Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/10/01

[***]            Summary:            [***]

7 new OPEN, 16 new PRO (7 + 9). AsyncRAT, TA428 Malware, Shift Gopher, and VARIOUS Phishing.
  
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030916 - ET TROJAN APT39/Chafer Payload - CnC Checkin M2 (trojan.rules)
  2030935 - ET TROJAN Observed Malicious SSL Cert (AsyncRAT CnC)
(trojan.rules)
  2030936 - ET CURRENT_EVENTS Possible Phishing Landing Hosted on
CodeSandbox.io M5 (current_events.rules)
  2030937 - ET CURRENT_EVENTS Possible Phishing Landing Hosted on
CodeSandbox.io M6 (current_events.rules)
  2030938 - ET TROJAN TA428 Tmanger Checkin (trojan.rules)
  2030939 - ET TROJAN TA428 Infostealer CnC Host Checkin (trojan.rules)
  2030940 - ET MOBILE_MALWARE TransparentTribe AhMyth RAT Variant Activity
(POST) (mobile_malware.rules)

Pro:

  2844720 - ETPRO TROJAN Win32./Unk.AnonJVM Stealer CnC Activity
(trojan.rules)
  2844721 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-10-01 (current_events.rules)
  2844722 - ETPRO TROJAN Shifty Gopher CnC Host Checkin (trojan.rules)
  2844723 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-01 1) (trojan.rules)
  2844724 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2020-10-01
(current_events.rules)
  2844725 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-10-01 (current_events.rules)
  2844726 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-10-01
(current_events.rules)
  2844727 - ETPRO CURRENT_EVENTS Generic Chase Phishing Panel Accessed on
Externally Compromised Server (current_events.rules)
  2844728 - ETPRO CURRENT_EVENTS Generic Chase Phishing Panel Accessed on
Internally Compromised Server (current_events.rules)

[///]     Modified active rules:     [///]

  2021118 - ET TROJAN SPEAR CnC Beacon (trojan.rules)
  2021119 - ET TROJAN SPEAR CnC Beacon 2 (trojan.rules)
  2021132 - ET TROJAN JavaScriptBackdoor HTTP GET CnC Beacon (trojan.rules)
  2021139 - ET TROJAN H1N1 Loader CnC Beacon M1 (trojan.rules)
  2021142 - ET TROJAN Win32/Bancos URL Structure (trojan.rules)
  2021143 - ET TROJAN MSIL/Autorun.AD Checkin (trojan.rules)
  2804642 - ETPRO POLICY Remote Manipulator Init Connect (policy.rules)
  2809554 - ETPRO MOBILE_MALWARE Android.Trojan.Kysn.A Checkin
(mobile_malware.rules)
  2809589 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.SO Checkin
(mobile_malware.rules)
  2810758 - ETPRO TROJAN ReactorBot HTTP POST CnC Beacon 1 (trojan.rules)
  2810759 - ETPRO TROJAN ReactorBot HTTP POST CnC Beacon 2 (trojan.rules)
  2810974 - ETPRO CURRENT_EVENTS Fiesta EK IE Flash Exploit T1
(current_events.rules)
  2810978 - ETPRO TROJAN Win32.Trojan.Black.Asdr Checkin (trojan.rules)
  2810979 - ETPRO TROJAN Win32.Trojan.Black.Asdr Dropping EXE (trojan.rules)
  2811001 - ETPRO TROJAN Win32.Dizkatun Checkin (trojan.rules)
  2811029 - ETPRO TROJAN Pacman Ransomware C2 locked.php (trojan.rules)
  2811032 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.IH Checkin
(mobile_malware.rules)
  2811036 - ETPRO WEB_SPECIFIC_APPS CRUCMS Crucial Networking SQLi Attempt
(projects-cat.php) (web_specific_apps.rules)
  2811038 - ETPRO MOBILE_MALWARE Android.Adware.Dowgin.EI Checkin
(mobile_malware.rules)
  2811042 - ETPRO TROJAN Alphacrypt CnC Beacon (trojan.rules)
  2811057 - ETPRO TROJAN Python.A CnC Beacon (trojan.rules)
  2811060 - ETPRO WEB_SPECIFIC_APPS WP Plugin FeedWordPress v2015.0426 SQLi
Attempt (web_specific_apps.rules)
  2811066 - ETPRO WEB_SPECIFIC_APPS WP Symposium Plugin 1.4 SQLi Attempt
(web_specific_apps.rules)
  2811070 - ETPRO MOBILE_MALWARE Android.Trojan.MemPoDroid.A Checkin
(mobile_malware.rules)
  2811080 - ETPRO TROJAN Win32/Banmailo.A Checkin (trojan.rules)
  2811095 - ETPRO MOBILE_MALWARE PUP Android/Dianjin.B Checkin
(mobile_malware.rules)
  2811096 - ETPRO MOBILE_MALWARE Android PUP SMSAgent-AVA Checkin
(mobile_malware.rules)
  2811116 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.IB Checkin 2
(mobile_malware.rules)
  2811117 - ETPRO MOBILE_MALWARE Android/AdDisplay.Kuguo.N Checkin
(mobile_malware.rules)
  2811123 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.du Checkin 2
(mobile_malware.rules)
  2811141 - ETPRO TROJAN WORM.WIN32/GOLDRV.A Checkin (trojan.rules)
  2811142 - ETPRO TROJAN P2P-WORM.WIN32.DELF.AO Checkin (trojan.rules)
  2811156 - ETPRO MOBILE_MALWARE Trojan.Android.Clicker.J Checkin
(mobile_malware.rules)
  2811158 - ETPRO TROJAN WIN32/MEWSEI.A Checkin (trojan.rules)
  2811159 - ETPRO MOBILE_MALWARE Android/Agent.GG Checkin
(mobile_malware.rules)
  2811188 - ETPRO TROJAN Possible Bedep Timezone/Connectivity Check
(trojan.rules)
  2811191 - ETPRO WEB_SPECIFIC_APPS WP Contus Video Gallery Plugin 2.8
Unprotected Mail Page Abuse (web_specific_apps.rules)
  2811197 - ETPRO WEB_SPECIFIC_APPS WP WordPress Free Counter Plugin Stored
XSS Exploit (web_specific_apps.rules)
  2822039 - ETPRO CURRENT_EVENTS Successful Generic Phish 2016-09-08
(current_events.rules)
  2830404 - ETPRO CURRENT_EVENTS Successful Generic Phish 2018-04-16
(current_events.rules)

[---]  Disabled and modified rules:  [---]

  2021091 - ET TROJAN VaultCrypt Checkin (trojan.rules)
  2021095 - ET TROJAN Putty SSH Credential Stealer (trojan.rules)
  2021122 - ET TROJAN Worm.VBS.Jenxcus.H URL Structure (trojan.rules)
  2021166 - ET TROJAN PunkeyPOS HTTP CnC Beacon 7 (trojan.rules)
  2021167 - ET TROJAN PunkeyPOS HTTP CnC Beacon 8 (trojan.rules)
  2021174 - ET MOBILE_MALWARE Android.Trojan.SLocker.DZ Checkin
(mobile_malware.rules)
  2808788 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.fb Checkin
(mobile_malware.rules)
  2808799 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.LJ Checkin
(mobile_malware.rules)
  2810922 - ETPRO TROJAN PolloLocker PS1 Script Download Request
(trojan.rules)
  2811028 - ETPRO TROJAN Pacman Ransomware C2 crypted.php (trojan.rules)
  2811078 - ETPRO MOBILE_MALWARE Android/Haynu.A Checkin
(mobile_malware.rules)
  2811103 - ETPRO TROJAN Win32.BitMin Variant CnC Beacon (trojan.rules)
  2811118 - ETPRO TROJAN Win32.S.Agent.72704 Checkin (trojan.rules)
  2811119 - ETPRO TROJAN Win32.S.Agent.72704 Checkin 2 (trojan.rules)
  2811169 - ETPRO TROJAN BACKDOOR.MSIL.AGENT.QEW Checkin (trojan.rules)
  2811172 - ETPRO TROJAN Ransomware WIN32/MALEX.GEN!E Checkin (trojan.rules)
  2811189 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.en Checkin
(mobile_malware.rules)
  2811214 - ETPRO TROJAN Win32.Reconyc Variant Checkin (trojan.rules)

[---]         Removed rules:         [---]

  2030916 - ET MALWARE APT39/Chafer Payload - CnC Checkin M2 (malware.rules)

Date:
Summary title:
7 new OPEN, 16 new PRO (7 + 9). AsyncRAT, TA428 Malware, Shift Gopher, and VARIOUS Phishing.