Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/02/14

[***]            Summary:            [***]

24 new Open, 36 new Pro (21 + 15).  AZORult, Parallax, Kimsuky, Various SSL/TLS, Various Phish, Others.

Thanks 0xCARNAGE.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029450 - ET TROJAN Kimsuky Related CnC (trojan.rules)
2029451 - ET TROJAN Possible Kimsuky Related Exfil (trojan.rules)
2029452 - ET TROJAN Possible Kimsuky Related Download (trojan.rules)
2029453 - ET TROJAN Kimsuky Related CnC (trojan.rules)
2029454 - ET TROJAN Parallax RAT CnC Domain Observed in DNS Query (trojan.rules)
2029455 - ET TROJAN Parallax CnC Activity M7 (set) (trojan.rules)
2029456 - ET TROJAN Parallax CnC Response Activity M7 (trojan.rules)
2029457 - ET TROJAN Win32/AZORult V3.2 Client Checkin M10 (trojan.rules)
2029458 - ET TROJAN Win32/AZORult V3.2 Client Checkin M11 (trojan.rules)
2029459 - ET TROJAN Win32/AZORult V3.2 Client Checkin M12 (trojan.rules)
2029460 - ET TROJAN Win32/AZORult V3.3 Client Checkin M10 (trojan.rules)
2029461 - ET TROJAN Win32/AZORult V3.3 Client Checkin M11 (trojan.rules)
2029462 - ET TROJAN Win32/AZORult V3.3 Client Checkin M12 (trojan.rules)
2029463 - ET TROJAN Win32/AZORult V3.2 Client Checkin M13 (trojan.rules)
2029464 - ET TROJAN Win32/AZORult V3.2 Client Checkin M14 (trojan.rules)
2029465 - ET TROJAN Win32/AZORult V3.2 Client Checkin M15 (trojan.rules)
2029466 - ET TROJAN Win32/AZORult V3.3 Client Checkin M13 (trojan.rules)
2029467 - ET TROJAN Win32/AZORult V3.3 Client Checkin M14 (trojan.rules)
2029468 - ET TROJAN Win32/AZORult V3.3 Client Checkin M15 (trojan.rules)
2029469 - ET TROJAN Observed Malicious SSL Cert (AgentTesla CnC) (trojan.rules)
2029470 - ET MALWARE Win32/YTDDownloader.F Activity (malware.rules)

Pro:

2839487 - ETPRO INFO Observed Office Doc Download From .msi Request (info.rules)
2841046 - ETPRO TROJAN Observed Malicious User-Agent (trojan.rules)
2841047 - ETPRO TROJAN Observed Malicious SSL Cert (Get2) (trojan.rules)
2841048 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-02-14 1) (trojan.rules)
2841049 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-02-14 2) (trojan.rules)
2841050 - ETPRO TROJAN MSIL/Pterodo.K Variant Host Checkin (trojan.rules)
2841051 - ETPRO CURRENT_EVENTS Successful Vodafone Phish 2020-02-14 (current_events.rules)
2841052 - ETPRO CURRENT_EVENTS Successful Santander Phish 2020-02-14 (current_events.rules)
2841053 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2020-02-14 (current_events.rules)
2841054 - ETPRO TROJAN Win32/IcedID CnC Activity (trojan.rules)
2841055 - ETPRO TROJAN Cryptbot AHK Downloader (trojan.rules)
2841056 - ETPRO TROJAN Win32/Remcos RAT Checkin 343 (trojan.rules)
2841057 - ETPRO TROJAN Win32/Remcos RAT Checkin 344 (trojan.rules)
2841058 - ETPRO TROJAN Win32/Remcos RAT Checkin 345 (trojan.rules)
2841059 - ETPRO TROJAN Win32/Remcos RAT Checkin 346 (trojan.rules)

[///]     Modified active rules:     [///]

2023764 - ET TROJAN X2000M.Agent Checkin Jan 24 2017 (trojan.rules)
2028616 - ET CURRENT_EVENTS Facebook Phishing Domain in DNS Lookup (current_events.rules)
2029200 - ET TROJAN Observed Malicious SSL Cert (jssLoader CnC) (trojan.rules)
2029245 - ET TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules)
2029380 - ET TROJAN Win32/Emotet CnC Activity (POST) M8 (trojan.rules)
2029394 - ET TROJAN Malicious SSL Certificate detected (Patchwork CnC) (trojan.rules)
2029400 - ET TROJAN Observed Malicious SSL Cert (TinyNuke Variant CnC) 2020-02-09 (trojan.rules)
2816614 - ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon (trojan.rules)
2820288 - ETPRO TROJAN Bolek/Kbot CnC Checkin (trojan.rules)
2820973 - ETPRO EXPLOIT Possible Wget Arbitrary File Write Exploit Attempt (CVE-2016-4971) (exploit.rules)
2821167 - ETPRO TROJAN W32/Unknown Dropper Downloading Cobalt Strike Beacon (trojan.rules)
2821343 - ETPRO TROJAN Win32.Swizzor Checkin (trojan.rules)
2821344 - ETPRO TROJAN Cerber Ransomware Macro EXE Download (trojan.rules)
2821827 - ETPRO WEB_SPECIFIC_APPS Navis WebAccess SQLi Attempt (web_specific_apps.rules)
2821839 - ETPRO TROJAN Panda Banker CnC (trojan.rules)
2822055 - ETPRO TROJAN Likely APT29 Retrieving Payload Embedded In PNG 2 (trojan.rules)
2822080 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phishing Sept 12 2016 (current_events.rules)
2822181 - ETPRO TROJAN Bolek HTTP Checkin (trojan.rules)
2822235 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phishing M1 Sept 26 2016 (current_events.rules)
2822236 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phishing M2 Sept 26 2016 (current_events.rules)
2822240 - ETPRO CURRENT_EVENTS MalDoc Retrieving Payload Sep 26 2016 (current_events.rules)
2822241 - ETPRO TROJAN Sharik/Smoke Loader Connectivity Check M3 (trojan.rules)
2822242 - ETPRO TROJAN MSIL.ShopBot.avf Downloader Checkin (trojan.rules)
2822246 - ETPRO TROJAN MSIL.ShopBot.avf Downloader Execute Command Request (trojan.rules)
2822250 - ETPRO MALWARE Win32/ZonaInstaller PUP Install Beacon (malware.rules)
2822482 - ETPRO CURRENT_EVENTS SunDown/Xer Payload (URL Primer) (current_events.rules)
2822483 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Oct 07 2016 (current_events.rules)
2823197 - ETPRO TROJAN Possible APT29 Compressed Payload Download Request (trojan.rules)
2823671 - ETPRO TROJAN LatentBot HTTP POST Checkin 2 (trojan.rules)
2823965 - ETPRO CURRENT_EVENTS Successful Paypal (DE) Phish Dec 19 2016 (current_events.rules)
2824209 - ETPRO TROJAN MSIL/Downloader.Agent.CUL Checkin (trojan.rules)
2824764 - ETPRO CURRENT_EVENTS RedKit EK Landing Feb 02 2017 M1 (current_events.rules)
2824765 - ETPRO CURRENT_EVENTS RedKit EK Landing Feb 02 2017 M2 (current_events.rules)
2824777 - ETPRO CURRENT_EVENTS EITest SocEng Chrome Fonts DL Feb 06 M1 (current_events.rules)
2824807 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Feb 07 2017 (current_events.rules)
2824916 - ETPRO MOBILE_MALWARE PUA Android/Odpa.A Checkin (mobile_malware.rules)
2824975 - ETPRO TROJAN JS/Nemucod Retrieving Payload (trojan.rules)
2825236 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Mar 03 2017 (current_events.rules)
2825585 - ETPRO TROJAN Misdat/Poldat Variant CnC Beacon (trojan.rules)
2825659 - ETPRO TROJAN Crypteando KeyLogger CnC Checkin (trojan.rules)
2826028 - ETPRO TROJAN Malicious SSL Certificate Observed (Win32/Kryptik.FRIW Banker Injects) (trojan.rules)
2827624 - ETPRO TROJAN Possible APT.9002 Fileless Variant CnC Beacon 1 (trojan.rules)
2828540 - ETPRO CURRENT_EVENTS MalDoc Retrieving Payload Nov 6 2017 (current_events.rules)
2828955 - ETPRO TROJAN W32/Nymaim Checkin 8 (trojan.rules)
2829235 - ETPRO CURRENT_EVENTS Successful Secure Cloud Files Phish 2018-01-10 M2 (current_events.rules)
2829339 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Skygofree.a Checkin 2 (mobile_malware.rules)
2829396 - ETPRO MOBILE_MALWARE Android/Agent.AKX / Trojan-Spy.AndroidOS.Agent.oe Checkin 3 (mobile_malware.rules)
2829434 - ETPRO MOBILE_MALWARE Android.Trojan.SmsSpy.O CnC Beacon (mobile_malware.rules)
2829563 - ETPRO CURRENT_EVENTS Successful Ebay Phish 2018-02-06 (DE) (current_events.rules)
2829757 - ETPRO MOBILE_MALWARE Android/Agent.ATW Checkin (mobile_malware.rules)
2830046 - ETPRO MOBILE_MALWARE Android/LockScreen.Jisut.AP Checkin (mobile_malware.rules)
2830049 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Shedun.V Checkin 4 (mobile_malware.rules)
2830111 - ETPRO MOBILE_MALWARE Android/Spy.Agent.ALE / ArmedRocket Checkin (mobile_malware.rules)
2830123 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Mwiam.e Checkin (mobile_malware.rules)
2830125 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.bh Checkin 3 (mobile_malware.rules)
2830309 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 16 (mobile_malware.rules)
2830813 - ETPRO CURRENT_EVENTS Evil Redirector Leading to TechSupport Scam (current_events.rules)
2830914 - ETPRO CURRENT_EVENTS Malicious Redirect Leading to SocEng May 18 2018 (current_events.rules)
2830924 - ETPRO WEB_CLIENT Tech Support Phone Scam - Redirection to Landing Inbound (web_client.rules)
2841023 - ETPRO TROJAN Request for Malicious Packed EXE (trojan.rules)

[---]  Disabled and modified rules:  [---]

2805813 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.GingerMaster.a Checkin 4 (mobile_malware.rules)
2822002 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Keitaro Sep 6 2016 T1 (current_events.rules)
2822142 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Keitaro Sep 16 2016 (current_events.rules)
2822451 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Keitaro Oct 02 2016 (current_events.rules)
2822452 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Keitaro Oct 06 2016 (current_events.rules)
2823059 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Keitaro TDS Nov 01 2016 (current_events.rules)
2823173 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Keitaro TDS Nov 01 2016 (current_events.rules)
2823247 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Keitaro TDS Nov 14 2016 (current_events.rules)
2824806 - ETPRO TROJAN Unknown Backdoor SSL Cert (legitimate compromised site) (trojan.rules)
2825526 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Keitaro TDS Mar 17 2017 (current_events.rules)
2826393 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Keitaro TDS May 15 2017 (current_events.rules)
2827154 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Keitaro TDS July 16 2017 (current_events.rules)

[---]         Disabled rules:        [---]

2821333 - ETPRO TROJAN W32/Pislik Checkin (trojan.rules)
2823603 - ETPRO TROJAN MSIL.Unknown Checkin (trojan.rules)

[---]         Removed rules:         [---]

2824463 - ETPRO TROJAN Observed Malicious Domain SSL Cert in SNI (Unknown) (trojan.rules)

Date:
Summary title:
24 new Open, 36 new Pro (21 + 15). AZORult, Parallax, Kimsuky, Various SSL/TLS, Various Phish, Others.