Daily Ruleset Update Summary 2021/02/02

Daily Ruleset Update Summary

[***] Summary: [***]

5 new OPEN, 30 new PRO (5 + 25). TrickBot, Remcos, AsyncRAT,
Various Phish, Others.

Thanks @james_inthe_box.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2031599 - ET TROJAN Win32/SystemBC CnC Checkin (trojan.rules)
2031600 - ET TROJAN Win32/TrickBot maserv Module Command (trojan.rules)
2031601 - ET TROJAN Win32/TrickBot maserv Module CnC Activity (trojan.rules)
2031602 - ET SCAN Generic IDBTE4M Exploit Scanner (Outbound) (scan.rules)
2031603 - ET SCAN Generic IDBTE4M Exploit Scanner (Inbound) (scan.rules)

Pro:

2846872 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.di
Checkin (mobile_malware.rules)
2846873 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2846874 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-02 1) (trojan.rules)
2846875 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-02 2) (trojan.rules)
2846876 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-02 3) (trojan.rules)
2846877 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-02 4) (trojan.rules)
2846878 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-02 5) (trojan.rules)
2846879 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-02 6) (trojan.rules)
2846880 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-02 7) (trojan.rules)
2846881 - ETPRO CURRENT_EVENTS Successful Barclays Phish 2021-02-02
(current_events.rules)
2846882 - ETPRO CURRENT_EVENTS Successful Office 365 Phish
2021-02-02 (current_events.rules)
2846883 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-02-02
(current_events.rules)
2846884 - ETPRO CURRENT_EVENTS Successful Unach University MX Phish
2021-02-02 (current_events.rules)
2846885 - ETPRO CURRENT_EVENTS Successful DHL Phish 2021-02-02
(current_events.rules)
2846886 - ETPRO CURRENT_EVENTS Successful WhatsApp Phish 2021-02-02
(current_events.rules)
2846887 - ETPRO CURRENT_EVENTS Successful ItechX Phish 2021-02-02
(current_events.rules)
2846888 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish
2021-02-02 (current_events.rules)
2846889 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2021-02-02 (current_events.rules)
2846890 - ETPRO CURRENT_EVENTS Successful Impots Gouv FR Phish
2021-02-02 (current_events.rules)
2846891 - ETPRO TROJAN Win32/Remcos RAT Checkin 667 (trojan.rules)
2846892 - ETPRO TROJAN Rift Rebirth Discord Token Grabber Exfil via
Discord (trojan.rules)
2846893 - ETPRO TROJAN Win32/Remcos RAT Checkin 668 (trojan.rules)
2846894 - ETPRO CURRENT_EVENTS Successful Office365 Phish 2021-02-02
(current_events.rules)
2846895 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2021-02-02
(current_events.rules)
2846896 - ETPRO CURRENT_EVENTS Successful HSBC Phish 2021-02-02
(current_events.rules)

[---] Removed rules: [---]

2841309 - ETPRO TROJAN Win32/SystemBC CnC Checkin (trojan.rules)

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:

Tuesday, February 2, 2021

Summary title:

5 new OPEN, 30 new PRO (5 + 25). TrickBot, Remcos, AsyncRAT, Various Phish, Others.