Daily Ruleset Update Summary 2021/02/24

[***] Summary: [***]

15 new OPEN, 42 new PRO (15 + 27). Win32.Raccoon Stealer, MINEBRIDGE,
Android/Monitor.Highster.B, DownDelph CnC, AsyncRAT, Ares Downloader, and
VARIOUS PHISHING.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2031652 - ET TROJAN Win32.Raccoon Stealer CnC Domain in TLS SNI
(simsimsalabim .top) (trojan.rules)
2031653 - ET TROJAN Win32.Raccoon Stealer CnC Domain in TLS SNI
(perfectscenario .top) (trojan.rules)
2031654 - ET TROJAN Win32.Raccoon Stealer CnC Domain in TLS SNI
(mariofart8 .top) (trojan.rules)
2031655 - ET TROJAN MINEBRIDGE CnC Domain in DNS Lookup (billionaireshore
.top) (trojan.rules)
2031656 - ET TROJAN MINEBRIDGE CnC Domain in DNS Lookup (vikingsofnorth
.top) (trojan.rules)
2031657 - ET TROJAN MINEBRIDGE CnC Domain in DNS Lookup
(realityarchitector .top) (trojan.rules)
2031658 - ET TROJAN MINEBRIDGE CnC Domain in DNS Lookup (gentlebouncer
.top) (trojan.rules)
2031659 - ET TROJAN MINEBRIDGE CnC Domain in DNS Lookup (brainassault
.top) (trojan.rules)
2031660 - ET TROJAN MINEBRIDGE CnC Domain in DNS Lookup (greatersky .top)
(trojan.rules)
2031661 - ET TROJAN MINEBRIDGE CnC Domain in DNS Lookup (unicornhub .top)
(trojan.rules)
2031662 - ET TROJAN MINEBRIDGE CnC Domain in DNS Lookup (corporatelover
.top) (trojan.rules)
2031663 - ET TROJAN MINEBRIDGE CnC Domain in DNS Lookup (bloggersglobbers
.top) (trojan.rules)
2031664 - ET TROJAN MINEBRIDGE CnC Activity (trojan.rules)
2031665 - ET TROJAN MINEBRIDGE CnC Activity (trojan.rules)
2031666 - ET TROJAN MINEBRIDGE CnC Activity (trojan.rules)

Pro:

2847273 - ETPRO MOBILE_MALWARE Android/Monitor.Highster.B Reporting
Contact List (mobile_malware.rules)
2847274 - ETPRO MOBILE_MALWARE Android/Monitor.Highster.B Reporting App
List (mobile_malware.rules)
2847275 - ETPRO MOBILE_MALWARE Android/Monitor.Highster.B Reporting
Device Info (mobile_malware.rules)
2847276 - ETPRO MOBILE_MALWARE Android/Monitor.Highster.B Checkin
(mobile_malware.rules)
2847277 - ETPRO TROJAN DownDelph CnC Activity (trojan.rules)
2847278 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847279 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2021-02-24 (current_events.rules)
2847280 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2021-02-24 (current_events.rules)
2847281 - ETPRO CURRENT_EVENTS Successful DBS iBanking Phish 2021-02-24
(current_events.rules)
2847282 - ETPRO CURRENT_EVENTS Successful Impots Gouv FR Phish 2021-02-24
(current_events.rules)
2847283 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2021-02-24 (current_events.rules)
2847284 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2021-02-24 (current_events.rules)
2847285 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2021-02-24 (current_events.rules)
2847286 - ETPRO CURRENT_EVENTS Successful Orange FR Phish 2021-02-24
(current_events.rules)
2847287 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2021-02-24 (current_events.rules)
2847288 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2021-02-24 (current_events.rules)
2847289 - ETPRO CURRENT_EVENTS Successful La Banque Postale FR Phish
2021-02-24 (current_events.rules)
2847290 - ETPRO CURRENT_EVENTS Successful Generic Banking Phish
2021-02-24 (current_events.rules)
2847291 - ETPRO CURRENT_EVENTS Successful Nubank Phish 2021-02-24
(current_events.rules)
2847292 - ETPRO CURRENT_EVENTS Successful My EE Phish 2021-02-24
(current_events.rules)
2847293 - ETPRO CURRENT_EVENTS Successful Generic Banking Phish
2021-02-24 (current_events.rules)
2847294 - ETPRO CURRENT_EVENTS Successful Citizens Bank Phish 2021-02-24
(current_events.rules)
2847295 - ETPRO CURRENT_EVENTS Successful Amazon (JP) Phish 2021-02-24
(current_events.rules)
2847296 - ETPRO CURRENT_EVENTS Successful Meridian Credit Union Phish
2021-02-24 (current_events.rules)
2847297 - ETPRO TROJAN Ares Downloader Activity (trojan.rules)
2847298 - ETPRO TROJAN Ares Activity (POST) (trojan.rules)
2847299 - ETPRO TROJAN Ares Activity (stealer) (trojan.rules)

[///] Modified active rules: [///]

2031641 - ET TROJAN Win32/LODEINFO v0.4.x CnC Checkin (trojan.rules)

Date:

Wednesday, February 24, 2021

Summary title:

15 new OPEN, 42 new PRO (15 + 27). Win32.Raccoon Stealer, MINEBRIDGE, Android/Monitor.Highster.B, DownDelph CnC, AsyncRAT, Ares Downloader, and VARIOUS PHISHING.