Daily Ruleset Update Summary 2021/01/25

Daily Ruleset Update Summary

[***] Summary: [***]

10 new OPEN, 44 new PRO (10 + 34). SUNBURST, BitRAT, Elysium Stealer,
Remcos, Various Phish.

Thanks: @401trg.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2031537 - ET TROJAN [401TRG] SUNBURST Related DNS Lookup to
infinitysoftwares .com (trojan.rules)
2031538 - ET TROJAN [401TRG] Observed Backdoor.SUNBURST CnC Domain
(infinitysoftwares .com in TLS SNI) (trojan.rules)
2031539 - ET TROJAN [401TRG] Backdoor.BEACON SSL Cert Inbound
(infinitysoftwares .com) (trojan.rules)
2031540 - ET TROJAN [401TRG] SUNBURST Related DNS Lookup to
bigtopweb .com (trojan.rules)
2031541 - ET TROJAN [401TRG] Observed Backdoor.SUNBURST CnC Domain
(bigtopweb .com in TLS SNI) (trojan.rules)
2031542 - ET TROJAN [401TRG] Backdoor.BEACON SSL Cert Inbound
(bigtopweb .com) (trojan.rules)
2031543 - ET EXPLOIT VisualDoor Sonicwall SSL VPN Exploit Attempt
(exploit.rules)
2031544 - ET TROJAN Trojan-Dropper.Win32.Sysn.cdjy CnC Activity (trojan.rules)
2031545 - ET TROJAN Observed Malicious SSL Cert (BitRAT CnC) (trojan.rules)
2031546 - ET EXPLOIT Suspected SAP EEM SOLMAN RCE (CVE-2020-6207)
(exploit.rules)

Pro:

2846707 - ETPRO USER_AGENTS Observed Suspicious UA (WinClient)
(user_agents.rules)
2846708 - ETPRO TROJAN Observed Elysium Stealer CnC Domain in TLS
SNI (trojan.rules)
2846709 - ETPRO TROJAN Observed Elysium Stealer CnC Domain in TLS
SNI (trojan.rules)
2846710 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-22 1) (trojan.rules)
2846711 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-22 2) (trojan.rules)
2846712 - ETPRO CURRENT_EVENTS Successful PostaOnline CZ Phish
2021-01-25 (current_events.rules)
2846713 - ETPRO CURRENT_EVENTS Successful DHL Phish 2021-01-25
(current_events.rules)
2846714 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2021-01-25 (current_events.rules)
2846715 - ETPRO CURRENT_EVENTS Outlook Web App Phishing Landing
2021-01-25 (current_events.rules)
2846716 - ETPRO CURRENT_EVENTS Successful Banque Populaire FR Phish
2021-01-25 (current_events.rules)
2846717 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2021-01-25
(current_events.rules)
2846718 - ETPRO CURRENT_EVENTS Successful Craigslist Phish
2021-01-25 (current_events.rules)
2846719 - ETPRO CURRENT_EVENTS Successful UnitedHealthcare Phish
2021-01-25 (current_events.rules)
2846720 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-01-25
(current_events.rules)
2846721 - ETPRO CURRENT_EVENTS Successful Swisscom Phish 2021-01-25
(current_events.rules)
2846722 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-01-25
(current_events.rules)
2846723 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-01-25
(current_events.rules)
2846724 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2021-01-25 (current_events.rules)
2846725 - ETPRO CURRENT_EVENTS Successful Generic Banking Phish
2021-01-25 (current_events.rules)
2846726 - ETPRO TROJAN Win32/RedNeck Keylogger CnC Host Checkin (trojan.rules)
2846727 - ETPRO TROJAN Win32/Agent.NNW Variant CnC Host Checkin (trojan.rules)
2846728 - ETPRO TROJAN MSIL/Agent.RMW Variant CnC Host Checkin (trojan.rules)
2846729 - ETPRO CURRENT_EVENTS Successful Citizens Bank Phish
2021-01-25 (current_events.rules)
2846730 - ETPRO CURRENT_EVENTS Successful Chase Phish 2021-01-25
(current_events.rules)
2846731 - ETPRO TROJAN Win32/Spy.Vadokrist.AH CnC Activity (trojan.rules)
2846732 - ETPRO TROJAN Win32/BackstageStealer CnC Activity M2 (trojan.rules)
2846733 - ETPRO TROJAN Trojan.Win32.Rbot.dwgpru CnC Activity (trojan.rules)
2846734 - ETPRO TROJAN Win64/Riskware.DSEFix.A CnC Activity (trojan.rules)
2846735 - ETPRO TROJAN Win32/Remcos RAT Checkin 660 (trojan.rules)
2846736 - ETPRO TROJAN Win32/Remcos RAT Checkin 661 (trojan.rules)
2846737 - ETPRO CURRENT_EVENTS Successful HSBC Phish 2021-01-25
(current_events.rules)
2846738 - ETPRO CURRENT_EVENTS Successful Western Union Phish
2021-01-25 (current_events.rules)
2846739 - ETPRO CURRENT_EVENTS Successful Meridian Credit Union
Phish 2021-01-25 (current_events.rules)
2846740 - ETPRO CURRENT_EVENTS Successful Citizens Bank Phish
2021-01-25 (current_events.rules)

[///] Modified active rules: [///]

2031083 - ET POLICY File Downloaded from Discord (policy.rules)
2031433 - ET TROJAN AHK.CREDSTEALER.A MalDoc Retrieving Payload (trojan.rules)

Date:

Monday, January 25, 2021

Summary title:

10 new OPEN, 44 new PRO (10 + 34). SUNBURST, BitRAT, Elysium Stealer, Remcos, Various Phish.