Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/09/17

[***]            Summary:            [***]

9 new Open, 10 new Pro (9 + 10). Cobalt Strike, Glupteba, njRAT variant, Win32/Lemony, MSIL/SpyGate.

Thanks: Travis Green (@travisbgreen), @jeFF0Falltrades

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2028588 - ET TROJAN [TGI] Cobalt Strike Malleable C2 Request (O365 Profile) (trojan.rules)
2028589 - ET TROJAN [TGI] Cobalt Strike Malleable C2 Response (O365 Profile) M2 (trojan.rules)
2028590 - ET TROJAN [TGI] Cobalt Strike Malleable C2 Response (YouTube Profile) (trojan.rules)
2028591 - ET TROJAN [TGI] Cobalt Strike Malleable C2 Request (YouTube Profile) (trojan.rules)
2028592 - ET TROJAN Glupteba CnC Observed in DNS Query (trojan.rules)
2028593 - ET TROJAN Glupteba CnC Observed in DNS Query (trojan.rules)
2028594 - ET TROJAN Glupteba CnC Observed in DNS Query (trojan.rules)
2028595 - ET TROJAN Glupteba CnC Observed in DNS Query (trojan.rules)
2028596 - ET TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-09-17 1) (trojan.rules)

Pro:

2838483 - ETPRO TROJAN Win32/Unk.Wasp CnC Checkin (trojan.rules)
2838484 - ETPRO TROJAN Win32/CryptInject.BE!MTB Stealer CnC Checkin (trojan.rules)
2838485 - ETPRO TROJAN njRAT/Bladabindi Variant CnC Checkin (ll) (trojan.rules)
2838486 - ETPRO TROJAN njRAT/Bladabindi Variant CnC Activity (inf) (trojan.rules)
2838487 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC) (trojan.rules)
2838488 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-09-17) (current_events.rules)
2838489 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-09-17 2) (current_events.rules)
2838490 - ETPRO TROJAN Win32/Lemony CnC Checkin (trojan.rules)
2838491 - ETPRO TROJAN MSIL/Agent.CED Execute Command Inbound (trojan.rules)
2838492 - ETPRO TROJAN MSIL/SpyGate CnC Activity (trojan.rules)

[///]     Modified active rules:     [///]

2022858 - ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign (current_events.rules)
2026097 - ET TROJAN Suspected Monero Miner CnC Channel TXT Lookup (trojan.rules)
2836612 - ETPRO TROJAN Throwback Related DNS Lookup (trojan.rules)

Date:
Summary title:
9 new Open, 10 new Pro (9 + 10). Cobalt Strike, Glupteba, njRAT variant, Win32/Lemony, MSIL/SpyGate.