Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/01/05

[***]            Summary:            [***]

5 new OPEN, 25 new PRO (5 + 20). ElectroRAT, Jupyter Stealer, Xenotix Keylogger, Various Phishing.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2031478 - ET TROJAN ElectroRAT CnC Checkin (trojan.rules)
  2031479 - ET TROJAN ElectroRAT Command from Server (Screenshot)
(trojan.rules)
  2031480 - ET TROJAN ElectroRAT Command from Server (Get folder content)
(trojan.rules)
  2031481 - ET TROJAN Jupyter Stealer Reporting System Information M2
(trojan.rules)
  2031482 - ET TROJAN Malicious XSL file download (FTP) (trojan.rules)

Pro:

  2846351 - ETPRO USER_AGENTS Observed UA (WebSocket++/) (user_agents.rules)
  2846352 - ETPRO INFO Websockets Pong (keepalive) Response from Server
(info.rules)
  2846353 - ETPRO TROJAN Python/Backdoor.Xenotix.a Keylogger Exfil via SMTP
(trojan.rules)
  2846354 - ETPRO INFO Malformed User-Agent Containing Accept Header
(info.rules)
  2846355 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-05 1) (trojan.rules)
  2846356 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-05 2) (trojan.rules)
  2846357 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-05 3) (trojan.rules)
  2846358 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-05 4) (trojan.rules)
  2846359 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-05 5) (trojan.rules)
  2846360 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-05 6) (trojan.rules)
  2846361 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-05 7) (trojan.rules)
  2846362 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-05 8) (trojan.rules)
  2846363 - ETPRO CURRENT_EVENTS Successful Orange FR Phish 2021-01-05
(current_events.rules)
  2846364 - ETPRO TROJAN MSIL/TrojanDropper.Agent.DMA Variant CnC Exfil
(trojan.rules)
  2846365 - ETPRO TROJAN MSIL/TrojanDropper.Agent.DMA Variant CnC
Screenshot Exfil (trojan.rules)
  2846366 - ETPRO TROJAN MSIL/DueDLLigence CnC Domain in DNS Query
(trojan.rules)
  2846367 - ETPRO TROJAN MSIL/DueDLLigence CnC Domain in SNI (trojan.rules)
  2846368 - ETPRO TROJAN Win32/Remcos RAT Checkin 638 (trojan.rules)
  2846369 - ETPRO CURRENT_EVENTS Successful Harvest Bank Phish 2021-01-05
(current_events.rules)
  2846370 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-01-05
(current_events.rules)

[///]     Modified active rules:     [///]

  2030309 - ET EXPLOIT Wireless IP Camera (P2) WIFICAM Remote Code
Execution (exploit.rules)
  2839919 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Jocker.snt (owbe .com in
TLS SNI) (mobile_malware.rules)
  2845589 - ETPRO CURRENT_EVENTS Successful Deutsche Bank Credential Phish
2020-11-19 (current_events.rules)
  2845655 - ETPRO TROJAN Jupyter Stealer Activity (POST) (trojan.rules)

[---]         Disabled rules:        [---]

  2029931 - ET TROJAN 401TRG SMB Create AndX Request For Emotet Spreader
(trojan.rules)

Date:
Summary title:
5 new OPEN, 25 new PRO (5 + 20). ElectroRAT, Jupyter Stealer, Xenotix Keylogger, Various Phishing.