Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/01/11

[***]            Summary:            [***]

1 new OPEN, 34 new PRO (1 + 33).  AsyncRAT, DonotGroup, Various Phish, Others.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2031508 - ET WEB_CLIENT Generic Attempted Executable Drop via
VBScript (web_client.rules)

Pro:

  2846429 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
  2846430 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
  2846431 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
  2846432 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
  2846433 - ETPRO TROJAN Observed Possible Malicious SSL Cert
(AsyncRAT) (trojan.rules)
  2846434 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
  2846435 - ETPRO TROJAN Unk.Pascal Steal Activity (trojan.rules)
  2846436 - ETPRO TROJAN Matiex Keylogger CnC Exfil via Telegram (trojan.rules)
  2846437 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-09 1) (trojan.rules)
  2846438 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-09 2) (trojan.rules)
  2846439 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-09 3) (trojan.rules)
  2846440 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2021-01-11 (current_events.rules)
  2846441 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2021-01-11 (current_events.rules)
  2846442 - ETPRO CURRENT_EVENTS Successful Capital One Phish
2021-01-11 (current_events.rules)
  2846443 - ETPRO CURRENT_EVENTS Successful Huntington Bank Phish
2021-01-11 (current_events.rules)
  2846444 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2021-01-11 (current_events.rules)
  2846445 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-01-11
(current_events.rules)
  2846446 - ETPRO CURRENT_EVENTS Successful Amazon Refund Phish
2021-01-11 (current_events.rules)
  2846447 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2021-01-11
(current_events.rules)
  2846448 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-01-11
(current_events.rules)
  2846449 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2021-01-11
(current_events.rules)
  2846450 - ETPRO CURRENT_EVENTS Successful Suncorp Internet Banking
Phish 2021-01-11 (current_events.rules)
  2846451 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2021-01-11 (current_events.rules)
  2846452 - ETPRO CURRENT_EVENTS Successful Generic Shared File Phish
2021-01-11 (current_events.rules)
  2846453 - ETPRO CURRENT_EVENTS Successful Intuit Phish 2021-01-11
(current_events.rules)
  2846454 - ETPRO CURRENT_EVENTS Possible Successful Instagram Phish
2021-01-11 (current_events.rules)
  2846455 - ETPRO TROJAN Win32/Spy.Bancos.NLB Variant CnC Activity
(trojan.rules)
  2846456 - ETPRO TROJAN Win32/Vnfraye.A CnC Activity (trojan.rules)
  2846457 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound) (trojan.rules)
  2846458 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2846459 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
  2846460 - ETPRO POLICY CharCode Obfuscated PowerShell Inbound M1
(policy.rules)
  2846461 - ETPRO POLICY CharCode Obfuscated PowerShell Inbound M2
(policy.rules)

Date:
Summary title:
1 new OPEN, 34 new PRO (1 + 33). AsyncRAT, DonotGroup, Various Phish, Others.