Daily Ruleset Update Summary 2021/02/11

Daily Ruleset Update Summary

[***] Summary: [***]

5 new OPEN, 40 new PRO (5 + 35) Keitaro Redirectors, Raccoon Stealer,
Cobalt Strike, Various Phish.

Thanks: @mattdep_

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2031611 - ET CURRENT_EVENTS Trend Micro Phishing Simulation Service
(current_events.rules)
2031612 - ET WEB_CLIENT Observed DNS Query to Malicious Cookie Monster
Roulette JS Cookie Stealer Exfil Domain (web_client.rules)
2031613 - ET USER_AGENTS Suspicious User-Agent (aaaa) (user_agents.rules)
2031614 - ET WEB_CLIENT Evil Keitaro Set-Cookie Inbound (9487d)
(web_client.rules)
2031615 - ET TROJAN Observed Evil Keitaro TDS Redirection Domain
(fiberswatch .com in TLS SNI) (trojan.rules)

Pro:

2847031 - ETPRO TROJAN Win32/Farfli.RSK!MTB CnC Checkin (trojan.rules)
2847032 - ETPRO TROJAN Win32/Farfli.RSK!MTB CnC Keep-Alive (Outbound)
(trojan.rules)
2847033 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847034 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847035 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847036 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847037 - ETPRO TROJAN ELF/Mirai Variant CnC Activity (trojan.rules)
2847038 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.xi Checkin
(mobile_malware.rules)
2847039 - ETPRO CURRENT_EVENTS Successful Global Sources Phish 2021-02-11
(current_events.rules)
2847040 - ETPRO CURRENT_EVENTS Successful Intesa Sanpaolo Phish
2021-02-11 (current_events.rules)
2847041 - ETPRO CURRENT_EVENTS Successful Apple iCloud Phish 2021-02-11
(current_events.rules)
2847042 - ETPRO CURRENT_EVENTS Successful Ruralvia Phish 2021-02-11
(current_events.rules)
2847043 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2021-02-11
(current_events.rules)
2847044 - ETPRO CURRENT_EVENTS Successful Intesa Sanpaolo Phish
2021-02-11 (current_events.rules)
2847045 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2021-02-11
(current_events.rules)
2847046 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2021-02-11 (current_events.rules)
2847047 - ETPRO CURRENT_EVENTS Successful Generic Cloud Drive Phish
2021-02-11 (current_events.rules)
2847048 - ETPRO CURRENT_EVENTS Successful AppleConnect Phish 2021-02-11
(current_events.rules)
2847049 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2021-02-11 (current_events.rules)
2847050 - ETPRO CURRENT_EVENTS Successful Caisse d' Epargne Phish
2021-02-11 (current_events.rules)
2847051 - ETPRO MALWARE MSIL/Tiny.EV Variant CnC Activity (malware.rules)
2847052 - ETPRO TROJAN Win32/Kryptik.GTXN Variant CnC Activity
(trojan.rules)
2847053 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-11 1) (trojan.rules)
2847054 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-11 2) (trojan.rules)
2847055 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-11 3) (trojan.rules)
2847056 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-11 4) (trojan.rules)
2847057 - ETPRO WEB_CLIENT Evil Keitaro Set-Cookie Inbound (e0bce)
(web_client.rules)
2847058 - ETPRO TROJAN Win32.Raccoon Stealer CnC Domain in TLS SNI
(trojan.rules)
2847059 - ETPRO WEB_CLIENT Evil Keitaro Set-Cookie Inbound (2e113)
(web_client.rules)
2847060 - ETPRO TROJAN Win32.Raccoon Stealer CnC Domain in TLS SNI
(trojan.rules)
2847061 - ETPRO WEB_CLIENT Malicious Cookie Monster Roulette JavaScript
Inbound (web_client.rules)
2847062 - ETPRO TROJAN Win32/Remcos RAT Checkin 675 (trojan.rules)
2847063 - ETPRO USER_AGENTS Suspicious User-Agent (Windows Phone/Android)
(user_agents.rules)
2847064 - ETPRO TROJAN Cobalt Strike Malleable C2 (WooCommerce Profile)
(trojan.rules)
2847065 - ETPRO TROJAN Cobalt Strike Malleable C2 (WooCommerce Profile)
(trojan.rules)

[///] Modified active rules: [///]

2029078 - ET TROJAN Buer Loader Download Request (trojan.rules)
2029079 - ET TROJAN Buer Loader Successful Payload Download (trojan.rules)
2838754 - ETPRO WEB_CLIENT Malicious Cookie Monster Roulette JS Cookie
Stealer Exfil (web_client.rules)

Date:

Thursday, February 11, 2021

Summary title:

5 new OPEN, 40 new PRO (5 + 35) Keitaro Redirectors, Raccoon Stealer, Cobalt Strike, Various Phish.