[Emerging-updates] Daily Ruleset Update Summary 2020/12/23

Jason Taylor jastaylor at emergingthreats.net
Wed Dec 23 14:14:40 HST 2020


[***]            Summary:            [***]

2 new OPEN, 22 new PRO (2 + 20). CobaltStrike, FormBook, AsyncRAT,
Remcos, Various Mobile, Various Phish.

Due to the holidays there will be no rule pushes on 2020-12-24 or 2020-12-25.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2031449 - ET TROJAN FormBook CnC Checkin (GET) (trojan.rules)
  2031450 - ET TROJAN Worm.Win32.Balucaf.A Checkin (trojan.rules)
  2031451 - ET TROJAN Observed CobaltStrike/TEARDROP CnC Domain Domain
in TLS SNI (mobilnweb .com) (trojan.rules)
  2031452 - ET TROJAN Observed CobaltStrike/TEARDROP CnC Domain Domain
in DNS Query (trojan.rules)
  2031453 - ET TROJAN FormBook CnC Checkin (GET) (trojan.rules)
Pro:

  2846240 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 52
(mobile_malware.rules)
  2846241 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 53
(mobile_malware.rules)
  2846242 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 54
(mobile_malware.rules)
  2846243 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 55
(mobile_malware.rules)
  2846244 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 56
(mobile_malware.rules)
  2846245 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 57
(mobile_malware.rules)
  2846246 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
  2846247 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
  2846248 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-23 1) (trojan.rules)
  2846249 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-23 2) (trojan.rules)
  2846250 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-23 3) (trojan.rules)
  2846251 - ETPRO CURRENT_EVENTS Successful Hinet Webmail Phish
2020-12-23 (current_events.rules)
  2846252 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish
2020-12-23 (current_events.rules)
  2846253 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document
Phish 2020-12-23 (current_events.rules)
  2846254 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2020-12-23
(current_events.rules)
  2846255 - ETPRO TROJAN Observed Win32.Raccoon Stealer CnC Domain in
TLS SNI (trojan.rules)
  2846256 - ETPRO TROJAN DCRat Initial Checkin Server Response M2 (trojan.rules)
  2846257 - ETPRO TROJAN Win32/Remcos RAT Checkin 634 (trojan.rules)
  2846258 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
  2846259 - ETPRO CURRENT_EVENTS Successful Bancorp Phish 2020-12-23
(current_events.rules)

[///]     Modified active rules:     [///]

  2031316 - ET TROJAN Suspected APT LuckyMouse BlueTraveller CnC (trojan.rules)
  2842317 - ETPRO TROJAN Win32/Emotet CnC Activity (POST) M9 (trojan.rules)

[---]  Disabled and modified rules:  [---]

  2012198 - ET TROJAN Possible Worm W32.Svich or Other Infection
Request for setting.ini (trojan.rules)

[---]         Removed rules:         [---]

  2803740 - ETPRO TROJAN Worm.Win32.Balucaf.A Checkin (trojan.rules)


More information about the Emerging-updates mailing list