Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/02/01

[***] Summary: [***]

5 new OPEN, 31 new PRO (5 + 26). PoisonIvy, AsyncRAT, Racoon
Stealer, Various Phish, Others.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2031594 - ET INFO NoxPlayer Simulator Update Activity (info.rules)
2031595 - ET TROJAN NIGHTSCOUT Poison Ivy Variant CnC Domain in DNS
Lookup (cdn. cloudistcdn .com) (trojan.rules)
2031596 - ET TROJAN Suspected Poison Ivy Variant CnC (trojan.rules)
2031597 - ET TROJAN NIGHTSCOUT Malware CnC Domain in DNS Lookup (q.
cloudistcdn .com) (trojan.rules)
2031598 - ET TROJAN NIGHTSCOUT Malware CnC Domain in DNS Lookup
(update .boshiamys .com) (trojan.rules)

Pro:

2846846 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2846847 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2846848 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2846849 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2846850 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2846851 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader
CnC) (trojan.rules)
2846852 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-30 1) (trojan.rules)
2846853 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-30 2) (trojan.rules)
2846854 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-30 3) (trojan.rules)
2846855 - ETPRO CURRENT_EVENTS Successful Generic Personal
Information Phish 2021-02-01 (current_events.rules)
2846856 - ETPRO CURRENT_EVENTS Successful United Healthcare Phish
2021-02-01 (current_events.rules)
2846857 - ETPRO CURRENT_EVENTS Successful BW Bank Phish 2021-02-01
(current_events.rules)
2846858 - ETPRO CURRENT_EVENTS Bank of America Security Captcha
Phishing Landing (current_events.rules)
2846859 - ETPRO CURRENT_EVENTS Successful Ebay IT Phish 2021-02-01
(current_events.rules)
2846860 - ETPRO CURRENT_EVENTS Regions Bank Security Captcha
Phishing Landing (current_events.rules)
2846861 - ETPRO CURRENT_EVENTS Successful MKB Bank Phish 2021-02-01
(current_events.rules)
2846862 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-02-01
(current_events.rules)
2846863 - ETPRO CURRENT_EVENTS Successful Facebook Messenger Phish
2021-02-01 (current_events.rules)
2846864 - ETPRO TROJAN W32/Agent.BXL Variant CnC Host Checkin (trojan.rules)
2846865 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2021-02-01 (current_events.rules)
2846866 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-02-01
(current_events.rules)
2846867 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-02-01
(current_events.rules)
2846868 - ETPRO CURRENT_EVENTS Successful Generic Cloud Account
Phish 2021-02-01 (current_events.rules)
2846869 - ETPRO TROJAN Win32.Raccoon Stealer CnC Domain in TLS SNI
(trojan.rules)
2846870 - ETPRO TROJAN Win32.Raccoon Stealer CnC Domain in TLS SNI
(trojan.rules)
2846871 - ETPRO TROJAN Win32/Remcos RAT Checkin 666 (trojan.rules)

[///] Modified active rules: [///]

2014297 - ET POLICY Vulnerable Java Version 1.7.x Detected (policy.rules)
2019401 - ET POLICY Vulnerable Java Version 1.8.x Detected (policy.rules)
2020833 - ET TROJAN Win32/Injector.BXEW Variant HTTP CnC Beacon 1
(trojan.rules)
2020834 - ET TROJAN Win32/Injector.BXEW Variant HTTP CnC Beacon 2
(trojan.rules)
2020835 - ET TROJAN Win32/Injector.BXEW Variant HTTP CnC Beacon 3
(trojan.rules)
2028867 - ET POLICY Vulnerable Java Version 11.0.x Detected (policy.rules)
2843261 - ETPRO TROJAN Win32/CopperStealer CnC Activity M2 (trojan.rules)
2844133 - ETPRO TROJAN DCRat Initial Checkin Server Response (trojan.rules)

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:
Summary title:
5 new OPEN, 31 new PRO (5 + 26). PoisonIvy, AsyncRAT, Racoon Stealer, Various Phish, Others.