Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/01/04

[***]            Summary:            [***]

7 new OPEN, 30 new PRO (7 + 23). OceanLotus, AsyncRAT, GrowTopia, Various Phishing.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2013208 - ET POLICY Mobile Device Posting Phone Number (policy.rules)
  2031472 - ET WEB_SERVER Generic Webshell Accessed on Internal Compromised
Server (web_server.rules)
  2031473 - ET WEB_CLIENT Generic Webshell Accessed on External Compromised
Server (web_client.rules)
  2031474 - ET TROJAN APT32/OceanLotus CnC Domain in DNS Lookup (mykessef
.com) (trojan.rules)
  2031475 - ET TROJAN APT32/OceanLotus CnC Domain in DNS Lookup (mihannevis
.com) (trojan.rules)
  2031476 - ET TROJAN APT32/OceanLotus CnC Domain in DNS Lookup (idtpl
.org) (trojan.rules)
  2031477 - ET TROJAN Win32/Ymacco.AA1C Activity (trojan.rules)

Pro:

  2846328 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
  2846329 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
  2846330 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
  2846331 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
  2846332 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
  2846333 - ETPRO USER_AGENTS Observed UA (Shockwave Flash)
(user_agents.rules)
  2846334 - ETPRO TROJAN Win32/Z-Builder Growtopia Stealer Exfil via
Discord (trojan.rules)
  2846335 - ETPRO CURRENT_EVENTS Successful Hong Kong Post Phish 2021-01-04
(current_events.rules)
  2846336 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2021-01-04 (current_events.rules)
  2846337 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2021-01-04 (current_events.rules)
  2846338 - ETPRO CURRENT_EVENTS Successful Gov UK Tax Update Phish
2021-01-04 (current_events.rules)
  2846339 - ETPRO CURRENT_EVENTS Successful Compromised Wordpress Hosted FR
Phish 2021-01-04 (current_events.rules)
  2846340 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-01-04
(current_events.rules)
  2846341 - ETPRO CURRENT_EVENTS Successful MyEE Phish 2021-01-04
(current_events.rules)
  2846342 - ETPRO CURRENT_EVENTS Successful TD Ameritrade Phish 2021-01-04
(current_events.rules)
  2846343 - ETPRO CURRENT_EVENTS Successful Interbank Phish 2021-01-04
(current_events.rules)
  2846344 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2021-01-04 (current_events.rules)
  2846345 - ETPRO CURRENT_EVENTS Successful Generic Compromised Wordpress
Phish 2021-01-04 (current_events.rules)
  2846346 - ETPRO TROJAN MSIL/Injector.PKW Variant CnC Activity
(trojan.rules)
  2846347 - ETPRO TROJAN Win32/Doggo Loader CnC Activity (trojan.rules)
  2846348 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-01 1) (trojan.rules)
  2846349 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-01 2) (trojan.rules)
  2846350 - ETPRO CURRENT_EVENTS Successful Frost Bank Phish 2021-01-04
(current_events.rules)

[---]         Removed rules:         [---]

  2013208 - ET MOBILE_MALWARE Mobile Device Posting Phone Number
(mobile_malware.rules)

Date:
Summary title:
7 new OPEN, 30 new PRO (7 + 23). OceanLotus, AsyncRAT, GrowTopia, Various Phishing.