Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/11/24

[***]            Summary:            [***]

2 new OPEN, 29 new PRO (2 + 27).  Jupyter Stealer, AsyncRAT, Various Phish, Others.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2017900 - ET EXPLOIT Metasploit 2013-3346 (exploit.rules)
  2031233 - ET TROJAN Win32/Unk.ASNBot CnC Activity (trojan.rules)

Pro:

  2845629 - ETPRO TROJAN Observed Possible Malicious SSL Cert
(AsyncRAT) (trojan.rules)
  2845630 - ETPRO TROJAN Win32/Unk.FakeFlash Install Activity (trojan.rules)
  2845631 - ETPRO CURRENT_EVENTS Successful Santander Phish 2020-11-24
(current_events.rules)
  2845632 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-24 1) (trojan.rules)
  2845633 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-24 2) (trojan.rules)
  2845634 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-24 3) (trojan.rules)
  2845635 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-24 4) (trojan.rules)
  2845636 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-24 5) (trojan.rules)
  2845637 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-24 6) (trojan.rules)
  2845638 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-24 7) (trojan.rules)
  2845639 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-11-24
(current_events.rules)
  2845640 - ETPRO CURRENT_EVENTS Successful Galicia Phish 2020-11-24
(current_events.rules)
  2845641 - ETPRO CURRENT_EVENTS Successful Galicia Phish 2020-11-24
(current_events.rules)
  2845642 - ETPRO CURRENT_EVENTS Successful SunTrust Phish 2020-11-24
(current_events.rules)
  2845643 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2020-11-24
(current_events.rules)
  2845644 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2020-11-24 (current_events.rules)
  2845645 - ETPRO CURRENT_EVENTS Successful BNP Paribas Phish
2020-11-24 (current_events.rules)
  2845646 - ETPRO CURRENT_EVENTS Successful Orange FR Phish 2020-11-24
(current_events.rules)
  2845647 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-11-24 (current_events.rules)
  2845648 - ETPRO CURRENT_EVENTS Successful ABSA Phish 2020-11-24
(current_events.rules)
  2845649 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-11-24 (current_events.rules)
  2845650 - ETPRO TROJAN Win32/VB.OPL Variant Checkin via IRC (trojan.rules)
  2845651 - ETPRO TROJAN Win32/Rbot.NAD Variant Checkin via IRC (trojan.rules)
  2845652 - ETPRO TROJAN Win32/Detroie.A Checkin via IRC (trojan.rules)
  2845653 - ETPRO INFO Clickmeter Tracking Pixel (info.rules)
  2845654 - ETPRO CURRENT_EVENTS Successful Instagram Credential Phish
2020-11-24 (current_events.rules)
  2845655 - ETPRO TROJAN Jupyter Stealer Activity (POST) (trojan.rules)

[///]     Modified active rules:     [///]

  2016297 - ET CURRENT_EVENTS Malicious iframe (current_events.rules)
  2016810 - ET CURRENT_EVENTS Tor2Web .onion Proxy Service SSL Cert
(2) (current_events.rules)
  2019345 - ET CURRENT_EVENTS Possible CryptoLocker TorComponent DL
(current_events.rules)
  2019395 - ET CURRENT_EVENTS Possible SandWorm INF Download
(current_events.rules)
  2019397 - ET CURRENT_EVENTS Possible SandWorm INF Download (UNICODE)
(current_events.rules)
  2019398 - ET CURRENT_EVENTS Possible SandWorm INF Download (SMB)
(current_events.rules)
  2019399 - ET CURRENT_EVENTS Possible SandWorm INF Download (SMB
UNICODE) (current_events.rules)
  2019714 - ET CURRENT_EVENTS Terse alphanumeric executable downloader
high likelihood of being hostile (current_events.rules)
  2020622 - ET CURRENT_EVENTS rechnung zip file download (current_events.rules)
  2020911 - ET CURRENT_EVENTS Likely Trojan Multi-part Macro Download
M1 (current_events.rules)
  2021092 - ET CURRENT_EVENTS Download file with BITS via LNK file
(Likely Malicious) (current_events.rules)
  2021312 - ET CURRENT_EVENTS Likely Malicious wininet UA Downloading
EXE (current_events.rules)
  2021951 - ET CURRENT_EVENTS Possible Magento Directory Traversal
Attempt (current_events.rules)
  2022050 - ET CURRENT_EVENTS Likely Evil EXE download from dotted
Quad by MSXMLHTTP M1 (current_events.rules)
  2022051 - ET CURRENT_EVENTS Likely Evil EXE download from dotted
Quad by MSXMLHTTP M2 (current_events.rules)
  2022053 - ET CURRENT_EVENTS Likely Evil EXE download from MSXMLHTTP
non-exe extension M2 (current_events.rules)
  2022653 - ET CURRENT_EVENTS Likely Evil EXE download from
WinHttpRequest non-exe extension (current_events.rules)
  2022841 - ET CURRENT_EVENTS Possible ReactorBot .bin Download
(current_events.rules)
  2022939 - ET CURRENT_EVENTS Possible Pony DLL Download (current_events.rules)
  2023754 - ET CURRENT_EVENTS Malicious JS.Nemucod to PS Dropping PE
Nov 14 M2 (current_events.rules)
  2807460 - ETPRO TROJAN DDoS.Win32/Nitol.gen!A Checkin (trojan.rules)
  2838496 - ETPRO TROJAN Win32/Qbot CnC Activity (trojan.rules)
  2845544 - ETPRO TROJAN Observed Possible Malicious SSL Cert
(AsyncRAT) (trojan.rules)

[///]    Modified inactive rules:    [///]

  2012504 - ET CURRENT_EVENTS Excel with Embedded .emf object
downloaded (current_events.rules)
  2012646 - ET CURRENT_EVENTS Malicious JAR olig (current_events.rules)
  2014038 - ET CURRENT_EVENTS MALVERTISING OpenX BrowserDetect.init
Download (current_events.rules)
  2014039 - ET CURRENT_EVENTS MALVERTISING Alureon Malicious IFRAME
(current_events.rules)
  2014805 - ET CURRENT_EVENTS Unknown java_ara Bin Download
(current_events.rules)
  2014927 - ET CURRENT_EVENTS Unknown Java Malicious Jar /eeltff.jar
(current_events.rules)
  2015024 - ET CURRENT_EVENTS Incognito - Malicious PDF Requested -
/getfile.php (current_events.rules)
  2015517 - ET CURRENT_EVENTS .HTM being served from WP
1-flash-gallery Upload DIR (likely malicious) (current_events.rules)
  2016298 - ET CURRENT_EVENTS Malicious iframe (current_events.rules)
  2017032 - ET CURRENT_EVENTS MALVERTISING Flash - URI - /loading?vkn=
(current_events.rules)
  2017546 - ET CURRENT_EVENTS Possible FortDisco POP3 Site list
download (current_events.rules)
  2017628 - ET CURRENT_EVENTS Possible Sakura Jar Download Oct 22 2013
(current_events.rules)
  2017660 - ET CURRENT_EVENTS Malicious Cookie Set By Flash
Malvertising (current_events.rules)
  2017664 - ET CURRENT_EVENTS Fredcot campaign payload download
(current_events.rules)
  2017711 - ET CURRENT_EVENTS Possible Fake Codec Download
(current_events.rules)
  2018029 - ET CURRENT_EVENTS ehow/livestrong Malicious Flash 10/11
(current_events.rules)
  2018086 - ET CURRENT_EVENTS Possible malicious zipped-executable
(current_events.rules)
  2018103 - ET CURRENT_EVENTS TecSystems (Possible Mask) Signed PE EXE
Download (current_events.rules)
  2018352 - ET CURRENT_EVENTS Possible FakeAV binary download (setup)
(current_events.rules)
  2018439 - ET CURRENT_EVENTS Common Bad Actor Indicators Used in
Various Targeted 0-day Attacks (current_events.rules)
  2018539 - ET CURRENT_EVENTS TorExplorer Certificate - Potentially
Linked To W32/Cryptowall.Ransomware (current_events.rules)
  2018963 - ET CURRENT_EVENTS ZeroLocker EXE Download (current_events.rules)
  2019595 - ET CURRENT_EVENTS FlashPack Payload Download Oct 29
(current_events.rules)
  2020838 - ET CURRENT_EVENTS Malicious Doc Downloading EXE
(current_events.rules)
  2021429 - ET CURRENT_EVENTS Possible IE MSMXL Detection of Local DLL
(Likely Malicious) (current_events.rules)
  2021430 - ET CURRENT_EVENTS Possible IE MSMXL Detection of Local SYS
(Likely Malicious) (current_events.rules)

[---]         Removed rules:         [---]

  2017900 - ET CURRENT_EVENTS Metasploit 2013-3346 (current_events.rules)

Date:
Summary title:
2 new OPEN, 29 new PRO (2 + 27). Jupyter Stealer, AsyncRAT, Various Phish, Others.