Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/01/03

[***]            Summary:            [***]

1 new Open, 30 new Pro (1 + 29). Legion Loader, Nanobot.px, Cobalt Strike, and Various Phish.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029223 - ET TROJAN Legion Loader Activity Observed (carlos_castaneda) (trojan.rules)

Pro:

2840230 - ETPRO MOBILE_MALWARE Android FinSpy Checkin (mobile_malware.rules)
2840231 - ETPRO MOBILE_MALWARE Android FinSpy Checkin M2 (mobile_malware.rules)
2840232 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Egat.d App List Exfil (mobile_malware.rules)
2840233 - ETPRO POLICY External Geo IP Lookup - ipcode .pw (policy.rules)
2840234 - ETPRO TROJAN ArtraLoader CnC Activity (trojan.rules)
2840235 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-03 1) (trojan.rules)
2840236 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-03 2) (trojan.rules)
2840237 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-03 3) (trojan.rules)
2840238 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-03 4) (trojan.rules)
2840239 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-03 5) (trojan.rules)
2840240 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-03 6) (trojan.rules)
2840241 - ETPRO TROJAN Possible Cobalt Strike CnC via DNS TXT (trojan.rules)
2840242 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-01-03 (current_events.rules)
2840243 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-01-03 (current_events.rules)
2840244 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-01-03 (current_events.rules)
2840245 - ETPRO CURRENT_EVENTS Successful Blockchain Phish 2020-01-03 (current_events.rules)
2840246 - ETPRO CURRENT_EVENTS Successful Vakifbank Phish 2020-01-03 (current_events.rules)
2840247 - ETPRO CURRENT_EVENTS Successful Banco Bradesco Phish 2020-01-03 (current_events.rules)
2840248 - ETPRO CURRENT_EVENTS Successful Generic Multibank Phish 2020-01-03 (current_events.rules)
2840249 - ETPRO CURRENT_EVENTS Successful Associated Bank Phish 2020-01-03 (current_events.rules)
2840250 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-01-03 (current_events.rules)
2840251 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2020-01-03 (current_events.rules)
2840252 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2020-01-03 (current_events.rules)
2840253 - ETPRO CURRENT_EVENTS Successful Nubank Phish 2020-01-03 (current_events.rules)
2840254 - ETPRO CURRENT_EVENTS Successful Apple Phish 2020-01-03 (current_events.rules)
2840255 - ETPRO TROJAN Nanobot.px CnC Log Reporting (trojan.rules)
2840256 - ETPRO TROJAN MSIL/GenKryptik.DZXQ CnC Activity (trojan.rules)
2840257 - ETPRO TROJAN Win32/TrojanDownloader.Zurgop.AB Variant CnC Activity (trojan.rules)
2840258 - ETPRO TROJAN Win32/Alyak.F CnC Activity (trojan.rules)

Date:
Summary title:
1 new Open, 30 new Pro (1 + 29). Legion Loader, Nanobot.px, Cobalt Strike, and Various Phish.