Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/01/15

[***]            Summary:            [***]

1 new OPEN, 20 new PRO (1 + 19).  ELF/Gafygt, AsyncRAT, Remcos, Various Phish, Others.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2031526 - ET EXPLOIT Possible NTFS Index Attribute Corruption
Vulnerability (exploit.rules)

Pro:

  2846522 - ETPRO POLICY External IP Address Lookup via hostip .info
(policy.rules)
  2846523 - ETPRO MALWARE Win32/RegCleaner Pro Style External IP
Address Lookup (malware.rules)
  2846524 - ETPRO MALWARE Win32/RegCleaner Pro Checkin via FTP (malware.rules)
  2846525 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
  2846526 - ETPRO TROJAN ELF/Gafygt Variant CnC Checkin (trojan.rules)
  2846527 - ETPRO TROJAN ELF/Gafygt Variant CnC Checkin (trojan.rules)
  2846528 - ETPRO TROJAN Win32/Marijuana Ransomware CnC Checkin (trojan.rules)
  2846529 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-15 1) (trojan.rules)
  2846530 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-15 2) (trojan.rules)
  2846531 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-15 3) (trojan.rules)
  2846532 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-15 4) (trojan.rules)
  2846533 - ETPRO WEB_CLIENT SocEng/Gholish JS Web Inject Inbound
(web_client.rules)
  2846534 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2021-01-15
(current_events.rules)
  2846535 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2021-01-15
(current_events.rules)
  2846536 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2021-01-15
(current_events.rules)
  2846537 - ETPRO CURRENT_EVENTS Successful SMBC JP Phish 2021-01-15
(current_events.rules)
  2846538 - ETPRO CURRENT_EVENTS Successful Square Phish 2021-01-15
(current_events.rules)
  2846539 - ETPRO TROJAN Win32.Raccoon Stealer CnC Domain in TLS SNI
(trojan.rules)
  2846540 - ETPRO TROJAN Win32/Remcos RAT Checkin 650 (trojan.rules)

[///]     Modified active rules:     [///]

  2017259 - ET TROJAN Generic - POST To .php w/Extended ASCII
Characters (trojan.rules)
  2031525 - ET MOBILE_MALWARE ITW Android Post-Exploit Downloader CnC
Activity (mobile_malware.rules)

Date:
Summary title:
1 new OPEN, 20 new PRO (1 + 19). ELF/Gafygt, AsyncRAT, Remcos, Various Phish, Others.