Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/10/16

[***]            Summary:            [***]

0 new OPEN, 16 new PRO (0 + 16). Trojan.AndroidOS.Jocker.fl, Remcos, IcedID, Various Phishing.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Pro:

  2844981 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Jocker.fl Checkin
(mobile_malware.rules)
  2844982 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2020-10-16 (current_events.rules)
  2844983 - ETPRO CURRENT_EVENTS Successful Assurance Maladie Phish
2020-10-16 (current_events.rules)
  2844984 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish
2020-10-16 (current_events.rules)
  2844985 - ETPRO CURRENT_EVENTS Successful UnitedHealthcare Phish
2020-10-16 (current_events.rules)
  2844986 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-16 1) (trojan.rules)
  2844987 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-16 2) (trojan.rules)
  2844988 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-16 3) (trojan.rules)
  2844989 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-16 4) (trojan.rules)
  2844990 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
Hosted on cf.appcloud.domain (current_events.rules)
  2844991 - ETPRO TROJAN Bazaloader Variant CnC Activity (trojan.rules)
  2844992 - ETPRO TROJAN Bazaloader Variant CnC Activity (trojan.rules)
  2844993 - ETPRO TROJAN Bazaloader Variant CnC Activity (trojan.rules)
  2844994 - ETPRO TROJAN Win32/Remcos RAT Checkin 564 (trojan.rules)
  2844995 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
  2844996 - ETPRO TROJAN Observed AZORULT Domain in TLS SNI (trojan.rules)

[///]     Modified active rules:     [///]

  2002874 - ET USER_AGENTS Metafisher/Goldun User-Agent (z) (user_agents.rules)
  2003622 - ET USER_AGENTS Suspicious User-Agent outbound (bot)
(user_agents.rules)
  2003645 - ET TROJAN Generic.Malware.SFL User-Agent (Rescue/9.11)
(trojan.rules)
  2003927 - ET USER_AGENTS Suspicious User-Agent (HTTPTEST) - Seen
used by downloaders (user_agents.rules)
  2003933 - ET TROJAN Banker.Delf User-Agent (Ms) (trojan.rules)
  2004440 - ET TROJAN Banload User-Agent Detected (ExampleDL) (trojan.rules)
  2006364 - ET USER_AGENTS Dialer-967 User-Agent (user_agents.rules)
  2006365 - ET USER_AGENTS Suspicious User-Agent (MYURL) (user_agents.rules)
  2006387 - ET USER_AGENTS Downloader User-Agent Detected (Windows
Updates Manager|3.12|...) (user_agents.rules)
  2006394 - ET USER_AGENTS Downloader User-Agent Detected (ld)
(user_agents.rules)

Date:
Summary title:
0 new OPEN, 16 new PRO (0 + 16). Trojan.AndroidOS.Jocker.fl, Remcos, IcedID, Various Phishing.