Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/03/05

[***]            Summary:            [***]

 8 new Open, 28 new Pro (8 + 20). Kimsuky, Polaris Botnet, Magniber
Ransomware, Magnitude EK JSE, and VARIOUS PHISHING

 Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2029576 - ET TROJAN Kimsuky Related Host Data Exfil (trojan.rules)
  2029577 - ET SCAN Polaris Botnet User-Agent (Inbound) (scan.rules)
  2029578 - ET TROJAN Polaris Botnet User-Agent (Outbound) (trojan.rules)
  2029579 - ET TROJAN Magniber Ransomware Retrieving Instructions
(trojan.rules)
  2029580 - ET TROJAN Magniber Ransomware CnC Domain in DNS Lookup
(trojan.rules)
  2029581 - ET TROJAN Magniber Ransomware CnC Domain in DNS Lookup
(trojan.rules)
  2029582 - ET CURRENT_EVENTS Magnitude EK JSE (current_events.rules)
  2029583 - ET TROJAN Kimsuky Related Host Data Exfil (trojan.rules)

Pro:

  2841383 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
  2841384 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-05 1) (trojan.rules)
  2841385 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-05 2) (trojan.rules)
  2841386 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-03-05
(current_events.rules)
  2841387 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-03-05
(current_events.rules)
  2841388 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2020-03-05
(current_events.rules)
  2841389 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-03-05
(current_events.rules)
  2841390 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-03-05 (current_events.rules)
  2841391 - ETPRO CURRENT_EVENTS Successful First National Bank Phish
2020-03-05 (current_events.rules)
  2841392 - ETPRO CURRENT_EVENTS Successful Box Phish 2020-03-05
(current_events.rules)
  2841393 - ETPRO CURRENT_EVENTS Successful Ionos 1&1 Webhosting Phish
2020-03-05 (current_events.rules)
  2841394 - ETPRO CURRENT_EVENTS Successful Mweb Mailbox Phish 2020-03-05
(current_events.rules)
  2841395 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-03-05
(current_events.rules)
  2841396 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-03-05
(current_events.rules)
  2841397 - ETPRO CURRENT_EVENTS Successful Netease 163 Phish 2020-03-05
(current_events.rules)
  2841398 - ETPRO CURRENT_EVENTS Successful Generic Banking Information
Phish 2020-03-05 (current_events.rules)
  2841399 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-03-05 (current_events.rules)
  2841400 - ETPRO CURRENT_EVENTS Possible Successful Chase Phish 2020-03-05
(current_events.rules)
  2841401 - ETPRO MALWARE Win32/Adware.Hai33.A Installation Activity
(malware.rules)
  2841402 - ETPRO TROJAN Win32/Agent.YSL CnC Activity (trojan.rules)

 [///]     Modified active rules:     [///]

  2022295 - ET WEB_SERVER WeBaCoo Web Backdoor Detected (web_server.rules)
  2022357 - ET TROJAN Linux/Torte Downloading Binary (trojan.rules)
  2022466 - ET CURRENT_EVENTS Possible Keitaro TDS Redirect
(current_events.rules)
  2022554 - ET EXPLOIT FireEye Detection Evasion %temp% attempt - Inbound
(exploit.rules)
  2022657 - ET TROJAN IrcBot Downloading .old (trojan.rules)
  2022697 - ET WEB_CLIENT Fake AV Phone Scam Landing Apr 4
(web_client.rules)
  2022723 - ET MALWARE Win32/Adware.Adposhel.A Checkin 4 (malware.rules)
  2022894 - ET CURRENT_EVENTS SUSPICIOUS Firesale gTLD IE Flash request to
set non-standard filename (some overlap with 2021752) (current_events.rules)
  2022900 - ET TROJAN FOX-SRT ShimRat check-in (Data) (trojan.rules)
  2022902 - ET TROJAN FOX-SRT ShimRat check-in (Yuok) (trojan.rules)
  2022939 - ET CURRENT_EVENTS Possible Pony DLL Download
(current_events.rules)
  2022940 - ET CURRENT_EVENTS Possible Malicous Macro DL EXE Jul 01 2016
(userdir dotted quad) (current_events.rules)
  2022941 - ET CURRENT_EVENTS Possible Malicous Macro DL EXE Jul 01 2016
(dll generic custom headers) (current_events.rules)
  2022988 - ET TROJAN Win32/Pottieq.A Check-in (trojan.rules)
  2023075 - ET EXPLOIT Equation Group EGREGIOUSBLUNDER Fortigate Exploit
Attempt (exploit.rules)
  2023138 - ET CURRENT_EVENTS Suspicious Proxifier DL (non-browser observed
in maldoc campaigns) (current_events.rules)
  2023203 - ET TROJAN Quant Loader Download Request (trojan.rules)
  2023583 - ET TROJAN Known Malicious Doc Downloading Payload Dec 06 2016
(trojan.rules)
  2024121 - ET EXPLOIT NETGEAR WNR2000v5 hidden_lang_avi Stack Overflow
(CVE-2016-10174) (exploit.rules)
  2024171 - ET MOBILE_MALWARE Android Trojan Pegasus CnC Beacon
(mobile_malware.rules)
  2024175 - ET TROJAN Red Leaves HTTP CnC Beacon (APT10 implant)
(trojan.rules)
  2024183 - ET TROJAN Possible Turla Carbon Paper CnC Beacon (Fake
User-Agent) (trojan.rules)
  2024223 - ET TROJAN MSIL/Runsome Ransomware CnC Checkin (trojan.rules)
  2024272 - ET TROJAN W32.Geodo/Emotet Checkin (trojan.rules)
  2024274 - ET TROJAN W32/Emotet CnC Beacon 1 (trojan.rules)
  2024275 - ET TROJAN W32/Emotet CnC Beacon 2 (trojan.rules)
  2024276 - ET TROJAN MSIL/OzazaLocker Ransomware CnC Checkin (trojan.rules)
  2825924 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.FY CnC Beacon 2
(mobile_malware.rules)
  2825992 - ETPRO TROJAN MSIL/Possessor Keylogger Reporting External IP
(trojan.rules)
  2825993 - ETPRO TROJAN MSIL/Possessor Keylogger HTTP Logging M2
(trojan.rules)
  2825998 - ETPRO TROJAN Malicious JS Download Request (trojan.rules)
  2826018 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Fyec.bna CnC Beacon
(mobile_malware.rules)
  2826026 - ETPRO TROJAN MSIL/Softmalaria Trojan CnC Checkin (trojan.rules)
  2826033 - ETPRO MOBILE_MALWARE Android/SMSreg.GB Checkin 3
(mobile_malware.rules)
  2826046 - ETPRO MOBILE_MALWARE Android.Trojan.SLocker.TX CnC Beacon
(mobile_malware.rules)
  2826061 - ETPRO MOBILE_MALWARE Android.Trojan.Guerrilla.n Checkin
(mobile_malware.rules)
  2826072 - ETPRO MOBILE_MALWARE Android/Adware.Kuguo.C Checkin 2
(mobile_malware.rules)
  2826098 - ETPRO MOBILE_MALWARE Android/Monitor.Drower.B SMS Exfil
(mobile_malware.rules)
  2826099 - ETPRO TROJAN MSIL/Spy.Agent.AUE Checkin (trojan.rules)
  2826100 - ETPRO MOBILE_MALWARE Android.Adware.Wapsx.A CnC Beacon
(mobile_malware.rules)
  2826103 - ETPRO MOBILE_MALWARE Android.Adware.Dowgin.gQAM Checkin
(mobile_malware.rules)
  2826112 - ETPRO MOBILE_MALWARE Android/SMForw.RL Contact Exfil
(mobile_malware.rules)
  2826154 - ETPRO TROJAN Cobalt Strike Malleable C2 Webbug Profile
(trojan.rules)
  2826176 - ETPRO MOBILE_MALWARE Android Unknown Trojan-Spy CnC Beacon
(mobile_malware.rules)
  2826177 - ETPRO MOBILE_MALWARE Android Unknown Trojan-Spy Contact Exfil
(mobile_malware.rules)
  2826178 - ETPRO TROJAN Cobalt Strike Malleable C2 Amazon Profile
(trojan.rules)
  2826183 - ETPRO TROJAN APT.ChChes CnC Beacon 3 (trojan.rules)
  2826203 - ETPRO TROJAN Trojan/AutoIT RMS Dropper Checkin (trojan.rules)
  2826205 - ETPRO TROJAN Possible Linux.Shishiga HTTP Fake 404 Response
(trojan.rules)

 [---]         Disabled rules:        [---]

  2024270 - ET TROJAN Kazuar CnC Beacon (trojan.rules)

Date:
Summary title:
8 new Open, 28 new Pro (8 + 20). Kimsuky, Polaris Botnet, Magniber Ransomware, Magnitude EK JSE, and VARIOUS PHISHING