Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/06/22

[***]            Summary:            [***]

13 new OPEN, 38 new PRO (13 + 25). CollectorStealer, VikroStealer, Various ELF/Mirai, Bodegun CnC, Various Remcos, VARIOUS PHISHING.

Thanks: @3xp0rtblog

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030368 - ET TROJAN CollectorStealer CnC Exfil (trojan.rules)
  2030369 - ET TROJAN VikroStealer CnC Exfil (trojan.rules)
  2030370 - ET TROJAN VikroStealer Retrieving Config (trojan.rules)
  2030371 - ET TROJAN Observed VikroStealer CnC Domain in TLS SNI
(trojan.rules)
  2030372 - ET CURRENT_EVENTS Chalbhai Phishing Landing 2020-06-22
(current_events.rules)
  2030373 - ET SCAN ELF/Mirai Variant User-Agent (Inbound) (scan.rules)
  2030374 - ET TROJAN ELF/Mirai Variant User-Agent (Outbound) (trojan.rules)
  2030375 - ET SCAN ELF/Mirai Variant User-Agent (Inbound) (scan.rules)
  2030376 - ET TROJAN ELF/Mirai Variant User-Agent (Outbound) (trojan.rules)
  2030377 - ET TROJAN Operation Interception Payload CnC Checkin
(trojan.rules)
  2030378 - ET TROJAN DonotGroup Staging Domain in DNS Query (trojan.rules)
  2030379 - ET MOBILE_MALWARE NSO Group Domain in DNS Lookup (urlpush .net)
(mobile_malware.rules)
  2030380 - ET MOBILE_MALWARE NSO Group Domain in DNS Lookup
(free247downloads .com) (mobile_malware.rules)

Pro:

  2843121 - ETPRO TROJAN Observed Babulya/CollectorStealer User-Agent
(trojan.rules)
  2843122 - ETPRO CURRENT_EVENTS Successful Mimecast Phish 2020-06-22
(current_events.rules)
  2843123 - ETPRO CURRENT_EVENTS Successful Facebook/Whatsapp Phish
2020-06-22 (current_events.rules)
  2843124 - ETPRO CURRENT_EVENTS Successful MyEE Phish 2020-06-22
(current_events.rules)
  2843125 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-06-22
(current_events.rules)
  2843126 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-06-22
(current_events.rules)
  2843127 - ETPRO CURRENT_EVENTS Successful Elevations Credit Union Phish
2020-06-22 (current_events.rules)
  2843128 - ETPRO CURRENT_EVENTS Successful youSee Phish 2020-06-22
(current_events.rules)
  2843129 - ETPRO CURRENT_EVENTS Successful Ebay DE Phish 2020-06-22
(current_events.rules)
  2843130 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-06-22
(current_events.rules)
  2843131 - ETPRO CURRENT_EVENTS Successful Orange Phish 2020-06-22
(current_events.rules)
  2843132 - ETPRO CURRENT_EVENTS Successful Orange Phish 2020-06-22
(current_events.rules)
  2843133 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-06-22
(current_events.rules)
  2843134 - ETPRO CURRENT_EVENTS Successful Midwest Bank Phish 2020-06-22
(current_events.rules)
  2843135 - ETPRO CURRENT_EVENTS Successful Pawtucket Credit Union Phish
2020-06-22 (current_events.rules)
  2843136 - ETPRO TROJAN Bodegun CnC Host Initial Checkin (trojan.rules)
  2843137 - ETPRO TROJAN Bodegun CnC Host Initial Checkin Response
(trojan.rules)
  2843138 - ETPRO TROJAN Bodegun CnC Host Checkin (trojan.rules)
  2843139 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-20 1) (trojan.rules)
  2843140 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-20 2) (trojan.rules)
  2843141 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2020-06-22
(current_events.rules)
  2843142 - ETPRO CURRENT_EVENTS Successful DHL Phish 2020-06-22
(current_events.rules)
  2843143 - ETPRO TROJAN Win32/Remcos RAT Checkin 466 (trojan.rules)
  2843144 - ETPRO TROJAN Win32/Remcos RAT Checkin 467 (trojan.rules)
  2843145 - ETPRO TROJAN Win32/Remcos RAT Checkin 468 (trojan.rules)

[///]     Modified active rules:     [///]

  2842589 - ETPRO TROJAN Observed Win32/Babulya User-Agent (trojan.rules)

Date:
Summary title:
13 new OPEN, 38 new PRO (13 + 25). CollectorStealer, VikroStealer, Various ELF/Mirai, Bodegun CnC, Various Remcos, VARIOUS PHISHING.