Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/01/10

[***]            Summary:            [***]

9 new Open, 44 new Pro (9 + 35). Ursnif SAIGON Variant, PS/PowDesk, Win32/Agent.UAF, ChikonStealer, Remcos, Various Coinminers and Various Phish.

tks: @401TRG, SentialOne/Jason Reaves. TIIF.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029246 - ET TROJAN Observed DNS Query to Ursnif SAIGON Variant CnC Domain (trojan.rules)
2029247 - ET TROJAN Observed DNS Query to Ursnif SAIGON Variant CnC Domain (trojan.rules)
2029248 - ET TROJAN Observed DNS Query to Ursnif SAIGON Variant CnC Domain (trojan.rules)
2029249 - ET TROJAN Observed DNS Query to Ursnif SAIGON Variant CnC Domain (trojan.rules)
2029250 - ET TROJAN Observed DNS Query to Ursnif SAIGON Variant CnC Domain (trojan.rules)
2029251 - ET TROJAN Observed DNS Query to Ursnif SAIGON Variant CnC Domain (trojan.rules)
2029252 - ET TROJAN Observed DNS Query to Ursnif SAIGON Variant CnC Domain (trojan.rules)
2029253 - ET TROJAN [401TRG] PS/PowDesk Checkin (APT34) (trojan.rules)
2029254 - ET TROJAN DonotGroup CnC Domain Observed in DNS Query (trojan.rules)

Pro:

2827129 - ETPRO MALWARE Win32/LightSee.D Variant Checkin (malware.rules)
2840358 - ETPRO TROJAN Win32/Agent.UAF Variant CnC M1 (trojan.rules)
2840359 - ETPRO TROJAN Win32/Agent.UAF Variant CnC M2 (trojan.rules)
2840360 - ETPRO TROJAN Win32/Agent.UAF Variant CnC M3 (trojan.rules)
2840361 - ETPRO MALWARE Win32/Agent.UAF Adware Activity (malware.rules)
2840362 - ETPRO TROJAN ChikonStealer CnC Data Exfil (trojan.rules)
2840363 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2020-01-10) (current_events.rules)
2840364 - ETPRO TROJAN Observed Malicious SSL Cert (Teamviewer Bot CnC) (trojan.rules)
2840365 - ETPRO CURRENT_EVENTS Successful IRS Phish 2020-01-10 (current_events.rules)
2840366 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-10 1) (trojan.rules)
2840367 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-10 2) (trojan.rules)
2840368 - ETPRO CURRENT_EVENTS Successful RBFCU Phish 2020-01-10 (current_events.rules)
2840369 - ETPRO CURRENT_EVENTS Successful Western Union Phish 2020-01-10 (current_events.rules)
2840370 - ETPRO CURRENT_EVENTS Successful American Express Phish 2020-01-10 (current_events.rules)
2840371 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-01-10 (current_events.rules)
2840372 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish 2020-01-10 (current_events.rules)
2840373 - ETPRO CURRENT_EVENTS Successful Banco Estado Phish 2020-01-10 (current_events.rules)
2840374 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2020-01-10 (current_events.rules)
2840375 - ETPRO CURRENT_EVENTS Successful Netease 163 Phish 2020-01-10 (current_events.rules)
2840376 - ETPRO CURRENT_EVENTS Successful Nedbank Phish 2020-01-10 (current_events.rules)
2840377 - ETPRO CURRENT_EVENTS Successful Apple iCloud Phish 2020-01-10 (current_events.rules)
2840378 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-01-10 (current_events.rules)
2840379 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2020-01-10 (current_events.rules)
2840380 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound) (trojan.rules)
2840381 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2840382 - ETPRO TROJAN Win32/QQWare Variant Checkin (trojan.rules)
2840383 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC) (trojan.rules)
2840384 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules)
2840386 - ETPRO TROJAN Win32/Remcos RAT Checkin 302 (trojan.rules)
2840387 - ETPRO TROJAN Win32/Remcos RAT Checkin 303 (trojan.rules)
2840388 - ETPRO TROJAN Win32/Remcos RAT Checkin 304 (trojan.rules)
2840389 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2840390 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC) (trojan.rules)
2840391 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC) 2020-01-10 (trojan.rules)

[///]     Modified active rules:     [///]

2815847 - ETPRO TROJAN Win32/TrojanClicker.VB.OJQ Variant Checkin (trojan.rules)
2816654 - ETPRO TROJAN MSIL/Agent.AJN Variant Checkin (trojan.rules)
2825913 - ETPRO TROJAN W32/Ramnit.A Downloader Request (trojan.rules)
2838234 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-08-29 (current_events.rules)
2840356 - ETPRO TROJAN Clown Ransomware Telegram Checkin (trojan.rules)

Date:
Summary title:
9 new Open, 44 new Pro (9 + 35). Ursnif SAIGON Variant, PS/PowDesk, Win32/Agent.UAF, ChikonStealer, Remcos, Various Coinminers and Various Phish.