Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/01/06

[***]            Summary:            [***]

11 new OPEN, 24 new PRO (11 + 13). Devos Ransomware, IceRat, DTStealer, Various Phishing.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2031464 - ET TROJAN Win32/Ymacco.AA2F Checking (Multiple OS)
(trojan.rules)
  2031465 - ET TROJAN Win32/Ymacco.AA2F Checking (Multiple OS)
(trojan.rules)
  2031483 - ET CURRENT_EVENTS Apple Phishing Panel Accessed on Internal
Compromised Server (current_events.rules)
  2031484 - ET CURRENT_EVENTS Apple Phishing Panel Accessed on External
Compromised Server (current_events.rules)
  2031485 - ET TROJAN Possible IceRat CnC Acitivty (trojan.rules)
  2031486 - ET TROJAN IceRat Backdoor Checkin (trojan.rules)
  2031487 - ET TROJAN IceRat CnC Acitivty M2 (trojan.rules)
  2031488 - ET POLICY SSLv2 Used in Session (policy.rules)
  2031489 - ET POLICY SSLv3 Used in Session (policy.rules)
  2031490 - ET POLICY TLSv1.1 Used in Session (policy.rules)
  2031491 - ET POLICY TLSv1.0 Used in Session (policy.rules)

Pro:

  2846371 - ETPRO TROJAN Win32/Occamy.AA CnC Activity  (trojan.rules)
  2846372 - ETPRO TROJAN Observed Malicious SSL Cert (BitRAT) (trojan.rules)
  2846373 - ETPRO TROJAN Win32/DTStealer V3.x CnC Exfil (trojan.rules)
  2846374 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-06 1) (trojan.rules)
  2846375 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-06 2) (trojan.rules)
  2846376 - ETPRO CURRENT_EVENTS Successful American Express Phish
2021-01-06 (current_events.rules)
  2846377 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-01-06
(current_events.rules)
  2846378 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2021-01-06 (current_events.rules)
  2846379 - ETPRO CURRENT_EVENTS Successful DHL Phish 2021-01-06
(current_events.rules)
  2846380 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2846381 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2846382 - ETPRO TROJAN Devos Ransomware CnC Activity (trojan.rules)
  2846383 - ETPRO TROJAN Win32/TrojanDownloader.VB.KWB CnC Activity
(trojan.rules)

[///]     Modified active rules:     [///]

  2031233 - ET TROJAN Win32/Spy.Agent.QAQ Variant CnC Activity
(trojan.rules)
  2838753 - ETPRO TROJAN Win32/Koadic/Octopus Backdoor CnC Checkin
(trojan.rules)
  2840017 - ETPRO TROJAN Powershell.WC/Octopus Backdoor CnC Initial Checkin
(trojan.rules)
  2840018 - ETPRO TROJAN Powershell.WC/Octopus Backdoor CnC - Heartbeat
(trojan.rules)
  2840909 - ETPRO TROJAN Koadic/Octopus Backdoor Command Execution via CnC
(trojan.rules)

[---]         Removed rules:         [---]

  2031464 - ET POLICY Win32/Ymacco.AA2F Checking (Multiple OS)
(policy.rules)
  2031465 - ET POLICY Win32/Ymacco.AA2F Checking (Multiple OS)
(policy.rules)

Date:
Summary title:
11 new OPEN, 24 new PRO (11 + 13). Devos Ransomware, IceRat, DTStealer, Various Phishing.