Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/01/14

[***]            Summary:            [***]

3 new OPEN, 20 new PRO (3 + 17).  Remcos, CobaltStrike, Various Phish, Others.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2031523 - ET INFO Suspicious HTTP POST Only Containing Password -
Possible Phishing (info.rules)
  2031524 - ET INFO Suspicious HTTP POST Only Containing Pass -
Possible Phishing (info.rules)
  2031525 - ET MOBILE_MALWARE ITW Android Post-Exploit Downloader CnC
Activity (mobile_malware.rules)

Pro:

  2846505 - ETPRO TROJAN Win32/Neshuta Backdoor CnC Checkin (trojan.rules)
  2846506 - ETPRO TROJAN Unk.Kettu Stealer CnC Checkin (trojan.rules)
  2846507 - ETPRO TROJAN Unk.Kettu Stealer Screenshot Exfil (trojan.rules)
  2846508 - ETPRO CURRENT_EVENTS Successful Impots Gouv FR Phish
2021-01-14 (current_events.rules)
  2846509 - ETPRO CURRENT_EVENTS Successful Impots Gouv FR Phish
2021-01-14 (current_events.rules)
  2846510 - ETPRO CURRENT_EVENTS Successful Adobe Document Cloud Phish
2021-01-14 (current_events.rules)
  2846511 - ETPRO CURRENT_EVENTS Successful IRS Phish 2021-01-14
(current_events.rules)
  2846512 - ETPRO CURRENT_EVENTS Successful Microsoft Live Phish
2021-01-14 (current_events.rules)
  2846513 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
2021-01-14 (current_events.rules)
  2846514 - ETPRO MALWARE Win32/FlyStudio.HackTool.A Variant CnC
Activity (malware.rules)
  2846517 - ETPRO TROJAN Win32/Remcos RAT Checkin 646 (trojan.rules)
  2846518 - ETPRO TROJAN Win32/Remcos RAT Checkin 647 (trojan.rules)
  2846519 - ETPRO TROJAN Win32/Remcos RAT Checkin 648 (trojan.rules)
  2846520 - ETPRO TROJAN Win32/Remcos RAT Checkin 649 (trojan.rules)
  2846521 - ETPRO TROJAN Observed Malicious SSL Cert (CobaltStrike
CnC) (trojan.rules)

[///]     Modified active rules:     [///]

  2027931 - ET MOBILE_MALWARE Apple iPhone Implant - Boundary Observed
(mobile_malware.rules)
  2027932 - ET MOBILE_MALWARE Apple iPhone Implant - Upload Files
(mobile_malware.rules)
  2027933 - ET MOBILE_MALWARE Apple iPhone Implant - Command Executed
(mobile_malware.rules)

Date:
Summary title:
3 new OPEN, 20 new PRO (3 + 17). Remcos, CobaltStrike, Various Phish, Others.