Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/09/28

[***]            Summary:            [***]

6 new OPEN, 34 new PRO (6 + 28). FinSpy, Win32/Korplug, and VARIOUS Phishing
  
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030909 - ET SCAN ELF/Mirai Variant User-Agent (Inbound) (scan.rules)
  2030910 - ET TROJAN ELF/Mirai Variant User-Agent (Outbound) (trojan.rules)
  2030911 - ET WEB_SERVER Generic Webshell Accessed on Internal Compromised
Server (web_server.rules)
  2030912 - ET WEB_CLIENT Generic Webshell Accessed on External Compromised
Server (web_client.rules)
  2030913 - ET TROJAN FinSpy Related WinRAR Activity (trojan.rules)
  2030914 - ET TROJAN FinSpy Related Flash Installer Activity (trojan.rules)

Pro:

  2844651 - ETPRO TROJAN Win32.Alien.gen CnC Checkin (trojan.rules)
  2844652 - ETPRO TROJAN Win32/Korplug Init CnC Activity (trojan.rules)
  2844653 - ETPRO TROJAN Win32/Korplug CnC Checkin (trojan.rules)
  2844654 - ETPRO TROJAN Win32/Korplug CnC Keep-Alive (Outbound)
(trojan.rules)
  2844655 - ETPRO TROJAN Win32/Korplug CnC Keep-Alive (Inbound)
(trojan.rules)
  2844656 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-09-28 (current_events.rules)
  2844657 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2020-09-28
(current_events.rules)
  2844658 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-09-28 (current_events.rules)
  2844659 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-09-28 (current_events.rules)
  2844660 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-09-28 (current_events.rules)
  2844661 - ETPRO CURRENT_EVENTS Successful Ht-test.ru Hosted Generic Phish
2020-09-28 (current_events.rules)
  2844662 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-26 1) (trojan.rules)
  2844663 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-26 2) (trojan.rules)
  2844664 - ETPRO CURRENT_EVENTS Successful Yapikredi Phish 2020-09-28
(current_events.rules)
  2844665 - ETPRO CURRENT_EVENTS Successful Citibank Phish 2020-09-28
(current_events.rules)
  2844666 - ETPRO CURRENT_EVENTS Successful Citibank Phish 2020-09-28
(current_events.rules)
  2844667 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-09-28
(current_events.rules)
  2844668 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish
2020-09-28 (current_events.rules)
  2844669 - ETPRO CURRENT_EVENTS Possible Generic Phishing Redirect
(current_events.rules)
  2844670 - ETPRO TROJAN Observed Malicious SSL Cert (Raccoon Stealer)
(trojan.rules)
  2844671 - ETPRO TROJAN Win32/Remcos RAT Checkin 545 (trojan.rules)
  2844672 - ETPRO TROJAN Malicious SSL Certificate detected (AZORult CnC)
(trojan.rules)
  2844673 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844674 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844675 - ETPRO TROJAN Malicious SSL Certificate detected (AZORult CnC)
(trojan.rules)
  2844676 - ETPRO TROJAN Win32/Remcos RAT Checkin 546 (trojan.rules)
  2844677 - ETPRO TROJAN Win32/Remcos RAT Checkin 547 (trojan.rules)
  2844678 - ETPRO TROJAN Win32/Remcos RAT Checkin 548 (trojan.rules)

[///]     Modified active rules:     [///]

  2016567 - ET TROJAN Win32/Urausy.C Checkin 2 (trojan.rules)
  2019662 - ET TROJAN OSX/WireLurker CnC Beacon (trojan.rules)
  2019668 - ET CURRENT_EVENTS Nuclear SilverLight URI Struct (noalert)
(current_events.rules)
  2019687 - ET TROJAN Win32/Roficor.A (Darkhotel) Checkin 1 (trojan.rules)
  2019704 - ET TROJAN Emotet CnC Beacon (trojan.rules)
  2019737 - ET POLICY IP Check wtfismyip.com (policy.rules)
  2019801 - ET EXPLOIT D-Link IP Camera Vulnerable HTTP Request
(CVE-2013-1599) (exploit.rules)
  2019802 - ET EXPLOIT D-Link IP Camera Vulnerable HTTP Request
(CVE-2013-1600) (exploit.rules)
  2019803 - ET EXPLOIT D-Link IP Camera Vulnerable HTTP Request
(CVE-2013-1601) (exploit.rules)
  2019829 - ET TROJAN W32/Fin4.InfoStealer Uploading User Credentials CnC
Beacon (trojan.rules)
  2019838 - ET TROJAN HompesA Activity (trojan.rules)
  2019840 - ET TROJAN Trojan/MSIL.bfsx Checkin (trojan.rules)
  2019914 - ET POLICY HTTP Request to WebDAV CloudMe Service (policy.rules)
  2019919 - ET TROJAN Cloud Atlas CnC Beacon (trojan.rules)
  2019945 - ET TROJAN Trojan.Agent.AIXD Checkin (trojan.rules)
  2019948 - ET TROJAN W32/Symmi.46846 CnC Beacon (trojan.rules)
  2019957 - ET WEB_SERVER Generic PHP Remote File Include (web_server.rules)
  2019966 - ET TROJAN Win32/Poweliks.A Checkin 2 (trojan.rules)
  2019967 - ET CURRENT_EVENTS Evil Flash Redirector to RIG EK Dec 17 2014
(current_events.rules)
  2802828 - ETPRO TROJAN Win32.Fibbit.ax Checkin 1 (trojan.rules)
  2805831 - ETPRO MOBILE_MALWARE Android.Rabbhome /
Backdoor.AndroidOS.Fjcon.a Checkin (mobile_malware.rules)
  2807981 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Feejar.D Checkin
(mobile_malware.rules)
  2808161 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Opfake.a Checkin 9
(mobile_malware.rules)
  2809135 - ETPRO POLICY Win32/InstallIQ.A Checkin 2 (policy.rules)
  2809142 - ETPRO WEB_SERVER Microsoft Sharepoint XSS attempt (2014-4116)
(web_server.rules)
  2809171 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.a Checkin 8
(mobile_malware.rules)
  2809175 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.Systush.a Checkin
(mobile_malware.rules)
  2809209 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.fd Checkin 2
(mobile_malware.rules)
  2809212 - ETPRO TROJAN Win32/Kryptik.CQIR Checkin (trojan.rules)
  2809222 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Wroba.b Checkin
(mobile_malware.rules)
  2809223 - ETPRO TROJAN Win32/TrojanDownloader.Autoit.NVF Checkin
(trojan.rules)
  2809225 - ETPRO TROJAN Win32/Garveep.E Checkin (trojan.rules)
  2809251 - ETPRO TROJAN Win32/Notodar Checkin (trojan.rules)
  2809261 - ETPRO WEB_SPECIFIC_APPS Robotstats SQLi
(web_specific_apps.rules)
  2809265 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.Proreso.a Checkin
(mobile_malware.rules)
  2809270 - ETPRO TROJAN Win32/Jadtre.L Connectivity Check (trojan.rules)
  2809286 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.ap Checkin 2
(mobile_malware.rules)
  2809287 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.ap Checkin 3
(mobile_malware.rules)
  2809290 - ETPRO WEB_SPECIFIC_APPS PBBoard CMS SQLi CVE-2014-9215 1
(web_specific_apps.rules)
  2809291 - ETPRO WEB_SPECIFIC_APPS PBBoard CMS SQLi CVE-2014-9215 2
(web_specific_apps.rules)
  2809292 - ETPRO WEB_SPECIFIC_APPS PBBoard CMS SQLi CVE-2014-9215 3
(web_specific_apps.rules)
  2809296 - ETPRO WEB_SERVER Microsoft Outlook Web Access XSS attempt
(2014-6325) (web_server.rules)
  2809320 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.ef Checkin
(mobile_malware.rules)
  2809321 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.ef Checkin 2
(mobile_malware.rules)
  2809326 - ETPRO TROJAN INFOSTEALER.COMPFOLDER sending stolen files
(trojan.rules)
  2809327 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Dingwe.a Checkin
(mobile_malware.rules)
  2809332 - ETPRO MOBILE_MALWARE Android.Trojan.FakeInst.KB Checkin
(mobile_malware.rules)
  2809338 - ETPRO TROJAN Win32.Agobot Checkin (trojan.rules)
  2809349 - ETPRO WEB_SPECIFIC_APPS Download Manager WP Plugin Arbitrary
File Upload 2 (web_specific_apps.rules)
  2809351 - ETPRO TROJAN Win32/Ratosto.A Checkin (trojan.rules)
  2809371 - ETPRO TROJAN EXE/SCR disguised as compressed PDF set
(trojan.rules)
  2836246 - ETPRO TROJAN Win32/Raccoon Stealer POSTing Data (trojan.rules)
  2843774 - ETPRO TROJAN Win32/Mekotio Downloader CnC Checkin (trojan.rules)

[---]  Disabled and modified rules:  [---]

  2019661 - ET TROJAN OSX/WireLurker Checkin (trojan.rules)
  2019664 - ET TROJAN iOS/WireLurker CnC Beacon (trojan.rules)
  2019682 - ET WEB_CLIENT Operation Huyao Phishing Page Nov 07 2014
(web_client.rules)
  2019688 - ET TROJAN Win32/Roficor.A (Darkhotel) Checkin 2 (trojan.rules)
  2019710 - ET TROJAN VBS/Autorun.J Checkin (trojan.rules)
  2019741 - ET TROJAN W32/Matsnu.Backdoor CnC Beacon (trojan.rules)
  2019776 - ET TROJAN CoinVault POST M1 (trojan.rules)
  2019828 - ET TROJAN Trojan/W32.KRBanker.60928.C Checkin (trojan.rules)
  2019843 - ET TROJAN Vawtrak/NeverQuest Posting Data (trojan.rules)
  2019849 - ET TROJAN Possible Sony Breach Wiper Malware Download
(trojan.rules)
  2019915 - ET TROJAN Cloud Atlas Request to WebDAV CloudMe (trojan.rules)
  2019942 - ET TROJAN W32/TinyZBot Checkin (Operation Cleaver)
(trojan.rules)
  2019958 - ET MOBILE_MALWARE CoolReaper CnC Beacon 1 (mobile_malware.rules)
  2019978 - ET TROJAN Cryptolocker Ransom Page (trojan.rules)
  2805989 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Fakengry.b Checkin 3
(mobile_malware.rules)
  2807741 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Fakengry.b Checkin 2
(mobile_malware.rules)
  2808974 - ETPRO TROJAN Jaik Variant Checkin (trojan.rules)
  2809133 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Seldor.d Checkin
(mobile_malware.rules)
  2809138 - ETPRO MOBILE_MALWARE AndroidOS/FakeMarket.A Checkin
(mobile_malware.rules)
  2809164 - ETPRO MOBILE_MALWARE AndroidOS/Aks.B Checkin
(mobile_malware.rules)
  2809173 - ETPRO MOBILE_MALWARE Android.Riskware.SmsSend.WUG Checkin
(mobile_malware.rules)
  2809190 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.MTK.f Checkin
(mobile_malware.rules)
  2809207 - ETPRO TROJAN Backdoor.W32/OnionDuke.A Checkin (trojan.rules)
  2809213 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Galf.a Checkin
(mobile_malware.rules)
  2809215 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Binv.a Checkin
(mobile_malware.rules)
  2809216 - ETPRO MOBILE_MALWARE Android.Trojan.SmsSpy.FS Checkin
(mobile_malware.rules)
  2809221 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.SilTracker.a Checkin
(mobile_malware.rules)
  2809224 - ETPRO WEB_SPECIFIC_APPS Paid Memberships Pro 1.7.14.2 Path
Traversal Attempt (web_specific_apps.rules)
  2809234 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.FakePrin.a Checkin
(mobile_malware.rules)
  2809245 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.FakeDebugger Checkin
(mobile_malware.rules)
  2809268 - ETPRO TROJAN W32/PVZ-In Checkin (Operation Cleaver)
(trojan.rules)
  2809276 - ETPRO TROJAN W32/TinyZBot v1 Checkin (Operation Cleaver)
(trojan.rules)
  2809280 - ETPRO TROJAN Win32.Infostealer.Compfolder Checkin (trojan.rules)
  2809319 - ETPRO MOBILE_MALWARE AndroidOS.Riskware.DroidCoupon Checkin
(mobile_malware.rules)
  2809342 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Feejar.A Checkin
(mobile_malware.rules)
  2809345 - ETPRO MOBILE_MALWARE Android/Agent.DE Checkin
(mobile_malware.rules)
  2809362 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Wroba.f Checkin
(mobile_malware.rules)
  2809368 - ETPRO TROJAN Dyre Keep-Alive POST (trojan.rules)
  2809373 - ETPRO MOBILE_MALWARE Android/Agent.AK Checkin
(mobile_malware.rules)

Date:
Summary title:
6 new OPEN, 34 new PRO (6 + 28). FinSpy, Win32/Korplug, and VARIOUS Phishing