Daily Ruleset Update Summary 2021/02/18

[***] Summary: [***]

11 new OPEN, 38 new PRO (11 + 27). Wizpop, AppleJeus,
Inception/CloudAtlas, CVE-2021-1732 and VARIOUS PHISHING.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2013461 - ET MALWARE Win32/Wizpop Initial Checkin (malware.rules)
2013502 - ET MALWARE Win32/Wizpop Checkin (malware.rules)
2018582 - ET MALWARE Miuref/Boaxxe Checkin (malware.rules)
2031622 - ET TROJAN JEUSD CnC Domain Observed in DNS Query (trojan.rules)
2031623 - ET TROJAN AppleJeus - JMT Trading CnC Activity (Windows Variant)
(trojan.rules)
2031624 - ET TROJAN AppleJeus - JMT Trading CnC Activity (OSX Variant)
(trojan.rules)
2031625 - ET TROJAN AppleJeus - JMT Trading CnC Domain in DNS Lookup
(jmttrading .org) (trojan.rules)
2031626 - ET TROJAN AppleJeus - Union Crypto CnC Domain in DNS Lookup
(unioncrypto .vip) (trojan.rules)
2031627 - ET TROJAN AppleJeus - Union Crypto CnC Activity (Windows
Variant) (trojan.rules)
2031628 - ET TROJAN Suspected Fancy Bear (APT28) Maldoc CnC (trojan.rules)
2031629 - ET TROJAN FIN7/Carbanak Staging Domain in DNS Lookup
(civilizationidium .com) (trojan.rules)

Pro:

2803790 - ETPRO MALWARE Win32/Gabpath User-Agent (FPUpdater)
(malware.rules)
2803931 - ETPRO MALWARE W32/Gabpath.A.gen!Eldorado User-Agent (OCRecover)
(malware.rules)
2803947 - ETPRO MALWARE Win32/Gabpath User-Agent (WhereSphere)
(malware.rules)
2803949 - ETPRO MALWARE Win32/Jinzie User-Agent (PopRocks) (malware.rules)
2805569 - ETPRO MALWARE Win32/Adware.Kraddare.FS User-Agent(inter)
(malware.rules)
2820066 - ETPRO MALWARE W32/Wizz CnC SSL Cert (malware.rules)
2820067 - ETPRO MALWARE W32/Wizz Checkin (malware.rules)
2830987 - ETPRO MALWARE W32.Kuik Checkin (malware.rules)
2847203 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847204 - ETPRO TROJAN MSIL/RDPBruter CnC Activity (trojan.rules)
2847205 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847206 - ETPRO TROJAN ELF/Gafygt Variant CnC Checkin (trojan.rules)
2847207 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2021-02-18 (current_events.rules)
2847208 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2021-02-18
(current_events.rules)
2847209 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2021-02-18
(current_events.rules)
2847210 - ETPRO CURRENT_EVENTS Successful ATT Phish 2021-02-18
(current_events.rules)
2847211 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2021-02-18
(current_events.rules)
2847212 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2021-02-18
(current_events.rules)
2847213 - ETPRO CURRENT_EVENTS Successful Intesa Sanpaolo Phish 2021-02-18
(current_events.rules)
2847214 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-18 1) (trojan.rules)
2847215 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-18 2) (trojan.rules)
2847216 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-18 3) (trojan.rules)
2847217 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-18 4) (trojan.rules)
2847218 - ETPRO TROJAN Possible Payload Inbound Containing CVE-2021-1732
M1 (trojan.rules)
2847219 - ETPRO TROJAN Possible Payload Inbound Containing CVE-2021-1732
M2 (trojan.rules)
2847220 - ETPRO TROJAN Possible Payload Inbound Containing CVE-2021-1732
M3 (trojan.rules)
2847221 - ETPRO TROJAN Inception/CloudAtlas CnC Domain in DNS Lookup
(trojan.rules)

[///] Modified active rules: [///]

2025991 - ET TROJAN Lazarus Downloader (JEUSD) CnC Beacon (trojan.rules)

[---] Removed rules: [---]

2013461 - ET TROJAN Win32/Wizpop Initial Checkin (trojan.rules)
2013502 - ET TROJAN Win32/Wizpop Checkin (trojan.rules)
2018582 - ET TROJAN Miuref/Boaxxe Checkin (trojan.rules)
2803790 - ETPRO TROJAN Win32/Gabpath User-Agent (FPUpdater) (trojan.rules)
2803931 - ETPRO TROJAN W32/Gabpath.A.gen!Eldorado User-Agent (OCRecover)
(trojan.rules)
2803947 - ETPRO TROJAN Win32/Gabpath User-Agent (WhereSphere)
(trojan.rules)
2803949 - ETPRO TROJAN Win32/Jinzie User-Agent (PopRocks) (trojan.rules)
2805569 - ETPRO TROJAN Win32/Adware.Kraddare.FS User-Agent(inter)
(trojan.rules)
2820066 - ETPRO TROJAN W32/Wizz CnC SSL Cert (trojan.rules)
2820067 - ETPRO TROJAN W32/Wizz Checkin (trojan.rules)
2830987 - ETPRO TROJAN W32.Kuik Checkin (trojan.rules)
2838923 - ETPRO TROJAN JEUSD CnC Domain Observed in DNS Query
(trojan.rules)

Date:

Thursday, February 18, 2021

Summary title:

11 new OPEN, 38 new PRO (11 + 27). Wizpop, AppleJeus, Inception/CloudAtlas, CVE-2021-1732 and VARIOUS PHISHING.