Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/09/24

[***]            Summary:            [***]

2 new OPEN, 24 new PRO (2 + 22). Exorcist 2.0, PS/SunCrypt, Android/XinaBat, VARIOUS PHISH, Cobalt Strike, Glupteba, IcedID, Remcos.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030906 - ET TROJAN Exorcist 2.0 Ransomware CnC Activity (trojan.rules)
  2030907 - ET TROJAN PS/SunCrypt Ransomware CnC Activity (trojan.rules)

Pro:

  2844615 - ETPRO MOBILE_MALWARE Android/Agent.DBR CnC Beacon
(mobile_malware.rules)
  2844616 - ETPRO MOBILE_MALWARE Android/XinaBat Checkin
(mobile_malware.rules)
  2844617 - ETPRO MOBILE_MALWARE Trojan.Android.GinMaster.cudpcj Checkin
(mobile_malware.rules)
  2844618 - ETPRO TROJAN Cobalt Strike Malleable C2 (Unknown/Custom
Profile) (trojan.rules)
  2844619 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-24 1) (trojan.rules)
  2844620 - ETPRO CURRENT_EVENTS Successful Gov UK Refund Phish 2020-09-24
(current_events.rules)
  2844621 - ETPRO CURRENT_EVENTS Successful Banco BCI Phish 2020-09-24
(current_events.rules)
  2844622 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2020-09-24 (current_events.rules)
  2844623 - ETPRO CURRENT_EVENTS Successful EDevlet Phish 2020-09-24
(current_events.rules)
  2844624 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2020-09-24
(current_events.rules)
  2844625 - ETPRO TROJAN Observed Glupteba CnC Domain in TLS SNI
(trojan.rules)
  2844626 - ETPRO TROJAN Observed Glupteba CnC Domain in TLS SNI
(trojan.rules)
  2844627 - ETPRO TROJAN Observed Glupteba CnC Domain in TLS SNI
(trojan.rules)
  2844628 - ETPRO TROJAN Observed Glupteba CnC Domain in TLS SNI
(trojan.rules)
  2844629 - ETPRO TROJAN Observed Glupteba CnC Domain in TLS SNI
(trojan.rules)
  2844630 - ETPRO TROJAN Observed Glupteba CnC Domain in TLS SNI
(trojan.rules)
  2844631 - ETPRO TROJAN Win32/Remcos RAT Checkin 544 (trojan.rules)
  2844632 - ETPRO TROJAN Observed IcedID Domain in TLS SNI (trojan.rules)
  2844633 - ETPRO TROJAN Observed IcedID Domain in TLS SNI (trojan.rules)
  2844634 - ETPRO TROJAN Observed IcedID Domain in TLS SNI (trojan.rules)
  2844635 - ETPRO TROJAN Observed IcedID Domain in TLS SNI (trojan.rules)
  2844636 - ETPRO TROJAN Observed IcedID Domain in TLS SNI (trojan.rules)

[///]     Modified active rules:     [///]

  2008567 - ET TROJAN Win32.Crypt.nc Checkin (trojan.rules)
  2009299 - ET TROJAN General Trojan Downloader (trojan.rules)
  2010288 - ET TROJAN W32/Scar Downloader Request (trojan.rules)
  2010756 - ET TROJAN Sasfis Botnet Client Reporting Back to Controller
After Command Execution (trojan.rules)
  2013694 - ET MOBILE_MALWARE Android/Netisend.A Posting Information to CnC
(mobile_malware.rules)
  2018326 - ET WEB_SPECIFIC_APPS JCE Joomla Extension
(web_specific_apps.rules)
  2018412 - ET TROJAN Trojan-Spy.Win32.Zbot.qgxi Checkin (trojan.rules)
  2018420 - ET TROJAN hacker87 checkin (trojan.rules)
  2018425 - ET TROJAN Vawtrak/NeverQuest - Post Data Form 01 (trojan.rules)
  2018435 - ET TROJAN W32/Hicrazyk.A Downloader Install CnC Beacon
(trojan.rules)
  2018448 - ET TROJAN Sefnit Checkin (trojan.rules)
  2018474 - ET TROJAN W32/HelloBridge.Backdoor Register CnC Beacon
(trojan.rules)
  2018475 - ET TROJAN W32/HelloBridge.Backdoor Login CnC Beacon
(trojan.rules)
  2018507 - ET TROJAN Trojan-Dropper.Win32.Agent.ksja (trojan.rules)
  2018520 - ET MOBILE_MALWARE AndroidOS/Lotoor.Q (mobile_malware.rules)
  2018530 - ET TROJAN Win32.Trojan.Agent.U3D7V0 Checkin (trojan.rules)
  2018532 - ET P2P zzima_loader (p2p.rules)
  2018552 - ET TROJAN Backdoor.Win32/Etumbot.B Requesting RC4 Key
(trojan.rules)
  2018556 - ET CURRENT_EVENTS SUSPICIOUS EXE Download from Google Common
Data Storage with no Referer (current_events.rules)
  2018582 - ET TROJAN Miuref/Boaxxe Checkin (trojan.rules)
  2018584 - ET MOBILE_MALWARE Andr/com.sdwiurse (mobile_malware.rules)
  2018585 - ET EXPLOIT Supermicro BMC Password Disclosure 1 (exploit.rules)
  2018586 - ET EXPLOIT Supermicro BMC Password Disclosure 2 (exploit.rules)
  2018601 - ET WEB_SERVER c99 Shell Backdoor Var Override URI
(web_server.rules)
  2018603 - ET WEB_SERVER c99 Shell Backdoor Var Override Client Body
(web_server.rules)
  2018605 - ET WEB_SPECIFIC_APPS TimThumb Remote Command Execution
(web_specific_apps.rules)
  2805819 - ETPRO TROJAN W32/Daws.AKWI!tr Checkin (trojan.rules)
  2805858 - ETPRO MOBILE_MALWARE Android/Adware.Wooboo.A Checkin
(mobile_malware.rules)
  2806049 - ETPRO TROJAN Trojan-Downloader.Win32.Small.fg Checkin
(trojan.rules)
  2806086 - ETPRO TROJAN QLowZones-6 Checkin (trojan.rules)
  2806120 - ETPRO TROJAN Variant.Strictor Trojan Selfupdate (exe.zip)
(trojan.rules)
  2806294 - ETPRO TROJAN Win32.Banload Trojan Checkin (trojan.rules)
  2806313 - ETPRO TROJAN Win32/Injector.AEDM Checkin (trojan.rules)
  2806474 - ETPRO TROJAN TR/Dldr.Delphi.Gen Checkin (trojan.rules)
  2806849 - ETPRO TROJAN Win32.Agent Trojan Checkin (trojan.rules)
  2807071 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.PS Checkin
(mobile_malware.rules)
  2807188 - ETPRO TROJAN Trojan.BHO Checkin (trojan.rules)
  2807343 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Cova.b Checkin 2
(mobile_malware.rules)
  2807358 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.bk Checkin
(mobile_malware.rules)
  2807425 - ETPRO TROJAN Win32.LockScreen Ransomware checkin (trojan.rules)
  2807476 - ETPRO TROJAN Win32/TrojanDownloader.Onkods.V Download
(trojan.rules)
  2807599 - ETPRO TROJAN Trojan.Downloader.gen.h Checkin (trojan.rules)
  2807629 - ETPRO TROJAN IRCBot.nih Trojan Checkin (trojan.rules)
  2807740 - ETPRO MOBILE_MALWARE Android.Trojan.SecretSpy.A Checkin
(mobile_malware.rules)
  2807784 - ETPRO TROJAN Win32/Kryptik.BVCB/Neutrino Bot (trojan.rules)
  2807937 - ETPRO TROJAN Trojan-Downloader.Win32.Genome.fxjh Checkin
(trojan.rules)
  2807940 - ETPRO TROJAN Backdoor.Win32.Agent.bg Checkin (trojan.rules)
  2807942 - ETPRO TROJAN Win32/Tearspear.A Checkin (trojan.rules)
  2807944 - ETPRO TROJAN Win32.StartPage.aqin Checkin (trojan.rules)
  2807945 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Moavt.c Checkin
(mobile_malware.rules)
  2807946 - ETPRO TROJAN Backdoor.Win32.Rukap Checkin 2 (trojan.rules)
  2807949 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.ft Checkin 2
(mobile_malware.rules)
  2807956 - ETPRO TROJAN Win32/AntiAV.NIN Download (trojan.rules)
  2807959 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.az Checkin
(mobile_malware.rules)
  2807960 - ETPRO TROJAN AutoIt/Clodow.gen!A (trojan.rules)
  2807962 - ETPRO TROJAN Trojan-PSW.Win32.Tepfer.tlha Checkin (trojan.rules)
  2807963 - ETPRO TROJAN Win32.Induc.O Checkin (trojan.rules)
  2807964 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.ig Checkin
(mobile_malware.rules)
  2807965 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.ABQ Checkin
(mobile_malware.rules)
  2807974 - ETPRO TROJAN Unknown Trojan Checkin (trojan.rules)
  2807976 - ETPRO TROJAN Trojan.Win32.Swisyn.dcit Checkin (trojan.rules)
  2807986 - ETPRO TROJAN Win32.Inject.mrep Checkin (trojan.rules)
  2807991 - ETPRO TROJAN Worm.Win32.VBNA.b Checkin 2 (trojan.rules)
  2807994 - ETPRO TROJAN Trojan-Downloader.Win32.Zlob.aep Checkin
(trojan.rules)
  2807997 - ETPRO TROJAN Worm.Win32.VBNA.b Checkin 5 (trojan.rules)
  2808006 - ETPRO MOBILE_MALWARE Android/MobileSpy.C!mfb Checkin
(mobile_malware.rules)
  2808009 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.SmBox.a Checkin
(mobile_malware.rules)
  2808011 - ETPRO EXPLOIT Apache Struts ClassLoader Remote Code Execution
(exploit.rules)
  2808012 - ETPRO TROJAN Win32/Tofsee.AX google.com connectivity check
(trojan.rules)
  2808013 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.o Checkin 3
(mobile_malware.rules)
  2808015 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.o Checkin 5
(mobile_malware.rules)
  2808016 - ETPRO TROJAN Win32/FakeInit.A Checkin (trojan.rules)
  2808019 - ETPRO TROJAN Win32.Ransomlock Checkin (trojan.rules)
  2808022 - ETPRO WEB_SERVER PHP Open Flash Charts File  Upload Attempt
(web_server.rules)
  2808023 - ETPRO WEB_SERVER PHP Possible Open Flash Direct Access to File
Upload Directory (web_server.rules)
  2808026 - ETPRO TROJAN Trojan.Win32.Reconyc variant Checkin (trojan.rules)
  2808027 - ETPRO TROJAN Win32/Zbot.C Checkin (trojan.rules)
  2808033 - ETPRO TROJAN Win32.Banker.KMJ Checkin (trojan.rules)
  2808036 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.QO Checkin
(mobile_malware.rules)
  2808037 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.cw Checkin 2
(mobile_malware.rules)
  2808039 - ETPRO WEB_SERVER Microsoft SharePoint ThemeOverride reflected
XSS attempt (2014-1754) (web_server.rules)
  2808042 - ETPRO TROJAN MSIL/PSW.Agent.NUM Checkin (trojan.rules)
  2808046 - ETPRO MOBILE_MALWARE Android/AdDisplay.BatteryDoctor.A Checkin
2 (mobile_malware.rules)
  2808047 - ETPRO TROJAN Trojan.Win32.Agent.afaxi Checkin (trojan.rules)
  2808049 - ETPRO TROJAN Trojan.Win32.Reconyc.bicp Checkin (trojan.rules)
  2808059 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.de Checkin 3
(mobile_malware.rules)
  2808063 - ETPRO TROJAN Win32/Spy.Banker.AAVM Checkin (trojan.rules)
  2808066 - ETPRO MOBILE_MALWARE Android/SMSreg.GQ Checkin
(mobile_malware.rules)
  2808067 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Koler.a Checkin
(mobile_malware.rules)
  2808068 - ETPRO TROJAN Win32/Nadeomi.A Checkin (trojan.rules)
  2808073 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Opfake.bo Checkin 4
(mobile_malware.rules)
  2808075 - ETPRO MOBILE_MALWARE Android.Adware.KyView.A Checkin
(mobile_malware.rules)
  2808087 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Cynos.b Checkin
(mobile_malware.rules)
  2808088 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Cynos.b Checkin 2
(mobile_malware.rules)
  2808093 - ETPRO TROJAN Trojan-Downloader.Win32.Genome.gxkt Checkin
(trojan.rules)
  2808098 - ETPRO TROJAN Trojan-Downloader.Win32.Small.ago Checkin
(trojan.rules)
  2808099 - ETPRO TROJAN qq.com C2 - SET (trojan.rules)
  2808104 - ETPRO TROJAN Win32/HiddenStart.B Checkin (trojan.rules)
  2808117 - ETPRO TROJAN Win32.Reconyc.bqcf Checkin (trojan.rules)
  2808118 - ETPRO TROJAN Win32.LockScreen Checkin (trojan.rules)
  2808120 - ETPRO TROJAN Trojan-PSW.Win32.Tepfer.tlha Checkin (trojan.rules)
  2808121 - ETPRO TROJAN Trojan.DownLoader9.62529 Checkin (trojan.rules)
  2808123 - ETPRO MOBILE_MALWARE Android/SmsSend.AL Checkin
(mobile_malware.rules)
  2808124 - ETPRO MOBILE_MALWARE Android.Adware.Wapsx.J Checkin
(mobile_malware.rules)
  2808125 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.gy Checkin
(mobile_malware.rules)
  2808127 - ETPRO MOBILE_MALWARE Android/AndroBack.A Checkin
(mobile_malware.rules)
  2808128 - ETPRO MOBILE_MALWARE Android/AndroBack.A Checkin 2
(mobile_malware.rules)
  2808130 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.gl Checkin 2
(mobile_malware.rules)
  2808131 - ETPRO MOBILE_MALWARE Android.Trojan.FakeBank.K Checkin
(mobile_malware.rules)
  2808133 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.fv Checkin
(mobile_malware.rules)
  2808135 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.kh Checkin
(mobile_malware.rules)
  2808139 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Tramp.a Checkin
(mobile_malware.rules)
  2808140 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Tramp.a Checkin 2
(mobile_malware.rules)
  2808157 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.ep Checkin
(mobile_malware.rules)
  2808158 - ETPRO MOBILE_MALWARE RemoteAdmin.AndroidOS.Unfawa.a Checkin
(mobile_malware.rules)
  2808160 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Opfake.a Checkin 8
(mobile_malware.rules)
  2808162 - ETPRO TROJAN Trojan-Downloader.JS.Small.ps Checkin
(trojan.rules)
  2808163 - ETPRO TROJAN Trojan-Downloader.JS.Small.ps Checkin 2
(trojan.rules)
  2808164 - ETPRO TROJAN Win32/Meredrop Checkin (trojan.rules)
  2808165 - ETPRO TROJAN Win32/Injector.BCEU Checkin (trojan.rules)
  2808166 - ETPRO TROJAN TrojWare.Win32.Amtar.KNB Checkin 3 (trojan.rules)
  2808167 - ETPRO TROJAN Variant.Zusy.95263 Checkin (trojan.rules)
  2808171 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Fidall.a Checkin
(mobile_malware.rules)
  2808172 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Acnetdoor.a Checkin
(mobile_malware.rules)
  2808180 - ETPRO MOBILE_MALWARE Android/Spy.Zitmo.B Checkin 4
(mobile_malware.rules)
  2808181 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.CF Checkin
(mobile_malware.rules)
  2808182 - ETPRO MOBILE_MALWARE Andr/SMSSend-J Checkin
(mobile_malware.rules)
  2808191 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.FakeFlash.c Checkin
(mobile_malware.rules)
  2808192 - ETPRO TROJAN Win32/Boda Checkin (trojan.rules)
  2808195 - ETPRO TROJAN Strictor (trojan.rules)
  2808196 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.EQ Checkin
(mobile_malware.rules)
  2808198 - ETPRO MOBILE_MALWARE Android/SMSreg.GB Checkin
(mobile_malware.rules)
  2808203 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Boqx.a Checkin
(mobile_malware.rules)
  2808204 - ETPRO MOBILE_MALWARE AndroidOS.FakeInst.NX Checkin
(mobile_malware.rules)
  2808205 - ETPRO MOBILE_MALWARE AndroidOS.FakeInst.NX Checkin 2
(mobile_malware.rules)
  2808206 - ETPRO MOBILE_MALWARE AndroidOS/MobileSpy.O Checkin
(mobile_malware.rules)
  2808210 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.WV Checkin
(mobile_malware.rules)
  2808214 - ETPRO MOBILE_MALWARE Android.Riskware.Agent.XAB Checkin
(mobile_malware.rules)
  2808215 - ETPRO MOBILE_MALWARE Andr/SMSReg (mobile_malware.rules)
  2808217 - ETPRO MOBILE_MALWARE Teap.A Checkin (mobile_malware.rules)
  2808218 - ETPRO TROJAN Win32/Necurs Checkin 1 (trojan.rules)
  2808221 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.AO Checkin
(mobile_malware.rules)
  2808222 - ETPRO MOBILE_MALWARE Android Spyoo-J Checkin
(mobile_malware.rules)
  2808224 - ETPRO MOBILE_MALWARE Android Spyoo-J Checkin 3
(mobile_malware.rules)
  2808225 - ETPRO MOBILE_MALWARE Android/Tekwon.A Checkin
(mobile_malware.rules)
  2808227 - ETPRO TROJAN Trojan-Dropper.Win32.Daws.cgrk Checkin
(trojan.rules)
  2808228 - ETPRO TROJAN Backdoor.Win32.Mokes Checkin (trojan.rules)
  2808229 - ETPRO TROJAN Win32/Miracovecz Download Request (trojan.rules)
  2808235 - ETPRO TROJAN Trojan-Downloader.VBS.Agent.aim Retrieving .exe
(trojan.rules)
  2808238 - ETPRO MOBILE_MALWARE Trojan-FakeAV.AndroidOS.Mazig.a Checkin
(mobile_malware.rules)
  2808239 - ETPRO MOBILE_MALWARE Trojan-FakeAV.AndroidOS.Mazig.a Checkin 2
(mobile_malware.rules)
  2808240 - ETPRO MOBILE_MALWARE Trojan-FakeAV.AndroidOS.Mazig.a Checkin 3
(mobile_malware.rules)
  2808241 - ETPRO MOBILE_MALWARE Android/Adware.Kuguo.A Checkin 2
(mobile_malware.rules)
  2808242 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.BY Checkin
(mobile_malware.rules)
  2808243 - ETPRO TROJAN Win32.Agent.agpdx Executable location retrieval
(trojan.rules)
  2808246 - ETPRO MOBILE_MALWARE SMSReg.CW Checkin (mobile_malware.rules)
  2808250 - ETPRO TROJAN Win32.Dorgam.qze Checkin 3 (trojan.rules)
  2808253 - ETPRO TROJAN Win32.Dorgam.qze Checkin 1 (trojan.rules)
  2808254 - ETPRO TROJAN Win32.Dorgam.qze Checkin 2 (trojan.rules)
  2808256 - ETPRO TROJAN Win32/Blacked Checkin (trojan.rules)
  2808258 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.a Checkin 2
(mobile_malware.rules)
  2808266 - ETPRO TROJAN Win32/ProxyChanger.EO Checkin (trojan.rules)
  2808267 - ETPRO TROJAN Win32.Pandemiya Checkin (trojan.rules)
  2808269 - ETPRO TROJAN Trojan-Banker.Win32.ChePro Checkin (trojan.rules)
  2843993 - ETPRO TROJAN Taurus Stealer CnC Activity (trojan.rules)
  2843994 - ETPRO TROJAN Taurus Stealer CnC Exfil M2 (trojan.rules)
  2844606 - ETPRO INFO Suspicious User-Agent IE and Windows Versions With
No Separating Space (info.rules)

[---]  Disabled and modified rules:  [---]

  2808032 - ETPRO TROJAN Win32/Zbot.BX Checkin (trojan.rules)

Date:
Summary title:
2 new OPEN, 24 new PRO (2 + 22). Exorcist 2.0, PS/SunCrypt, Android/XinaBat, VARIOUS PHISH, Cobalt Strike, Glupteba, IcedID, Remcos.