Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/01/13

[***]            Summary:            [***]

2 new OPEN, 22 new PRO (2 + 20).  MSIL/Redcap.smofa, AsyncRAT, Various Phish, Others.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2031521 - ET TROJAN Observed Malicious SSL Cert (MassLogger) (trojan.rules)
  2031522 - ET TROJAN Win32/Qihoo360.J Variant Install Report (trojan.rules)

Pro:

  2846485 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
  2846486 - ETPRO POLICY Microsoft Remote Assistance Invitation File
in POST M1 (policy.rules)
  2846487 - ETPRO POLICY Microsoft Remote Assistance Invitation File
in POST M2 (policy.rules)
  2846488 - ETPRO TROJAN Ophir.MSRA Remote Desktop Init CnC Activity
(trojan.rules)
  2846489 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-13 1) (trojan.rules)
  2846490 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-13 2) (trojan.rules)
  2846491 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-13 3) (trojan.rules)
  2846492 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-13 4) (trojan.rules)
  2846493 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-13 5) (trojan.rules)
  2846494 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-13 6) (trojan.rules)
  2846495 - ETPRO CURRENT_EVENTS Successful Microsoft Email Encryption
Phish 2021-01-13 (current_events.rules)
  2846496 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2021-01-13
(current_events.rules)
  2846497 - ETPRO TROJAN MSIL/Spy.Agent.AES Variant CnC Activity (trojan.rules)
  2846498 - ETPRO TROJAN MSIL/Redcap.smofa Variant CnC Activity (trojan.rules)
  2846499 - ETPRO TROJAN MSIL/Redcap.smofa Variant CnC Host Checkin
(trojan.rules)
  2846500 - ETPRO CURRENT_EVENTS Successful Edevlet Phish 2021-01-13
(current_events.rules)
  2846501 - ETPRO CURRENT_EVENTS Successful My JCB Phish 2021-01-13
(current_events.rules)
  2846502 - ETPRO CURRENT_EVENTS Possible Successful GoPhish Hosted on
Azure Cloud (current_events.rules)
  2846503 - ETPRO TROJAN W32/QQPass.ELG!tr.pws Checkin (trojan.rules)
  2846504 - ETPRO TROJAN W32/QQPass.ELG!tr.pws Successful Checkin (trojan.rules)

[///]     Modified active rules:     [///]

  2025241 - ET TROJAN Banload CnC Activity (trojan.rules)
  2025652 - ET TROJAN [eSentire] Win32/Spy.Banker.ADIO CnC Checkin
(trojan.rules)
  2027697 - ET TROJAN VBA/TrojanDownloader.Agent.PAC Retreiving
Malicious VBScript (trojan.rules)
  2029707 - ET INFO Suspicious TLS SNI Request for Possible COVID-19
Domain M1 (info.rules)
  2825912 - ETPRO MALWARE Win32/TrojanClicker.Delf.NQR Retrieving URL
List (malware.rules)
  2828198 - ETPRO TROJAN Win32/Spy.Delf.QNO Banker Checkin (trojan.rules)
  2830628 - ETPRO TROJAN Win32/Agent.ZPN Checkin M2 2018-05-01 (trojan.rules)
  2830757 - ETPRO TROJAN Win32/TrojanDownloader.Delf.CKE Communicating
with CnC (trojan.rules)
  2830810 - ETPRO TROJAN Win32/Kryptik.GAHY CnC Checkin (trojan.rules)
  2832707 - ETPRO CURRENT_EVENTS Adfraud/BlackSEO Redirector (aff
027ed88f05536b6c1a41df968c0abb52) (current_events.rules)
  2833039 - ETPRO CURRENT_EVENTS JS Inbound Obfuscated Malvertising
Redirector (current_events.rules)
  2833096 - ETPRO TROJAN Win32/TVRAT Variant Checkin (trojan.rules)
  2834719 - ETPRO TROJAN SSL/TLS Certificate Observed (Fallout EK
Related) (trojan.rules)
  2837228 - ETPRO EXPLOIT JSP WebShell - Possible Upload M1 (exploit.rules)
  2837229 - ETPRO EXPLOIT JSP WebShell - Possible Upload M2 (exploit.rules)
  2837230 - ETPRO TROJAN Possible JSP WebShell Access M1 (trojan.rules)
  2837231 - ETPRO TROJAN Possible JSP WebShell Access M2 (trojan.rules)
  2837232 - ETPRO TROJAN Possible JSP WebShell Access M3 (trojan.rules)

[///]    Modified inactive rules:    [///]

  2828343 - ETPRO CURRENT_EVENTS MalDoc Checkin Oct 2017 (current_events.rules)

Date:
Summary title:
2 new OPEN, 22 new PRO (2 + 20). MSIL/Redcap.smofa, AsyncRAT, Various Phish, Others.