Daily Ruleset Update Summary 2021/02/19

[***] Summary: [***]

12 new OPEN, 27 new PRO (12 + 15). AppleJeus, NukeSped, Radmin, and
VARIOUS PHISHING

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2031630 - ET TROJAN AppleJeus - Kupay Wallet CnC Domain in DNS Lookup
(kupaywallet .com) (trojan.rules)
2031631 - ET TROJAN AppleJeus - Kupay Wallet CnC Domain in DNS Lookup
(levelframeblog .com) (trojan.rules)
2031632 - ET TROJAN AppleJeus - Kupay Wallet CnC Activity (trojan.rules)
2031633 - ET TROJAN AppleJeus - CoinGoTrade CnC Domain in DNS Lookup
(coingotrade .com) (trojan.rules)
2031634 - ET TROJAN OSX/NukeSped Variant CnC Domain in DNS Lookup
(airbseeker .com) (trojan.rules)
2031635 - ET TROJAN OSX/NukeSped Variant CnC Domain in DNS Lookup
(globalkeystroke .com) (trojan.rules)
2031636 - ET TROJAN OSX/NukeSped Variant CnC Domain in DNS Lookup
(woodmate .it) (trojan.rules)
2031637 - ET TROJAN OSX/NukeSped Variant CnC Activity (trojan.rules)
2031638 - ET TROJAN AppleJeus - Dorusio CnC Domain in DNS Lookup (dorusio
.com) (trojan.rules)
2031639 - ET TROJAN AppleJeus - Ants2Whale CnC Domain in DNS Lookup
(ants2whale .com) (trojan.rules)
2031640 - ET TROJAN AppleJeus - Ants2Whale CnC Domain in DNS Lookup
(qnalytica .com) (trojan.rules)
2031641 - ET TROJAN Win32/LODEINFO v0.4.6 CnC Checkin (trojan.rules)

Pro:

2847222 - ETPRO TROJAN Malicious Second Stage Payload Inbound 2021-02-19
(trojan.rules)
2847223 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-19 1) (trojan.rules)
2847224 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-19 2) (trojan.rules)
2847225 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-19 3) (trojan.rules)
2847226 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-02-19
(current_events.rules)
2847227 - ETPRO CURRENT_EVENTS Successful Discover Phish 2021-02-19
(current_events.rules)
2847228 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-02-19
(current_events.rules)
2847229 - ETPRO CURRENT_EVENTS Successful Discover Phish 2021-02-19
(current_events.rules)
2847230 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2021-02-19 (current_events.rules)
2847231 - ETPRO CURRENT_EVENTS Successful CashApp Phish 2021-02-19
(current_events.rules)
2847232 - ETPRO CURRENT_EVENTS Successful Xfinity Comcast Phish 2021-02-19
(current_events.rules)
2847233 - ETPRO TROJAN Unk.W32/Radmin CnC Activity M1 (trojan.rules)
2847234 - ETPRO TROJAN Unk.W32/Radmin CnC Activity M2 (trojan.rules)
2847235 - ETPRO TROJAN Unk.W32/Downloader CnC Initial Host Checkin
(trojan.rules)
2847236 - ETPRO TROJAN Win32/Remcos RAT Checkin 679 (trojan.rules)

[///] Modified active rules: [///]

2030053 - ET TROJAN Win32/IcedID Requesting Encoded Binary M4
(trojan.rules)
2031627 - ET TROJAN AppleJeus - Union Crypto CnC Activity (trojan.rules)

Date:

Friday, February 19, 2021

Summary title:

12 new OPEN, 27 new PRO (12 + 15). AppleJeus, NukeSped, Radmin, and VARIOUS PHISHING Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback