Daily Ruleset Update Summary 2020/12/18

[***] Summary: [***]

3 new OPEN, 87 new PRO (3 + 85). AHK.CREDSTEALER.A, Android McData, Multiple Android/Obfus.RJ, AsyncRAT, Win32/GoChromeStealer, VARIOUS PHISH.

Today it is Friday.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2031433 - ET TROJAN AHK.CREDSTEALER.A MalDoc Retrieving Payload
(trojan.rules)
2031434 - ET TROJAN AHK.CREDSTEALER.A CnC Activity (trojan.rules)
2031435 - ET TROJAN AHK.CREDSTEALER.A CnC Exfil (trojan.rules)

Pro:

2846100 - ETPRO MOBILE_MALWARE Android McData CnC Beacon
(mobile_malware.rules)
2846101 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 1
(mobile_malware.rules)
2846102 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 2
(mobile_malware.rules)
2846103 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 3
(mobile_malware.rules)
2846104 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 4
(mobile_malware.rules)
2846105 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 5
(mobile_malware.rules)
2846106 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 6
(mobile_malware.rules)
2846107 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 7
(mobile_malware.rules)
2846108 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 8
(mobile_malware.rules)
2846109 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 9
(mobile_malware.rules)
2846110 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 10
(mobile_malware.rules)
2846111 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 11
(mobile_malware.rules)
2846112 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 12
(mobile_malware.rules)
2846113 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 13
(mobile_malware.rules)
2846114 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 14
(mobile_malware.rules)
2846115 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 15
(mobile_malware.rules)
2846116 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 16
(mobile_malware.rules)
2846117 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 17
(mobile_malware.rules)
2846118 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Hiddapp.cf (TLS SNI)
(mobile_malware.rules)
2846119 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Iconosys.a (TLS SNI)
(mobile_malware.rules)
2846120 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 18
(mobile_malware.rules)
2846121 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 19
(mobile_malware.rules)
2846122 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 20
(mobile_malware.rules)
2846123 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 21
(mobile_malware.rules)
2846124 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 22
(mobile_malware.rules)
2846125 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.cf (TLS
SNI) (mobile_malware.rules)
2846126 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 23
(mobile_malware.rules)
2846127 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 24
(mobile_malware.rules)
2846128 - ETPRO MOBILE_MALWARE Android.Trojan.FakeInst.YB (TLS SNI) 1
(mobile_malware.rules)
2846129 - ETPRO MOBILE_MALWARE Android.Trojan.FakeInst.YB (TLS SNI) 2
(mobile_malware.rules)
2846130 - ETPRO MOBILE_MALWARE Android.Trojan.FakeInst.YB (TLS SNI) 3
(mobile_malware.rules)
2846131 - ETPRO MOBILE_MALWARE Android.Trojan.FakeInst.YB (TLS SNI) 4
(mobile_malware.rules)
2846132 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 25
(mobile_malware.rules)
2846133 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 26
(mobile_malware.rules)
2846134 - ETPRO MOBILE_MALWARE Android/Monitor.SpyPhone.K (TLS SNI)
(mobile_malware.rules)
2846135 - ETPRO MOBILE_MALWARE Android.Trojan.SLocker.BQH (TLS SNI) 1
(mobile_malware.rules)
2846136 - ETPRO MOBILE_MALWARE Android.Trojan.SLocker.BQH (TLS SNI) 2
(mobile_malware.rules)
2846137 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Hiddapp.cf (TLS SNI) 2
(mobile_malware.rules)
2846138 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 27
(mobile_malware.rules)
2846139 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 28
(mobile_malware.rules)
2846140 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 29
(mobile_malware.rules)
2846141 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 30
(mobile_malware.rules)
2846142 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 31
(mobile_malware.rules)
2846143 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 32
(mobile_malware.rules)
2846144 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 33
(mobile_malware.rules)
2846145 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 34
(mobile_malware.rules)
2846146 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 35
(mobile_malware.rules)
2846147 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 36
(mobile_malware.rules)
2846148 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 37
(mobile_malware.rules)
2846149 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 38
(mobile_malware.rules)
2846150 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 39
(mobile_malware.rules)
2846151 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 40
(mobile_malware.rules)
2846152 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 41
(mobile_malware.rules)
2846153 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 42
(mobile_malware.rules)
2846154 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 43
(mobile_malware.rules)
2846155 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 44
(mobile_malware.rules)
2846156 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 45
(mobile_malware.rules)
2846157 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 46
(mobile_malware.rules)
2846158 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 47
(mobile_malware.rules)
2846159 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 48
(mobile_malware.rules)
2846160 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 49
(mobile_malware.rules)
2846161 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 50
(mobile_malware.rules)
2846162 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 51
(mobile_malware.rules)
2846163 - ETPRO INFO Long Strings of Asterisk - Possible Exfil in POST
Body (info.rules)
2846164 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2846165 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
2846166 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2846167 - ETPRO CURRENT_EVENTS Successful Telus Phish 2020-12-18
(current_events.rules)
2846168 - ETPRO CURRENT_EVENTS Successful Twitter Phish 2020-12-18
(current_events.rules)
2846169 - ETPRO CURRENT_EVENTS Successful Naver Phish 2020-12-18
(current_events.rules)
2846170 - ETPRO CURRENT_EVENTS Successful Cash App Phish 2020-12-18
(current_events.rules)
2846171 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2020-12-18
(current_events.rules)
2846172 - ETPRO TROJAN Win32/GoChromeStealer CnC Exfil (trojan.rules)
2846173 - ETPRO TROJAN Ursnif CnC Domain in DNS Lookup (trojan.rules)
2846174 - ETPRO TROJAN Ursnif CnC Domain in DNS Lookup (trojan.rules)
2846175 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
2846176 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
2846177 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
2846178 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
2846179 - ETPRO CURRENT_EVENTS Possible CVE-2020-17140 Request SMBv2
(current_events.rules)
2846180 - ETPRO INFO TDS Redirect DNS Lookup (daily-prize-best .life)
(info.rules)
2846181 - ETPRO INFO TDS Redirect DNS Lookup (profit-strategy .life)
(info.rules)
2846182 - ETPRO INFO TDS Redirect DNS Lookup (bonusclub-forme .life)
(info.rules)
2846183 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-12-18
(current_events.rules)

[///] Modified active rules: [///]

2015786 - ET TROJAN Ransom.Win32.Birele.gsg Checkin (trojan.rules)
2022337 - ET TROJAN Win32.Nitol.K Variant CnC (trojan.rules)
2025145 - ET TROJAN Win32/Backdoor.Randrew.A CnC Checkin (trojan.rules)
2825793 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.IC Info Exfil
(mobile_malware.rules)
2825794 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.IC CnC Beacon 3
(mobile_malware.rules)
2826245 - ETPRO CURRENT_EVENTS Astrum EK Landing M2 May 03 2017
(current_events.rules)
2830535 - ETPRO MOBILE_MALWARE Android Trojan-Spy Simpkol Call Log Exfil
(mobile_malware.rules)
2833296 - ETPRO TROJAN MSIL.WebBotnet.A Checkin (trojan.rules)
2836237 - ETPRO MOBILE_MALWARE Android Spy Moez Checkin
(mobile_malware.rules)
2839154 - ETPRO MOBILE_MALWARE Riskware.Android.Wooboo.cthjxd Reporting
Device Details (mobile_malware.rules)
2845204 - ETPRO MOBILE_MALWARE Android/TrojanDownloader.Agent.TB Checkin
(mobile_malware.rules)
2845205 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Rotexy.f Checkin
(mobile_malware.rules)
2845223 - ETPRO MOBILE_MALWARE Android/Clicker.KN Checkin
(mobile_malware.rules)
2845224 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.DQW Checkin
(mobile_malware.rules)
2845255 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Fakenocam.d Checkin
(mobile_malware.rules)
2845259 - ETPRO MOBILE_MALWARE Android/Spy.Banker.AMH CnC Beacon
(mobile_malware.rules)
2845260 - ETPRO MOBILE_MALWARE Android/Spy.Agent.BAZ Checkin
(mobile_malware.rules)
2845261 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Malban.b Checkin
(mobile_malware.rules)
2845286 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.QX Checkin
(mobile_malware.rules)
2845393 - ETPRO INFO Long String of Asterisks - Possible Exfil in URI
(info.rules)
2845678 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.DarkShads.a Checkin
(mobile_malware.rules)
2845679 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.DarkShads.a Checkin 2
(mobile_malware.rules)
2845680 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.DarkShads.a Checkin 3
(mobile_malware.rules)
2845689 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Agent.ep / BankBot
Checkin (mobile_malware.rules)
2845800 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Loozfon.a Checkin
(mobile_malware.rules)
2845803 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Agent.ib Checkin
(mobile_malware.rules)
2845804 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.Resharer.n Checkin
(mobile_malware.rules)
2845805 - ETPRO MOBILE_MALWARE Android BooYou Reporting Contact List
(mobile_malware.rules)
2845806 - ETPRO MOBILE_MALWARE Android Downloader Earthasquare Checkin
(mobile_malware.rules)
2845807 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.ASOJ-0 Checkin
(mobile_malware.rules)
2845808 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.g Checkin
(mobile_malware.rules)
2845809 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.g Checkin 2
(mobile_malware.rules)
2845810 - ETPRO MOBILE_MALWARE Android Downloader XiJinst Checkin
(mobile_malware.rules)
2845811 - ETPRO MOBILE_MALWARE Android AutoSense Checkin
(mobile_malware.rules)
2845812 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Wroba.aw Checkin
(mobile_malware.rules)
2845813 - ETPRO MOBILE_MALWARE Trojan.Ewind.Android.846 Checkin
(mobile_malware.rules)
2845815 - ETPRO MOBILE_MALWARE Android/Clicker.KN Checkin
(mobile_malware.rules)
2845816 - ETPRO MOBILE_MALWARE Android/Plankton.I Checkin
(mobile_malware.rules)
2845829 - ETPRO MOBILE_MALWARE Android Spy DraconianPin Reporting
Location (mobile_malware.rules)
2845830 - ETPRO MOBILE_MALWARE Android Spy DraconianPin Reporting Calls
(mobile_malware.rules)
2845831 - ETPRO MOBILE_MALWARE Android Spy DraconianPin AddUser
(mobile_malware.rules)
2845832 - ETPRO MOBILE_MALWARE Android Spy DraconianPin Checkin
(mobile_malware.rules)
2845833 - ETPRO MOBILE_MALWARE Android Spy DraconianPin Reporting Contact
List (mobile_malware.rules)
2845834 - ETPRO MOBILE_MALWARE Android Spy DraconianPin Reporting
Incoming Calls (mobile_malware.rules)
2845835 - ETPRO MOBILE_MALWARE Android Spy DraconianPin Reporting App
List (mobile_malware.rules)
2845836 - ETPRO MOBILE_MALWARE Android Spy LuckyLeader Checkin
(mobile_malware.rules)
2845837 - ETPRO MOBILE_MALWARE Android.SmsSend.1359.origin Checkin
(mobile_malware.rules)
2845838 - ETPRO MOBILE_MALWARE Android.Agent.GEN24784 Checkin
(mobile_malware.rules)
2845839 - ETPRO MOBILE_MALWARE Android.fyben.a Checkin
(mobile_malware.rules)
2845840 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Piom.ly CnC Beacon
(mobile_malware.rules)
2845841 - ETPRO MOBILE_MALWARE Android/Hiddad.AKP CnC Beacon
(mobile_malware.rules)
2845842 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.OJNF-2 Checkin
(mobile_malware.rules)
2845843 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Hydra Checkin
(mobile_malware.rules)
2845844 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Hydra Checkin 2
(mobile_malware.rules)
2845845 - ETPRO MOBILE_MALWARE Android Spy RemoteAssist Checkin
(mobile_malware.rules)
2845846 - ETPRO MOBILE_MALWARE Android DynamicParam Reporting Location
(mobile_malware.rules)
2845847 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.Easylogger.b Checkin
(mobile_malware.rules)
2845848 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.GQH Checkin
(mobile_malware.rules)
2845874 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Cloput.a
Checkin (mobile_malware.rules)
2845875 - ETPRO MOBILE_MALWARE Android AdvertPop Checkin
(mobile_malware.rules)
2845876 - ETPRO MOBILE_MALWARE Android/Hiddad.ARD Checkin
(mobile_malware.rules)
2845877 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Knobot.g Checkin
(mobile_malware.rules)
2845878 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Hiddapp.cf Checkin
(mobile_malware.rules)
2845879 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Agent.nz Checkin
(mobile_malware.rules)
2845880 - ETPRO MOBILE_MALWARE Android.Smsthief.A96a Checkin
(mobile_malware.rules)
2845881 - ETPRO MOBILE_MALWARE Downloader.AndroidOS.Agent.a Checkin
(mobile_malware.rules)
2845882 - ETPRO MOBILE_MALWARE Downloader.AndroidOS.Agent.ar Checkin
(mobile_malware.rules)
2845916 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Wroba.aw Checkin
(mobile_malware.rules)
2845917 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Wroba.aw Checkin 2
(mobile_malware.rules)
2845918 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Hiddad.pac Checkin
(mobile_malware.rules)
2845919 - ETPRO MOBILE_MALWARE Android RepairLoser Checkin
(mobile_malware.rules)
2845920 - ETPRO MOBILE_MALWARE Android OperationLog Checkin
(mobile_malware.rules)
2845921 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.cf Checkin
(mobile_malware.rules)
2845922 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.cf Checkin
2 (mobile_malware.rules)
2845923 - ETPRO MOBILE_MALWARE Trojan.Ewind.Android.846 Reporting Device
Info (mobile_malware.rules)
2845924 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.Sakezon.a Checkin
(mobile_malware.rules)
2845952 - ETPRO MOBILE_MALWARE Android Hiddad Checkin
(mobile_malware.rules)
2845953 - ETPRO MOBILE_MALWARE Android Triada.fxjp Checkin
(mobile_malware.rules)
2845954 - ETPRO MOBILE_MALWARE Android XuanMing Checkin
(mobile_malware.rules)
2845955 - ETPRO MOBILE_MALWARE Android LoadBlast Checkin
(mobile_malware.rules)
2845956 - ETPRO MOBILE_MALWARE Android/Monitor.Reptilicus.F CnC Beacon
(mobile_malware.rules)
2845957 - ETPRO MOBILE_MALWARE Android/Monitor.Reptilicus.F CnC Beacon 2
(mobile_malware.rules)
2845958 - ETPRO MOBILE_MALWARE Trojan.Android.Spy.fhcalt CnC Beacon
(mobile_malware.rules)
2845959 - ETPRO MOBILE_MALWARE Android/Monitor.PanSpy.C Reporting
Location (mobile_malware.rules)
2845960 - ETPRO MOBILE_MALWARE Android/Monitor.PanSpy.C Reporting Wifi
Logs (mobile_malware.rules)
2845961 - ETPRO MOBILE_MALWARE Android/Monitor.PanSpy.C Reporting Device
Info (mobile_malware.rules)
2845962 - ETPRO MOBILE_MALWARE Android Sangria Checkin
(mobile_malware.rules)
2846003 - ETPRO MOBILE_MALWARE Android/Hiddad.KN Checkin
(mobile_malware.rules)
2846004 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.FakeCop.j Checkin
(mobile_malware.rules)
2846005 - ETPRO MOBILE_MALWARE TianaSquare Reporting Location
(mobile_malware.rules)
2846026 - ETPRO MOBILE_MALWARE Android NanoDati Checkin
(mobile_malware.rules)
2846027 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.fxjp Checkin
(mobile_malware.rules)
2846028 - ETPRO MOBILE_MALWARE AndroidOS/Hiddad.XJPF Checkin
(mobile_malware.rules)
2846029 - ETPRO MOBILE_MALWARE Android Acraco Reporting Device Info
(mobile_malware.rules)
2846030 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Wroba.aw Reporting
Battery Level (mobile_malware.rules)

Date:

Friday, December 18, 2020

Summary title:

3 new OPEN, 87 new PRO (3 + 85). AHK.CREDSTEALER.A, Android McData, Multiple Android/Obfus.RJ, AsyncRAT, Win32/GoChromeStealer, VARIOUS PHISH.