Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/02/28

[***]            Summary:            [***]

 4 new Open, 21 new Pro (4 + 17). Win32/Qbot/Quakbot Downloader, Metamorfo,
Win32/Remcos RAT, and VARIOUS PHISHING

 Thanks: Ryan Moon

 Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback


[+++]          Added rules:          [+++]

 Open:

  2029549 - ET INFO Bit.do Shortened Link Request (set) (info.rules)
  2029550 - ET INFO Bit.do Shortened Link Request to EXE (info.rules)
  2029551 - ET TROJAN Win32/Qbot/Quakbot Downloader - Requesting Secondary
Download (trojan.rules)
  2029552 - ET TROJAN Baraka Ransomware CnC activity email SMTP
(trojan.rules)

 Pro:
  2841257 - ETPRO TROJAN MalDoc Retrieving Malicious Payload (trojan.rules)
  2841263 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-02-28 1) (trojan.rules)
  2841264 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-02-28
(current_events.rules)
  2841265 - ETPRO CURRENT_EVENTS Successful Square Phish 2020-02-28
(current_events.rules)
  2841266 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-02-28
(current_events.rules)
  2841267 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-02-28
(current_events.rules)
  2841268 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2020-02-28
(current_events.rules)
  2841269 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2020-02-28
(current_events.rules)
  2841270 - ETPRO CURRENT_EVENTS Successful AlaskaUSA Phish 2020-02-28
(current_events.rules)
  2841271 - ETPRO CURRENT_EVENTS Successful Bank of Ireland Phish
2020-02-28 (current_events.rules)
  2841272 - ETPRO TROJAN Metamorfo CnC Activity (trojan.rules)
  2841273 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-02-28 (current_events.rules)
  2841274 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-02-28 (current_events.rules)
  2841275 - ETPRO TROJAN Win32/TrojanDownloader.Agent.KW Variant
(trojan.rules)
  2841276 - ETPRO TROJAN Win32/Remcos RAT Checkin 354 (trojan.rules)
  2841277 - ETPRO TROJAN Win32/Remcos RAT Checkin 355 (trojan.rules)
  2841278 - ETPRO TROJAN Kimsuky Related Download Activity (trojan.rules)


[///]     Modified active rules:     [///]

  2021632 - ET TROJAN Sharik/Smoke CnC Beacon 3 (trojan.rules)
  2021949 - ET SCAN abdullkarem Wordpress PHP Scanner (scan.rules)
  2022197 - ET TROJAN Ponmocup HTTP Request (generic) M1 (trojan.rules)
  2022198 - ET TROJAN Ponmocup HTTP Request (generic) M2 (trojan.rules)
  2022199 - ET TROJAN Ponmocup HTTP Request (generic) M3 (trojan.rules)
  2022200 - ET TROJAN Ponmocup HTTP Request (generic) M4 (trojan.rules)
  2022201 - ET TROJAN Ponmocup HTTP Request (generic) M5 (trojan.rules)
  2022202 - ET TROJAN Ponmocup HTTP Request (generic) M6 (trojan.rules)
  2022203 - ET TROJAN Ponmocup HTTP Request (generic) M7 (trojan.rules)
  2022204 - ET TROJAN Ponmocup HTTP Request (generic) M8 (trojan.rules)
  2022205 - ET TROJAN Ponmocup HTTP Request (generic) M9 (trojan.rules)
  2022260 - ET WEB_SERVER Possible Darkleech C2 (web_server.rules)
  2022679 - ET POLICY Possible Psiphon Proxy Tool traffic (policy.rules)
  2023334 - ET TROJAN Enigma Locker Checkin (trojan.rules)
  2023468 - ET EXPLOIT Unknown Router Remote DNS Change Attempt
(exploit.rules)
  2023479 - ET TROJAN Moose CnC Request M2 (trojan.rules)
  2023553 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.a Checkin
(mobile_malware.rules)
  2023875 - ET TROJAN JS/Nemucod requesting EXE payload 2016-02-06
(trojan.rules)
  2024020 - ET CURRENT_EVENTS RIG EK URI Struct Feb 26 2017
(current_events.rules)
  2024036 - ET TROJAN WS/JS Downloader Mar 07 2017 M2 (trojan.rules)
  2024288 - ET TROJAN Jaff Ransomware Checkin (trojan.rules)
  2825769 - ETPRO CURRENT_EVENTS RIG EK Landing Apr 04 2017
(current_events.rules)
  2825792 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.IC SMS Exfil
(mobile_malware.rules)
  2825793 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.IC Info Exfil
(mobile_malware.rules)
  2825794 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.IC CnC Beacon 3
(mobile_malware.rules)
  2841023 - ETPRO TROJAN Request for Malicious Packed EXE (trojan.rules)


[---]  Disabled and modified rules:  [---]

  2812963 - ETPRO TROJAN DarkStRat Beacon (trojan.rules)
  2823601 - ETPRO CURRENT_EVENTS Phishing Landing via imcreator.com /
imxprs.com Dec 02 2016 (current_events.rules)

Date:
Summary title:
4 new Open, 21 new Pro (4 + 17). Win32/Qbot/Quakbot Downloader, Metamorfo, Win32/Remcos RAT, and VARIOUS PHISHING