Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/06/18

[***]            Summary:            [***]

8 Open, 18 Pro (8 + 10). Cobalt Strike, DiplomatLoader, ZEROCRAT, Kimsuky, Various Phishing.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030349 - ET TROJAN Observed Malicious SSL Cert (Cobalt Strike Malleable
C2 Domain) (trojan.rules)
  2030350 - ET TROJAN Observed Malicious SSL Cert (MalDoc DL 2020-06-18)
(trojan.rules)
  2030351 - ET TROJAN SSL/TLS Certificate Observed (DiplomatLoader)
(trojan.rules)
  2030352 - ET TROJAN Possible DNS Tunneling Observed (trojan.rules)
  2030353 - ET MALWARE Win32/Adware.VrBrothers.AI Variant CnC Activity
(malware.rules)
  2030354 - ET MALWARE MediaDrug CnC Activity (malware.rules)
  2030355 - ET MALWARE SUPERAntiSpyware Install Checkin (malware.rules)
  2030356 - ET TROJAN Operation Interception Beacon (trojan.rules)

Pro:

  2843097 - ETPRO TROJAN Observed DNS Query to DADSTACHE/Leviathan CnC
Domain (trojan.rules)
  2843098 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-06-18
(current_events.rules)
  2843099 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-18 1) (trojan.rules)
  2843100 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-18 2) (trojan.rules)
  2843101 - ETPRO TROJAN Kimsuky Related Host Data Exfil M3 (trojan.rules)
  2843102 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2020-06-18
(current_events.rules)
  2843103 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-06-18
(current_events.rules)
  2843104 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-06-18
(current_events.rules)
  2843105 - ETPRO TROJAN Win32/Remcos RAT Checkin 465 (trojan.rules)
  2843106 - ETPRO TROJAN ZEROCRAT Client Info Post M2 (trojan.rules)

[///]     Modified active rules:     [///]

  2022467 - ET TROJAN Bedep Connectivity Check M2 (trojan.rules)
  2022470 - ET TROJAN CenterPOS Delete Plugins (trojan.rules)
  2022471 - ET TROJAN CenterPOS Load Plugins (trojan.rules)
  2807783 - ETPRO TROJAN Win32/TrojanProxy.Agent.NJK CnC Checkin Response
(trojan.rules)
  2812408 - ETPRO TROJAN Win32/Venik HTTP CnC Beacon Response 1
(trojan.rules)
  2815943 - ETPRO TROJAN Win32/Toga!rfn Checkin (trojan.rules)
  2815995 - ETPRO TROJAN Unknown/PyInstaller CnC Checkin M2 (trojan.rules)
  2815997 - ETPRO TROJAN Unknown.PWS CnC Checkin (trojan.rules)
  2816009 - ETPRO TROJAN Password Stealer MSIL/Spy.Agent.AIF Checkin
(trojan.rules)
  2816011 - ETPRO TROJAN Win32/Banatrix Variant Checkin (trojan.rules)
  2816013 - ETPRO CURRENT_EVENTS Navy Federal Credit Union Phishing Landing
2016-01-30 (current_events.rules)
  2816016 - ETPRO TROJAN Yuckyll CnC Beacon 1 M2 (trojan.rules)
  2836270 - ETPRO TROJAN QuasarRAT C2 Init (trojan.rules)
  2841429 - ETPRO TROJAN MSIL/Spy.Small.EU Variant Host Checkin
(trojan.rules)
  2842984 - ETPRO TROJAN Unk.Loader Retrieving Payload 2020-06-11
(trojan.rules)
  2843029 - ETPRO TROJAN KarenLogger CnC Host Checkin (trojan.rules)

Date:
Summary title:
8 Open, 18 Pro (8 + 10). Cobalt Strike, DiplomatLoader, ZEROCRAT, Kimsuky, Various Phishing.