Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/02/23

[***] Summary: [***]

4 new OPEN, 21 new PRO (4 + 17). VoidRay, Webshells, KRhacked CnC,
AsyncRAT, Unk.Beacon Maldoc, Raccoon Stealer, and VARIOUS PHISHING.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2031648 - ET TROJAN MSIL/Spy.Keylogger.ENJ Variant CnC Activity
(trojan.rules)
2031649 - ET TROJAN VoidRay Downloader CnC Activity (trojan.rules)
2031650 - ET WEB_SERVER DEWMODE Webshell Observed Outbound
(web_server.rules)
2031651 - ET WEB_SERVER Generic Webshell Observed Outbound
(web_server.rules)

Pro:

2847256 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh CnC Beacon
(mobile_malware.rules)
2847257 - ETPRO TROJAN Malicious Second Stage Payload Request 2021-02-23
(trojan.rules)
2847258 - ETPRO INFO Likely Evil Base64 Encoded String In URL M1
(info.rules)
2847259 - ETPRO INFO Likely Evil Base64 Encoded String In URL M2
(info.rules)
2847260 - ETPRO TROJAN KRhacked CnC Checkin (trojan.rules)
2847261 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847262 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847263 - ETPRO CURRENT_EVENTS Successful Allegro PL Phish 2020-02-23
(current_events.rules)
2847264 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2021-02-23
(current_events.rules)
2847265 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2021-02-23
(current_events.rules)
2847266 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-20 1) (trojan.rules)
2847267 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-20 2) (trojan.rules)
2847268 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-20 3) (trojan.rules)
2847269 - ETPRO TROJAN W32/Dapato.oiou Downloader CnC Activity
(trojan.rules)
2847270 - ETPRO TROJAN Unk.Beacon Maldoc CnC Activity (trojan.rules)
2847271 - ETPRO TROJAN Win32.Raccoon Stealer CnC Domain in TLS SNI
(trojan.rules)
2847272 - ETPRO TROJAN Win32.Raccoon Stealer CnC Domain in TLS SNI
(trojan.rules)

[///] Modified active rules: [///]

2031642 - ET TROJAN Observed OSX/Silver Sparrow Download Domain in TLS
SNI (trojan.rules)
2031644 - ET TROJAN Observed OSX/Silver Sparrow Download Domain in TLS
SNI (trojan.rules)

Date:
Summary title:
4 new OPEN, 21 new PRO (4 + 17). VoidRay, Webshells, KRhacked CnC, AsyncRAT, Unk.Beacon Maldoc, Raccoon Stealer, and VARIOUS PHISHING.