Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/01/07

[***]            Summary:            [***]

2 new Open, 33 new Pro (2 + 31). AstroBot, Mermaid Ransomware, Parallax CnC Activity, APT33 PowerShell Implant, Various Suspicious Zipped Filename in Outbound POST Request, Various Coinminers and Various Phish.

tks: @malwrhunterteam

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029233 - ET TROJAN AstroBot CnC Activity (trojan.rules)
2029234 - ET TROJAN Mermaid Ransomware Variant CnC Activity M1 (trojan.rules)

Pro:

2840282 - ETPRO USER_AGENTS Observed Suspicious UA (getcmd) (user_agents.rules)
2840283 - ETPRO USER_AGENTS Observed Suspicious UA (Internet Explorer 8.0) (user_agents.rules)
2840284 - ETPRO MALWARE Win32/CNighPull Activity (malware.rules)
2840285 - ETPRO POLICY Observed PandaCoin User-Agent (policy.rules)
2840286 - ETPRO POLICY Observed PandaCoin P2P Activity (policy.rules)
2840287 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST Request (Filezilla/sitemanager.xml) (trojan.rules)
2840288 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST Request (Browsers.txt) (trojan.rules)
2840289 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST Request (Domains.txt) (trojan.rules)
2840290 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST Request (screen.) (trojan.rules)
2840291 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST Request (UserAgents.txt) (trojan.rules)
2840292 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-06 1) (trojan.rules)
2840293 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-06 2) (trojan.rules)
2840294 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-06 3) (trojan.rules)
2840295 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-06 4) (trojan.rules)
2840296 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-06 5) (trojan.rules)
2840297 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-06 6) (trojan.rules)
2840298 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish 2020-01-07 (current_events.rules)
2840299 - ETPRO CURRENT_EVENTS Successful American Express Phish 2020-01-07 (current_events.rules)
2840300 - ETPRO CURRENT_EVENTS Successful American Express Phish 2020-01-07 (current_events.rules)
2840301 - ETPRO CURRENT_EVENTS Successful American Express Phish 2020-01-07 (current_events.rules)
2840302 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-07 (current_events.rules)
2840303 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-01-07 (current_events.rules)
2840304 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2020-01-07 (current_events.rules)
2840305 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-01-07 (current_events.rules)
2840306 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-01-07 (current_events.rules)
2840307 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2020-01-07 (current_events.rules)
2840308 - ETPRO TROJAN Parallax CnC Activity M4 (set) (trojan.rules)
2840309 - ETPRO TROJAN Parallax CnC Activity M4 (trojan.rules)
2840311 - ETPRO TROJAN Suspected APT33 PowerShell Implant CnC Activity M2 (trojan.rules)
2840312 - ETPRO TROJAN Suspected APT33 PowerShell Implant CnC Activity M1 (trojan.rules)

Date:
Summary title:
2 new Open, 33 new Pro (2 + 31). AstroBot, Mermaid Ransomware, Parallax CnC Activity, APT33 PowerShell Implant, Various Suspicious Zipped Filename in Outbound POST Request, Various Coinminers and Various Phish.