Daily Ruleset Update Summary 2021/01/26

[***] Summary: [***]

14 new OPEN, 46 new PRO (14 + 32). Multiple Android Mobile, AsyncRAT,
Raccoon Stealer, Various DPRK Targeted Researcher Related, Various
Phish.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2031547 - ET INFO Suspicious POST to Wordpress Folder - Possible
Successful Banking Phish (info.rules)
2031548 - ET TROJAN Observed Targeted Attack Malicious SSL Cert
(angeldonationblog .com) (trojan.rules)
2031549 - ET TROJAN Observed Targeted Attack Malicious Domain in TLS
SNI (codevexillium .org) (trojan.rules)
2031550 - ET TROJAN Observed Targeted Attack Malicious SSL Cert
(investbooking .de) (trojan.rules)
2031551 - ET TROJAN Observed Targeted Attack Malicious Domain in TLS
SNI (krakenfolio .com) (trojan.rules)
2031552 - ET TROJAN Observed Targeted Attack Malicious SSL Cert
(opsonew3org .sg) (trojan.rules)
2031553 - ET TROJAN Observed Targeted Attack Malicious Domain in TLS
SNI (transferwiser .io) (trojan.rules)
2031554 - ET TROJAN Observed Targeted Attack Malicious Domain in TLS
SNI (transplugin .io) (trojan.rules)
2031555 - ET TROJAN Gh0st Variant CnC Domain in DNS Lookup (rninhsss
.com) (trojan.rules)
2031556 - ET TROJAN Gh0st Variant CnC Domain in DNS Lookup
(dexercisep .com) (trojan.rules)
2031557 - ET TROJAN Observed Targeted Attack Malicious Domain in TLS
SNI (blog .br0vvnn .io) (trojan.rules)
2031558 - ET INFO Suspicious POST Format (info.rules)
2031559 - ET INFO Suspicious POST Format (info.rules)
2031560 - ET INFO Suspicious POST Format (info.rules)

Pro:

2846741 - ETPRO MOBILE_MALWARE Android SquareTriangle Reporting
Device/Network Info (mobile_malware.rules)
2846742 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.bk
Checkin (mobile_malware.rules)
2846743 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.bk
Reporting Contact List (mobile_malware.rules)
2846744 - ETPRO MOBILE_MALWARE Android/Hiddad.VH Reporting
Device/Network Info (mobile_malware.rules)
2846745 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Agent.vx Checkin
(mobile_malware.rules)
2846746 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Agent.pl
Checkin (mobile_malware.rules)
2846747 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 78
(mobile_malware.rules)
2846748 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 79
(mobile_malware.rules)
2846749 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 80
(mobile_malware.rules)
2846750 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 81
(mobile_malware.rules)
2846751 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 82
(mobile_malware.rules)
2846752 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 83
(mobile_malware.rules)
2846753 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 84
(mobile_malware.rules)
2846754 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 85
(mobile_malware.rules)
2846755 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 86
(mobile_malware.rules)
2846756 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 87
(mobile_malware.rules)
2846757 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 88
(mobile_malware.rules)
2846758 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 89
(mobile_malware.rules)
2846760 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2846761 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2846762 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2846763 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2846764 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2846765 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2846766 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2846767 - ETPRO CURRENT_EVENTS Successful Desjardins Phish
2021-01-26 (current_events.rules)
2846768 - ETPRO CURRENT_EVENTS Successful ING Phish 2021-01-26
(current_events.rules)
2846769 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish
2021-01-26 (current_events.rules)
2846770 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2021-01-26
(current_events.rules)
2846771 - ETPRO TROJAN Win64/Filecoder.DD Variant CnC Host Checkin
(trojan.rules)
2846772 - ETPRO TROJAN Win64/Filecoder.DD Variant CnC Activity (trojan.rules)
2846773 - ETPRO TROJAN Win32.Raccoon Stealer CnC Domain in TLS SNI
(trojan.rules)

[///] Modified active rules: [///]

2031532 - ET EXPLOIT Oracle WebLogic JNDI Injection RCE Attempt
(CVE-2021-2109) (exploit.rules)
2846706 - ETPRO TROJAN DTLoader Variant Activity (trojan.rules)

Date:

Tuesday, January 26, 2021

Summary title:

14 new OPEN, 46 new PRO (14 + 32). Multiple Android Mobile, AsyncRAT, Raccoon Stealer, Various DPRK Targeted Researcher Related, Various Phish.