Daily Ruleset Update Summary 2021/02/12

[***] Summary: [***]

4 new OPEN, 34 new PRO (4 + 30) Various Android, NimzaLoader, AsyncRAT,
Various Phish.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2031616 - ET POLICY Known External IP Lookup Service Domain in SNI
(policy.rules)
2031617 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
2031618 - ET MALWARE Win32/RemoteUtilities Checkin via SMTP
(malware.rules)
2031619 - ET GAMES Playit Activity (playit .gg) (games.rules)

Pro:

2847066 - ETPRO MOBILE_MALWARE Android Trojan Rana CnC Beacon
(mobile_malware.rules)
2847067 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SpyNote.e Checkin
(mobile_malware.rules)
2847068 - ETPRO MOBILE_MALWARE Android.Trojan.AgentSpy.AT / Confucius APT
Suspicious FTP Login - SET (mobile_malware.rules)
2847069 - ETPRO MOBILE_MALWARE Android.Trojan.AgentSpy.AT / Confucius APT
Suspicious FTP Login (mobile_malware.rules)
2847070 - ETPRO MOBILE_MALWARE Android.Trojan.AgentSpy.AT / Confucius APT
CnC Beacon (mobile_malware.rules)
2847071 - ETPRO MOBILE_MALWARE Android.Trojan.AgentSpy.AT / Confucius APT
Checkin (mobile_malware.rules)
2847072 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847073 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847074 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847075 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847076 - ETPRO CURRENT_EVENTS Successful Singapore Post Phish 2021-02-12
(current_events.rules)
2847077 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2021-02-12 (current_events.rules)
2847078 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2020-02-12
(current_events.rules)
2847079 - ETPRO CURRENT_EVENTS Successful Microsoft SecureTransfer Phish
2021-02-12 (current_events.rules)
2847080 - ETPRO CURRENT_EVENTS Successful Microsoft SecureTransfer Phish
2021-02-12 (current_events.rules)
2847081 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2021-02-12 (current_events.rules)
2847082 - ETPRO TROJAN NimzaLoader Initial CnC Host Checkin (trojan.rules)
2847083 - ETPRO TROJAN NimzaLoader CnC Activity M1 (trojan.rules)
2847084 - ETPRO TROJAN NimzaLoader CnC Activity M2 (trojan.rules)
2847085 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-12 1) (trojan.rules)
2847086 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-12 2) (trojan.rules)
2847087 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-12 3) (trojan.rules)
2847088 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2021-02-12 (current_events.rules)
2847089 - ETPRO POLICY External IP Lookup via watismijnip .nl
(policy.rules)
2847090 - ETPRO TROJAN W32/VB.Downloader.sa Variant CnC Activity
(trojan.rules)
2847091 - ETPRO TROJAN Win32/AutoRun.Agent.ARS Variant CnC Activity
(trojan.rules)
2847092 - ETPRO TROJAN Win32/AutoRun.Agent.ARS Variant CnC Activity
(trojan.rules)
2847093 - ETPRO TROJAN Win32/AutoRun.Agent.ARS Variant CnC Exfil
(trojan.rules)
2847094 - ETPRO TROJAN Win32/Remcos RAT Checkin 676 (trojan.rules)
2847095 - ETPRO CURRENT_EVENTS Possible Successful Generic Credential
Phish 2021-02-12 (current_events.rules)

[///] Modified active rules: [///]

2845553 - ETPRO CURRENT_EVENTS Suspected GoPhish Phishing Landing
(current_events.rules)
2846346 - ETPRO TROJAN MSIL/NoCry Ransomware CnC Activity (trojan.rules)

Date:

Friday, February 12, 2021

Summary title:

4 new OPEN, 34 new PRO (4 + 30) Various Android, NimzaLoader, AsyncRAT, Various Phish.