Daily Ruleset Update Summary 2021/02/03

Daily Ruleset Update Summary

[***] Summary: [***]

1 new OPEN, 20 new PRO (1 + 19). AsyncRAT, Win32/IndyDog, AZORult,
Various Phish, Others.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2031604 - ET TROJAN Snake Keylogger CnC Exfil via Telegram (trojan.rules)

Pro:

2846897 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2846898 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2846899 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2846900 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2846901 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2846902 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-03 1) (trojan.rules)
2846903 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-03 2) (trojan.rules)
2846904 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-03 3) (trojan.rules)
2846905 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2021-02-03
(current_events.rules)
2846906 - ETPRO CURRENT_EVENTS Successful Chase Phish 2021-02-03
(current_events.rules)
2846907 - ETPRO MALWARE Win32/Monitor.AMTGiMon.B Variant Activity
(malware.rules)
2846908 - ETPRO CURRENT_EVENTS Successful Chase Phish 2021-02-03
(current_events.rules)
2846909 - ETPRO CURRENT_EVENTS Successful WhatsApp Phish 2021-02-03
(current_events.rules)
2846910 - ETPRO CURRENT_EVENTS Successful Generic Email Password
Settings Phish 2021-02-03 (current_events.rules)
2846911 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC)
(trojan.rules)
2846912 - ETPRO TROJAN Win32.Raccoon Stealer CnC Domain in TLS SNI
(trojan.rules)
2846913 - ETPRO MALWARE Win32/LoadMoney Installer Activity (malware.rules)
2846914 - ETPRO TROJAN Maldoc Download Activity (trojan.rules)
2846915 - ETPRO MALWARE Win32/IndyDog Activity (malware.rules)

[///] Modified active rules: [///]

2031413 - ET TROJAN FormBook CnC Checkin (POST) M2 (trojan.rules)
2031418 - ET TROJAN Foudre Checkin M4 (trojan.rules)
2031588 - ET INFO Minimal HTTP GET Request to cl .ly (info.rules)
2031589 - ET INFO Minimal HTTP GET Request to rebrand .ly (info.rules)
2031596 - ET TROJAN Win32/PivNoxy CnC Activity (trojan.rules)
2846005 - ETPRO MOBILE_MALWARE TianaSquare Reporting Location
(mobile_malware.rules)
2846026 - ETPRO MOBILE_MALWARE Android NanoDati Checkin (mobile_malware.rules)
2846027 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.fxjp Checkin
(mobile_malware.rules)
2846028 - ETPRO MOBILE_MALWARE AndroidOS/Hiddad.XJPF Checkin
(mobile_malware.rules)
2846067 - ETPRO CURRENT_EVENTS Successful SunTrust Phish 2020-12-16
(current_events.rules)
2846076 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Jocker.gb Checkin
(mobile_malware.rules)
2846077 - ETPRO MOBILE_MALWARE Android EightBall CnC Beacon
(mobile_malware.rules)
2846100 - ETPRO MOBILE_MALWARE Android McData CnC Beacon
(mobile_malware.rules)
2846183 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-12-18
(current_events.rules)
2846206 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.aehq Checkin
(mobile_malware.rules)
2846207 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Agent.er Checkin
(mobile_malware.rules)
2846388 - ETPRO TROJAN Win32/Python.Stealer.vlu CnC Screenshot Exfil
via FTP (trojan.rules)
2846389 - ETPRO TROJAN Win32/Python.Stealer.vlu CnC Password Exfil
via FTP (trojan.rules)
2846523 - ETPRO MALWARE Win32/RegCleaner Pro Style External IP
Address Lookup (malware.rules)
2846524 - ETPRO MALWARE Win32/RegCleaner Pro Checkin via FTP (malware.rules)
2846608 - ETPRO CURRENT_EVENTS Successful My3 Phish 2021-01-19
(current_events.rules)
2846644 - ETPRO TROJAN Win32/Kryptik.HJW Variant CnC Activity (trojan.rules)
2846730 - ETPRO CURRENT_EVENTS Successful Chase Phish 2021-01-25
(current_events.rules)
2846830 - ETPRO CURRENT_EVENTS Successful Office 365 Phish
2021-01-29 (current_events.rules)
2846875 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-02 2) (trojan.rules)
2846896 - ETPRO CURRENT_EVENTS Successful HSBC Phish 2021-02-02
(current_events.rules)

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:

Wednesday, February 3, 2021

Summary title:

1 new OPEN, 20 new PRO (1 + 19). AsyncRAT, Win32/IndyDog, AZORult, Various Phish, Others.