Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/01/08

[***]            Summary:            [***]

6 new Open, 26 new Pro (6 + 20). Rarog, Oski, Magician/M461c14n Ransomware, MuddyWater DNSClient, Remcos, Various Coinminers and Various Phish.

tks: @malwrhunterteam

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029235 - ET TROJAN Win32/Rarog Stealer CnC Checkin (trojan.rules)
2029236 - ET TROJAN Win32/Oski Stealer Data Exfil (trojan.rules)
2029237 - ET TROJAN Magician/M461c14n Ransomware CnC Checkin (trojan.rules)
2029238 - ET MALWARE Legion Loader Activity Observed (malware.rules)
2029239 - ET TROJAN DonotGroup Staging Domain Observed in DNS Query (trojan.rules)
2029240 - ET TROJAN Win32/Filecoder.NZK Variant (trojan.rules)

Pro:

2840313 - ETPRO TROJAN Observed DNS Query to MuddyWater DNSClient Domain (trojan.rules)
2840314 - ETPRO TROJAN Observed DNS Query to MuddyWater DNSClient Domain (trojan.rules)
2840315 - ETPRO POLICY Observed HTTP Request to *.pythonanywhere .com Domain (policy.rules)
2840316 - ETPRO USER_AGENTS Observed Suspicious UA (HttpSend) (user_agents.rules)
2840317 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-08 1) (trojan.rules)
2840318 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-08 2) (trojan.rules)
2840319 - ETPRO CURRENT_EVENTS Successful My3 Phish 2020-01-08 (current_events.rules)
2840320 - ETPRO CURRENT_EVENTS Successful AOL Phish 2020-01-08 (current_events.rules)
2840321 - ETPRO CURRENT_EVENTS Successful Agibank Phish 2020-01-08 (current_events.rules)
2840322 - ETPRO CURRENT_EVENTS Successful BNP Paribas Phish 2020-01-08 (current_events.rules)
2840323 - ETPRO CURRENT_EVENTS Successful BNP Paribas Phish 2020-01-08 (current_events.rules)
2840324 - ETPRO CURRENT_EVENTS Successful DHL Phish 2020-01-08 (current_events.rules)
2840325 - ETPRO CURRENT_EVENTS Successful Verified by Visa Phish 2020-01-08 (current_events.rules)
2840326 - ETPRO CURRENT_EVENTS Successful Apple Phish 2020-01-08 (current_events.rules)
2840327 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2020-01-08 (current_events.rules)
2840328 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi CnC) (trojan.rules)
2840329 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules)
2840330 - ETPRO TROJAN Win32/Agent.AAON Variant Checkin (trojan.rules)
2840331 - ETPRO TROJAN Win32/Agent.AAON Variant Downloading Stage 2 (trojan.rules)
2840332 - ETPRO TROJAN Win32/Remcos RAT Checkin 301 (trojan.rules)

Date:
Summary title:
6 new Open, 26 new Pro (6 + 20). Rarog, Oski, Magician/M461c14n Ransomware, MuddyWater DNSClient, Remcos, Various Coinminers and Various Phish.