun 15 2016 (current_events.rules)
2810899 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK/Malware (current_events.rules)
2819880 - ETPRO CURRENT_EVENTS Nuclear EK Flash Version IE PostBack M1 Apr 20 2016 (current_events.rules)
2819881 - ETPRO CURRENT_EVENTS Possible Nuclear EK IE PostBack M1 Apr 20 2016(fb set) (current_events.rules)
2819882 - ETPRO CURRENT_EVENTS Possible Nuclear EK IE PostBack Response M1 Apr 20 2016 (current_events.rules)
2820404 - ETPRO CURRENT_EVENTS Possible KaiXin EK Common Flash Exploit URI Constructn May 31 2016 (current_events.rules)
2820776 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Keitaro Jun 21 2016 T2 (current_events.rules)
2820975 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Keitaro Jul 05 2016 T1 (current_events.rules)
2821342 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Keitaro Jul 25 2016 T1 (current_events.rules)
2821385 - ETPRO WEB_SPECIFIC_APPS Centreon 2.5.3 Web Useralias RCE (web_specific_apps.rules)
2821389 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Keitaro Aug 1 2016 T1 (current_events.rules)
2821641 - ETPRO TROJAN Win32.Shakti HTTP Pattern (trojan.rules)
2821644 - ETPRO TROJAN Win32.Shakti Uploading Files (trojan.rules)
2826553 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M2 May 31 2017 (current_events.rules)

[---]         Disabled rules:        [---]

2800389 - ETPRO MALWARE Trojan Downloader Exchanger.Gen2 (malware.rules)
2808734 - ETPRO MALWARE PUA.DNWRandomHack Checkin (malware.rules)
2810713 - ETPRO TROJAN Bedep CnC Beacon Response (trojan.rules)
2811867 - ETPRO TROJAN Win32/Unknown Checkin (trojan.rules)
2811973 - ETPRO TROJAN Win32/Korplug.FO Checkin (trojan.rules)
2821774 - ETPRO TROJAN Alma Locker CnC Beacon (trojan.rules)

[---]         Removed rules:         [---]

2839362 - ETPRO HUNTING Inbound Doc Containing WScript Shell (hunting.rules)
2839363 - ETPRO HUNTING Inbound Doc Containing WScript Network (hunting.rules)
2839365 - ETPRO HUNTING Inbound Doc Containing OS Shutdown Functionality (hunting.rules)

Date:
Summary title:
24 new Open, 49 new Pro (24 + 25). AZORult, MoleRAT, Remcos, Various Phish, Others.