Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/01/12

[***]            Summary:            [***]

12 new OPEN, 35 new PRO (12 + 23).  PlugX, ServHelper, Remcos, Various Phish, Others.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2031509 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Hawkshaw.a
(bald-panel .firebaseio .com in DNS Lookup) (mobile_malware.rules)
  2031510 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Hawkshaw.a
(hawkshaw-cae48 .firebaseio .com in DNS Lookup) (mobile_malware.rules)
  2031511 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Hawkshaw.a
(spitfirepanel .firebaseio .com in DNS Lookup) (mobile_malware.rules)
  2031512 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Hawkshaw.a
(phoenix-panel .firebaseio .com in DNS Lookup) (mobile_malware.rules)
  2031513 - ET WEB_SERVER Generic Mailer Accessed on Internal
Compromised Server (web_server.rules)
  2031514 - ET WEB_CLIENT Generic Mailer Accessed on External
Compromised Server (web_client.rules)
  2031515 - ET TROJAN Known Sinkhole Response Kryptos Logic (trojan.rules)
  2031516 - ET CURRENT_EVENTS Observed KnowB4/Popcorn Training
Simulated Phish Landing Page M1 (current_events.rules)
  2031517 - ET CURRENT_EVENTS Observed KnowB4/Popcorn Training
Simulated Phish Landing Page M2 (current_events.rules)
  2031518 - ET CURRENT_EVENTS Observed KnowB4/Popcorn Training
Simulated Phish Landing Page M3 (current_events.rules)
  2031519 - ET CURRENT_EVENTS Observed KnowB4/Popcorn Training
Simulated Phish Landing Page M4 (current_events.rules)
  2031520 - ET TROJAN PlugX DNS Lookup (trojan.rules)

Pro:

  2846462 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Hiddad.ge Checkin
(mobile_malware.rules)
  2846463 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Hiddad.ge Checkin 2
(mobile_malware.rules)
  2846464 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.GinMaster Checkin
(mobile_malware.rules)
  2846465 - ETPRO MOBILE_MALWARE Android/Spy.Banker.ARV Reporting
Location (mobile_malware.rules)
  2846466 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
  2846467 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-11 1) (trojan.rules)
  2846468 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-11 2) (trojan.rules)
  2846469 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-11 3) (trojan.rules)
  2846470 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-11 4) (trojan.rules)
  2846471 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-11 5) (trojan.rules)
  2846472 - ETPRO CURRENT_EVENTS Successful Capital One Phish
2021-01-12 (current_events.rules)
  2846473 - ETPRO CURRENT_EVENTS Successful Sparkasse Phish 2021-01-12
(current_events.rules)
  2846474 - ETPRO CURRENT_EVENTS Successful ING Phish 2021-01-12
(current_events.rules)
  2846475 - ETPRO TROJAN Win32/Agent.XUT Variant CnC Activity (trojan.rules)
  2846476 - ETPRO TROJAN Malicious SSL Certificate detected (PlugX
CnC) (trojan.rules)
  2846477 - ETPRO TROJAN Malicious SSL Certificate detected
(ServHelper CnC) (trojan.rules)
  2846478 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
  2846479 - ETPRO TROJAN Win32/Remcos RAT Checkin 641 (trojan.rules)
  2846480 - ETPRO TROJAN Win32/Remcos RAT Checkin 642 (trojan.rules)
  2846481 - ETPRO TROJAN Win32/Remcos RAT Checkin 643 (trojan.rules)
  2846482 - ETPRO TROJAN Win32/Remcos RAT Checkin 644 (trojan.rules)
  2846483 - ETPRO TROJAN Win32/Remcos RAT Checkin 645 (trojan.rules)
  2846484 - ETPRO TROJAN Win32.Raccoon Stealer CnC Domain in TLS SNI
(trojan.rules)

[---]         Removed rules:         [---]

  2837524 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.Agent.bv Checkin
(mobile_malware.rules)

Date:
Summary title:
12 new OPEN, 35 new PRO (12 + 23). PlugX, ServHelper, Remcos, Various Phish, Others.