Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/07/28

[***]            Summary:            [***]

6 new OPEN, 28 new PRO (6 + 22). JS/Ostap, Zynn, ELF/Mirai Variant, Omega CnC, MassLogger, VARIOUS PHISHING.

Thanks: @malwrhunterteam.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030601 - ET TROJAN JS/Ostap CnC Activity (trojan.rules)
  2030602 - ET TROJAN Observed Malicious SSL Cert (JS/Ostap CnC)
(trojan.rules)
  2030603 - ET CURRENT_EVENTS Possible Phishing Landing Hosted on
CodeSandbox.io M1 (current_events.rules)
  2030604 - ET CURRENT_EVENTS Possible Phishing Landing Hosted on
CodeSandbox.io M2 (current_events.rules)
  2030605 - ET CURRENT_EVENTS Possible Phishing Landing Hosted on
CodeSandbox.io M3 (current_events.rules)
  2030606 - ET CURRENT_EVENTS Possible Phishing Landing Hosted on
CodeSandbox.io M4 (current_events.rules)

Pro:

  2843705 - ETPRO POLICY Zynn DNS Lookup (policy.rules)
  2843706 - ETPRO POLICY Zynn DNS Lookup 2 (policy.rules)
  2843707 - ETPRO POLICY Totok DNS Lookup (policy.rules)
  2843708 - ETPRO POLICY Tiktok DNS Lookup (policy.rules)
  2843709 - ETPRO POLICY Byteoversea TikTok related DNS Lookup
(policy.rules)
  2843710 - ETPRO POLICY Tiktok DNS Lookup 2 (policy.rules)
  2843711 - ETPRO CURRENT_EVENTS MalDoc Requesting Payload 2020-07-27
(current_events.rules)
  2843712 - ETPRO TROJAN Observed Elysium/Taurus Stealer CnC Domain in TLS
SNI (trojan.rules)
  2843713 - ETPRO TROJAN ELF/Mirai Variant CnC Checkin (trojan.rules)
  2843714 - ETPRO CURRENT_EVENTS Successful Westpac Phish 2020-07-28
(current_events.rules)
  2843715 - ETPRO CURRENT_EVENTS Successful Westpac Phish 2020-07-28
(current_events.rules)
  2843716 - ETPRO CURRENT_EVENTS Successful Westpac Phish 2020-07-28
(current_events.rules)
  2843717 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
(current_events.rules)
  2843718 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-28 1) (trojan.rules)
  2843719 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-28 2) (trojan.rules)
  2843720 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-28 3) (trojan.rules)
  2843721 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-28 4) (trojan.rules)
  2843722 - ETPRO TROJAN Omega CnC Activity (trojan.rules)
  2843723 - ETPRO TROJAN MassLogger Client Exfil FTP (trojan.rules)
  2843724 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2843725 - ETPRO CURRENT_EVENTS Successful Netflix Credential Phish
2020-07-28 (current_events.rules)
  2843726 - ETPRO CURRENT_EVENTS Successful Hetzner Credential Phish
2020-07-28 (current_events.rules)

[///]     Modified active rules:     [///]

  2030599 - ET TROJAN IP Grabber CnC Activity (trojan.rules)
  2525000 - ET 3CORESec Poor Reputation IP group 1 (3coresec.rules)
  2525001 - ET 3CORESec Poor Reputation IP group 2 (3coresec.rules)
  2525002 - ET 3CORESec Poor Reputation IP group 3 (3coresec.rules)
  2525003 - ET 3CORESec Poor Reputation IP group 4 (3coresec.rules)
  2525004 - ET 3CORESec Poor Reputation IP group 5 (3coresec.rules)
  2525005 - ET 3CORESec Poor Reputation IP group 6 (3coresec.rules)
  2525006 - ET 3CORESec Poor Reputation IP group 7 (3coresec.rules)
  2525007 - ET 3CORESec Poor Reputation IP group 8 (3coresec.rules)
  2525008 - ET 3CORESec Poor Reputation IP group 9 (3coresec.rules)
  2525009 - ET 3CORESec Poor Reputation IP group 10 (3coresec.rules)
  2525010 - ET 3CORESec Poor Reputation IP group 11 (3coresec.rules)
  2525011 - ET 3CORESec Poor Reputation IP group 12 (3coresec.rules)
  2525012 - ET 3CORESec Poor Reputation IP group 13 (3coresec.rules)
  2525013 - ET 3CORESec Poor Reputation IP group 14 (3coresec.rules)
  2525014 - ET 3CORESec Poor Reputation IP group 15 (3coresec.rules)
  2525015 - ET 3CORESec Poor Reputation IP group 16 (3coresec.rules)
  2525016 - ET 3CORESec Poor Reputation IP group 17 (3coresec.rules)
  2822245 - ETPRO TROJAN MSIL.ShopBot.avf Downloader URI Geo Response
(trojan.rules)
  2822247 - ETPRO TROJAN MSIL.ShopBot.avf Downloader Execute Command
Response (trojan.rules)
  2822254 - ETPRO CURRENT_EVENTS Successful Apple Phish Sept 27 2016
(current_events.rules)
  2822259 - ETPRO TROJAN Dreambot/Gozi DGA Seed Request (trojan.rules)
  2836763 - ETPRO CURRENT_EVENTS Successful Generic Login Verification
Phish 2019-06-10 (current_events.rules)
  2837474 - ETPRO POLICY Suspicious Localhost SSL/TLS Certificate Observed
(policy.rules)

Date:
Summary title:
6 new OPEN, 28 new PRO (6 + 22). JS/Ostap, Zynn, ELF/Mirai Variant, Omega CnC, MassLogger, VARIOUS PHISHING.