Daily Ruleset Update Summary 2021/02/22

[***] Summary: [***]

4 new OPEN, 23 new PRO (4 + 19). OSX/Silver Sparrow, WRAT, AsyncRAT,
W32/Unk.Azimut, Cobalt Strike, and VARIOUS PHISHING.

Thanks to Travis Green (@401TRG)

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2031642 - ET TROJAN Observed OSX/Silver Sparrow Download Domain in TLS
SNI (trojan.rules)
2031644 - ET TROJAN Observed OSX/Silver Sparrow Download Domain in TLS
SNI (trojan.rules)
2031645 - ET TROJAN SSL/TLS Certificate Observed (WRAT) (trojan.rules)
2031646 - ET TROJAN WRAT Dropper (TLS SNI) (trojan.rules)
2031647 - ET INFO Suspicious Use of rzd URL Shortener Service (info.rules)

Pro:

2847237 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847238 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847239 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847240 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847241 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847242 - ETPRO CURRENT_EVENTS Successful Assurance Maladie Phish
2021-02-22 (current_events.rules)
2847243 - ETPRO CURRENT_EVENTS Successful Intesa Sanpaolo Phish
2021-02-22 (current_events.rules)
2847244 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2021-02-22
(current_events.rules)
2847245 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-02-22
(current_events.rules)
2847246 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2021-02-22
(current_events.rules)
2847247 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2021-02-22
(current_events.rules)
2847248 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2021-02-22
(current_events.rules)
2847249 - ETPRO TROJAN W32/Unk.Azimut CnC Host Checkin (trojan.rules)
2847250 - ETPRO TROJAN W32/Unk.Azimut CnC Activity (trojan.rules)
2847251 - ETPRO CURRENT_EVENTS Successful O2 Phish 2021-02-22
(current_events.rules)
2847252 - ETPRO CURRENT_EVENTS Successful ING Phish 2021-02-22
(current_events.rules)
2847253 - ETPRO CURRENT_EVENTS Successful ING Phish 2021-02-22
(current_events.rules)
2847254 - ETPRO CURRENT_EVENTS Successful Security Bank Corporation Phish
2021-02-22 (current_events.rules)
2847255 - ETPRO TROJAN Cobalt Strike Stager Activity (trojan.rules)

[///] Modified active rules: [///]

2836270 - ETPRO TROJAN QuasarRAT C2 Init (trojan.rules)
2839331 - ETPRO INFO Suspicious User-Agent containing Loader Observed
(info.rules)

Date:

Monday, February 22, 2021

Summary title:

4 new OPEN, 23 new PRO (4 + 19). OSX/Silver Sparrow, WRAT, AsyncRAT, W32/Unk.Azimut, Cobalt Strike, and VARIOUS PHISHING.