Daily Ruleset Update Summary 2021/02/15

Daily Ruleset Update Summary

[***] Summary: [***]

1 new OPEN, 49 new PRO (1 + 48). MSIL/CoderVir, Android/Obfus.RJ,
Android/Easylogger, Various Phish, Others.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2031620 - ET TROJAN MSIL/CoderVir Stealer Zip Upload (trojan.rules)

Pro:

2847096 - ETPRO MOBILE_MALWARE Android/Spy.Agent.ALO Checkin
(mobile_malware.rules)
2847097 - ETPRO MOBILE_MALWARE Android.Trojan.SmsSpy.ABD TLS SNI
(mobile_malware.rules)
2847098 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Rkor.ap TLS
SNI (mobile_malware.rules)
2847099 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.ahyg Checkin
(mobile_malware.rules)
2847100 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.DUI
Checkin (mobile_malware.rules)
2847101 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.Easylogger.b
Checkin (mobile_malware.rules)
2847102 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Vesub.e Reporting
Device Info (mobile_malware.rules)
2847103 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Vesub.e Checkin
(mobile_malware.rules)
2847104 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.Mycellspy.a Checkin
(mobile_malware.rules)
2847105 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh DNS Lookup
(mobile_malware.rules)
2847106 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh DNS Lookup
2 (mobile_malware.rules)
2847107 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 90
(mobile_malware.rules)
2847108 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 91
(mobile_malware.rules)
2847109 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 92
(mobile_malware.rules)
2847110 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 93
(mobile_malware.rules)
2847111 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 94
(mobile_malware.rules)
2847112 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 95
(mobile_malware.rules)
2847113 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 96
(mobile_malware.rules)
2847114 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 97
(mobile_malware.rules)
2847115 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 98
(mobile_malware.rules)
2847116 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 99
(mobile_malware.rules)
2847117 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 100
(mobile_malware.rules)
2847118 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 101
(mobile_malware.rules)
2847119 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 102
(mobile_malware.rules)
2847120 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 103
(mobile_malware.rules)
2847121 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 104
(mobile_malware.rules)
2847122 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 105
(mobile_malware.rules)
2847123 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 106
(mobile_malware.rules)
2847124 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 107
(mobile_malware.rules)
2847125 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 108
(mobile_malware.rules)
2847126 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 109
(mobile_malware.rules)
2847127 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 110
(mobile_malware.rules)
2847128 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 111
(mobile_malware.rules)
2847129 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 112
(mobile_malware.rules)
2847130 - ETPRO MOBILE_MALWARE Android Demogorgon Checkin
(mobile_malware.rules)
2847131 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-13 1) (trojan.rules)
2847132 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-13 2) (trojan.rules)
2847133 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-13 3) (trojan.rules)
2847134 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-13 4) (trojan.rules)
2847135 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-13 5) (trojan.rules)
2847136 - ETPRO CURRENT_EVENTS Successful DHL Phish 2021-02-15
(current_events.rules)
2847137 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2021-02-15
(current_events.rules)
2847138 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2021-02-15
(current_events.rules)
2847139 - ETPRO CURRENT_EVENTS Successful Banco General Phish
2021-02-15 (current_events.rules)
2847140 - ETPRO CURRENT_EVENTS Successful Banco General Phish
2021-02-15 (current_events.rules)
2847141 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish
2021-02-15 (current_events.rules)
2847142 - ETPRO TROJAN Win32.Raccoon Stealer CnC Domain in TLS SNI
(trojan.rules)
2847143 - ETPRO TROJAN Win32/Remcos RAT Checkin 677 (trojan.rules)

[---] Removed rules: [---]

2845809 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.g Checkin 2
(mobile_malware.rules)

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:

Monday, February 15, 2021

Summary title:

1 new OPEN, 49 new PRO (1 + 48). MSIL/CoderVir, Android/Obfus.RJ, Android/Easylogger, Various Phish, Others.