Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/10/22

[***]            Summary:            [***]

13 new OPEN, 41 new PRO (13 + 28).  Bazaloader, Remcos, T-RAT, Various Others.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2031072 - ET TROJAN Mustang Panda/RedDelta Activity (trojan.rules)
  2031074 - ET TROJAN Win32/Kryptik.HGXH Variant Activity (trojan.rules)
  2031075 - ET WEB_SERVER Generic File Upload Accessed on Internal
Compromised Server (web_server.rules)
  2031076 - ET WEB_CLIENT Generic File Upload Accessed on External
Compromised Server (web_client.rules)
  2031077 - ET WEB_SERVER Generic Mailer Accessed on Internal
Compromised Server (web_server.rules)
  2031078 - ET WEB_CLIENT Generic Mailer Accessed on External
Compromised Server (web_client.rules)
  2031079 - ET WEB_SERVER Generic Mailer Accessed on Internal
Compromised Server (web_server.rules)
  2031080 - ET WEB_CLIENT Generic Mailer Accessed on External
Compromised Server (web_client.rules)
  2031081 - ET TROJAN Possible T-RAT Encrypted Zip Request (trojan.rules)
  2031082 - ET MALWARE FLV/Youtube Downloader Install Activity (malware.rules)
  2031083 - ET POLICY File Downloaded from Discord (policy.rules)
  2031084 - ET TROJAN Bazaloader Variant Activity (trojan.rules)
  2031085 - ET TROJAN Bazaloader Variant Activity (trojan.rules)

Pro:

  2845081 - ETPRO MOBILE_MALWARE Android/Denglu Config Download
(mobile_malware.rules)
  2845082 - ETPRO MOBILE_MALWARE Android/Hiddad.AJA DNS Lookup
(mobile_malware.rules)
  2845083 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.OJNF-2 Reporting
Location (mobile_malware.rules)
  2845084 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Ahmyth.d Checkin
(mobile_malware.rules)
  2845085 - ETPRO MOBILE_MALWARE Android.DownLoader.861 Checkin
(mobile_malware.rules)
  2845086 - ETPRO TROJAN MalDoc Requesting Payload 2020-10-21 (trojan.rules)
  2845087 - ETPRO TROJAN Observed Malicious Filename in
Content-Disposition Inbound (mimikatz) (trojan.rules)
  2845088 - ETPRO TROJAN Observed Malicious Filename in
Content-Disposition Inbound (keylogger) (trojan.rules)
  2845089 - ETPRO TROJAN Observed GET Request for mimikatz.exe (trojan.rules)
  2845090 - ETPRO TROJAN Cobalt Strike Malleable C2 (Microsoft CDN
Profile) (trojan.rules)
  2845091 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-22 1) (trojan.rules)
  2845092 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-22 2) (trojan.rules)
  2845093 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-10-22
(current_events.rules)
  2845094 - ETPRO TROJAN Win32/Spy.Autoit.DD Variant CnC GeoIP Lookup
(trojan.rules)
  2845095 - ETPRO TROJAN Win32/Spy.Autoit.DD Variant CnC Host Checkin
(trojan.rules)
  2845096 - ETPRO TROJAN Win32/Spy.Autoit.DD Variant CnC Activity (trojan.rules)
  2845097 - ETPRO CURRENT_EVENTS Successful Microsoft Office Encrypted
Document Phish 2020-10-22 (current_events.rules)
  2845098 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2020-10-22
(current_events.rules)
  2845099 - ETPRO CURRENT_EVENTS Successful Tangerine Phish 2020-10-22
(current_events.rules)
  2845100 - ETPRO TROJAN T-RAT Checkin via Telegram (trojan.rules)
  2845101 - ETPRO TROJAN Win32/TrojanDownloader.Agent.FGQ Variant CnC
Activity  (trojan.rules)
  2845102 - ETPRO TROJAN Win32/Remcos RAT Checkin 575 (trojan.rules)
  2845103 - ETPRO TROJAN Win32/Remcos RAT Checkin 576 (trojan.rules)
  2845104 - ETPRO TROJAN Win32/Remcos RAT Checkin 577 (trojan.rules)
  2845105 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
  2845106 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
  2845107 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
  2845108 - ETPRO CURRENT_EVENTS Sucessful Generic Credential Phish
2020-10-22 (current_events.rules)

[///]     Modified active rules:     [///]

  2026039 - ET MOBILE_MALWARE [PTsecurity] Spyware.BondPath
(PathCall/Dingwe) Check-in (mobile_malware.rules)
  2030878 - ET TROJAN MassLogger Client Exfil (POST) M3 (trojan.rules)
  2839557 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
  2839558 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
  2839559 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
  2845024 - ETPRO INFO Unusually Long ydns DynDNS Domain (info.rules)
  2845047 - ETPRO TROJAN Win32/Delf.BLT Variant CnC Activity (trojan.rules)

[---]         Disabled rules:        [---]

  2805914 - ETPRO TROJAN TrojanDownloader.Win32/Pluzoks.A CnC response
(trojan.rules)

[---]         Removed rules:         [---]

  2031072 - ET MALWARE Mustang Panda/RedDelta Activity (malware.rules)
  2031074 - ET MALWARE Win32/Kryptik.HGXH Variant Activity (malware.rules)

Date:
Summary title:
13 new OPEN, 41 new PRO (13 + 28). Bazaloader, Remcos, T-RAT, Various Others.