Daily Ruleset Update Summary 2021/01/28

Daily Ruleset Update Summary

[***] Summary: [***]

6 new OPEN, 14 new PRO (6 + 8). Sn0wsLogger, TeamTNT, AsyncRAT, AZORult.

Thanks: @suprn8.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2031582 - ET TROJAN Sn0wsLogger CnC Exfil M1 (trojan.rules)
2031583 - ET TROJAN Sn0wsLogger CnC Exfil M2 (trojan.rules)
2031584 - ET POLICY External Host Creating Docker Image (policy.rules)
2031585 - ET TROJAN TeamTnT Gattling Gun AWS Creds Exfil (trojan.rules)
2031586 - ET TROJAN TeamTNT Gattling Gun CnC Domain in DNS Lookup
(trojan.rules)
2031587 - ET POLICY External Host Sending Docker Swarm Join Command
(policy.rules)

Pro:

2846808 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2846809 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2846810 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2846811 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-27 1) (trojan.rules)
2846812 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-27 2) (trojan.rules)
2846813 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-27 3) (trojan.rules)
2846814 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC)
(trojan.rules)
2846815 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish
2021-01-28 (current_events.rules)

[///] Modified active rules: [///]

2020381 - ET TROJAN DDoS.XOR Checkin (trojan.rules)

Date:

Thursday, January 28, 2021

Summary title:

6 new OPEN, 14 new PRO (6 + 8). Sn0wsLogger, TeamTNT, AsyncRAT, AZORult.