Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/12/07

[***]            Summary:            [***]

3 new OPEN, 48 new PRO (3 + 45). Android Spy DraconianPin, Win32/Backport Backdoor, VBS/xProRat CnC, and VARIOUS PHISH.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2031261 - ET TROJAN Observed Jupyter Stealer CnC Domain (gogohid .com in
TLS SNI) (trojan.rules)
  2031262 - ET TROJAN Observed Jupyter Stealer CnC Domain (blackl1vesmatter
.org in TLS SNI) (trojan.rules)
  2031263 - ET TROJAN Observed Jupyter Stealer CnC Domain (vincentolife .com
in TLS SNI) (trojan.rules)

Pro:

  2845829 - ETPRO MOBILE_MALWARE Android Spy DraconianPin Reporting Location
(mobile_malware.rules)
  2845830 - ETPRO MOBILE_MALWARE Android Spy DraconianPin Reporting Calls
(mobile_malware.rules)
  2845831 - ETPRO MOBILE_MALWARE Android Spy DraconianPin AddUser
(mobile_malware.rules)
  2845832 - ETPRO MOBILE_MALWARE Android Spy DraconianPin Checkin
(mobile_malware.rules)
  2845833 - ETPRO MOBILE_MALWARE Android Spy DraconianPin Reporting Contact
List (mobile_malware.rules)
  2845834 - ETPRO MOBILE_MALWARE Android Spy DraconianPin Reporting Incoming
Calls (mobile_malware.rules)
  2845835 - ETPRO MOBILE_MALWARE Android Spy DraconianPin Reporting App List
(mobile_malware.rules)
  2845836 - ETPRO MOBILE_MALWARE Android Spy LuckyLeader Checkin
(mobile_malware.rules)
  2845837 - ETPRO MOBILE_MALWARE Android.SmsSend.1359.origin Checkin
(mobile_malware.rules)
  2845838 - ETPRO MOBILE_MALWARE Android.Agent.GEN24784 Checkin
(mobile_malware.rules)
  2845839 - ETPRO MOBILE_MALWARE Android.fyben.a Checkin
(mobile_malware.rules)
  2845840 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Piom.ly CnC Beacon
(mobile_malware.rules)
  2845841 - ETPRO MOBILE_MALWARE Android/Hiddad.AKP CnC Beacon
(mobile_malware.rules)
  2845842 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.OJNF-2 Checkin
(mobile_malware.rules)
  2845843 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Hydra Checkin
(mobile_malware.rules)
  2845844 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Hydra Checkin 2
(mobile_malware.rules)
  2845845 - ETPRO MOBILE_MALWARE Android Spy RemoteAssist Checkin
(mobile_malware.rules)
  2845846 - ETPRO MOBILE_MALWARE Android DynamicParam Reporting Location
(mobile_malware.rules)
  2845847 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.Easylogger.b Checkin
(mobile_malware.rules)
  2845848 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.GQH Checkin
(mobile_malware.rules)
  2845849 - ETPRO TROJAN Win32/Backport Backdoor Checkin via SMTP
(trojan.rules)
  2845850 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
  2845851 - ETPRO POLICY External Geo/Timezone Lookup via api .timezonedb
.com (policy.rules)
  2845852 - ETPRO TROJAN MalDoc Retrieving Payload 2020-12-07 (set)
(trojan.rules)
  2845853 - ETPRO TROJAN MalDoc Retrieving Payload 2020-12-07 (trojan.rules)
  2845854 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-05 1) (trojan.rules)
  2845855 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-05 2) (trojan.rules)
  2845856 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-05 3) (trojan.rules)
  2845857 - ETPRO CURRENT_EVENTS Successful Unicredit Phish 2020-12-07
(current_events.rules)
  2845858 - ETPRO CURRENT_EVENTS Successful Intesa Sanpaolo Phish 2020-12-07
(current_events.rules)
  2845859 - ETPRO CURRENT_EVENTS Successful Fedex Phish 2020-12-07
(current_events.rules)
  2845860 - ETPRO CURRENT_EVENTS Successful USPS Phish 2020-12-07
(current_events.rules)
  2845861 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union Phish
2020-12-07 (current_events.rules)
  2845862 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish 2020-12-07
(current_events.rules)
  2845863 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2845864 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2845865 - ETPRO TROJAN VBS/xProRat CnC Host Checkin (trojan.rules)
  2845866 - ETPRO TROJAN VBS/xProRat CnC Activity (trojan.rules)
  2845867 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-12-07 (current_events.rules)
  2845868 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-12-07
(current_events.rules)
  2845869 - ETPRO CURRENT_EVENTS Successful Boursorama Banque Phish
2020-12-07 (current_events.rules)
  2845870 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2020-12-07
(current_events.rules)
  2845871 - ETPRO TROJAN Jupyter Stealer CnC Server Response (trojan.rules)
  2845872 - ETPRO TROJAN Win32/Remcos RAT Checkin 627 (trojan.rules)
  2845873 - ETPRO CURRENT_EVENTS Successful UBS Phish 2020-12-07
(current_events.rules)

[///]     Modified active rules:     [///]

  2024379 - ET POLICY Outdated Flash Version M2 (policy.rules)
  2030393 - ET TROJAN Jupyter Stealer Reporting System Information
(trojan.rules)
  2842012 - ETPRO TROJAN External Template Request for .dot (trojan.rules)
  2845565 - ETPRO CURRENT_EVENTS Successful Metrobank Credential Phish
2020-11-18 (current_events.rules)
  2845655 - ETPRO TROJAN Jupyter Stealer Activity (POST) (trojan.rules)

Date:
Summary title:
3 new OPEN, 48 new PRO (3 + 45). Android Spy DraconianPin, Win32/Backport Backdoor, VBS/xProRat CnC, and VARIOUS PHISH.