Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/02/04

[***] Summary: [***]

1 new OPEN, 21 new PRO (1 + 20). Ursnif, Remcos, AsyncRAT, Various
Phish, Others.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2031605 - ET TROJAN Win32/TrojanDownloader.Small.AWO CnC Activity
(trojan.rules)

Pro:

2846916 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2846917 - ETPRO INFO Multiple Spaces at URI End (info.rules)
2846918 - ETPRO USER_AGENTS Observed Suspicious UA (TmxWebUpdate)
(user_agents.rules)
2846919 - ETPRO TROJAN Keylogger Gratis Version Check/Download
Inbound (trojan.rules)
2846920 - ETPRO CURRENT_EVENTS Successful Facebook Messenger Phish
2021-02-04 (current_events.rules)
2846921 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2021-02-04 (current_events.rules)
2846922 - ETPRO CURRENT_EVENTS Successful Union Bank Phish
2021-02-04 (current_events.rules)
2846923 - ETPRO CURRENT_EVENTS Successful Centurylink Phish
2021-02-04 (current_events.rules)
2846924 - ETPRO CURRENT_EVENTS Successful Chase Phish 2021-02-04
(current_events.rules)
2846925 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-04 1) (trojan.rules)
2846926 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish
2021-02-04 (current_events.rules)
2846927 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish
2021-02-04 (current_events.rules)
2846928 - ETPRO CURRENT_EVENTS Successful NAB Phish 2021-02-04
(current_events.rules)
2846929 - ETPRO CURRENT_EVENTS Successful Generic Banking Login
Phish 2021-02-04 (current_events.rules)
2846930 - ETPRO TROJAN Win32/Remcos RAT Checkin 669 (trojan.rules)
2846931 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2846932 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-02-04
(current_events.rules)
2846933 - ETPRO CURRENT_EVENTS Successful WesBank Phish 2021-02-04
(current_events.rules)
2846934 - ETPRO CURRENT_EVENTS Successful CenturyLink Phish
2021-02-04 (current_events.rules)
2846935 - ETPRO TROJAN Win32/Wacapew Variant Activity (trojan.rules)

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:
Summary title:
1 new OPEN, 21 new PRO (1 + 20). Ursnif, Remcos, AsyncRAT, Various Phish, Others.