Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/12/31

[***]            Summary:            [***]

3 new OPEN, 16 new PRO (3 + 13). Cobalt Strike, Azula Logger, RedLine, Pop Smoke, and VARIOUS PHISHING.
  
Happy New Year!  There will be no release tomorrow as we observe New Years Day.  

Good Riddance to Adobe Flash Player. Thanks for all the vulns leveraged by exploit kits. You will not be missed.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2031469 - ET TROJAN Observed Cobalt Strike CnC Domain in TLS SNI (cs
.lg22l .com) (trojan.rules)
  2031470 - ET TROJAN MSIL/Azula Logger CnC Activity (trojan.rules)
  2031471 - ET USER_AGENTS Suspicious User-Agent Simple Bot
(user_agents.rules)

Pro:

  2846315 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
  2846316 - ETPRO TROJAN Redline - GetTasks Request (trojan.rules)
  2846317 - ETPRO INFO Suspicious Terse Request for .dat (info.rules)
  2846318 - ETPRO TROJAN ELF/Mirai Variant CnC Activity (trojan.rules)
  2846319 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-31 1) (trojan.rules)
  2846320 - ETPRO CURRENT_EVENTS Successful Sparkasse Phish 2020-12-31
(current_events.rules)
  2846321 - ETPRO CURRENT_EVENTS Successful Facebook Gaming Phish 2020-12-31
(current_events.rules)
  2846322 - ETPRO CURRENT_EVENTS Successful Desjardins Phish 2020-12-31
(current_events.rules)
  2846323 - ETPRO TROJAN MSIL/Pop Smoke Discord Token Stealer (trojan.rules)
  2846324 - ETPRO CURRENT_EVENTS Successful RBFCU Phish 2020-12-31
(current_events.rules)
  2846325 - ETPRO CURRENT_EVENTS Successful Pentagon Federal Credit Union
Phish 2020-12-31 (current_events.rules)
  2846326 - ETPRO CURRENT_EVENTS Successful Postbank Phish 2020-12-31
(current_events.rules)
  2846327 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2020-12-31
(current_events.rules)

[///]     Modified active rules:     [///]

  2029855 - ET TROJAN MSIL/Agent.TRM Data Exfil (sysinfo) (trojan.rules)
  2841375 - ETPRO TROJAN Win32/Neshta.A CnC Activity - Retrieving Settings
(trojan.rules)
  2844248 - ETPRO TROJAN Win32/Kryptik.DNFZ Exfiltration (trojan.rules)

Date:
Summary title:
3 new OPEN, 16 new PRO (3 + 13). Cobalt Strike, Azula Logger, RedLine, Pop Smoke, and VARIOUS PHISHING.