Daily Ruleset Update Summary 2021/02/25

[***] Summary: [***]

2 new OPEN, 45 new PRO (2 + 43). BazaBackdoor, THRALL Keylogger,
Various TA413 CnC, Cobalt Strike Stager Activity, Win32/IcedID Stage2,
Coinminers and VARIOUS PHISHING.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2031672 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
2031673 - ET TROJAN BazaBackdoor Variant CnC Activity M4 (trojan.rules)

Pro:

2847300 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847301 - ETPRO TROJAN ELF/Gafygt Variant CnC Checkin (trojan.rules)
2847302 - ETPRO TROJAN THRALL Keylogger Data Exfil via Telegram
(trojan.rules)
2847303 - ETPRO TROJAN Observed THRALL Keylogger HTTP Boundary via
Telegram (trojan.rules)
2847304 - ETPRO TROJAN THRALL Keylogger CnC Checkin (trojan.rules)
2847305 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2021-02-25 (current_events.rules)
2847306 - ETPRO CURRENT_EVENTS Successful Citibank Phish 2021-02-25
(current_events.rules)
2847307 - ETPRO CURRENT_EVENTS Successful American Express Phish
2021-02-25 (current_events.rules)
2847308 - ETPRO CURRENT_EVENTS Successful American Express Phish
2021-02-25 (current_events.rules)
2847309 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-02-25
(current_events.rules)
2847310 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-02-25
(current_events.rules)
2847311 - ETPRO CURRENT_EVENTS Successful Swiss Post Phish 2021-02-25
(current_events.rules)
2847312 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2021-02-25
(current_events.rules)
2847313 - ETPRO CURRENT_EVENTS Successful Generic Wordpress Hosted Phish
2021-02-25 (current_events.rules)
2847314 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2021-02-25 (current_events.rules)
2847315 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2021-02-25 (current_events.rules)
2847316 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2021-02-25 (current_events.rules)
2847327 - ETPRO CURRENT_EVENTS Successful Generic Webmail Session Expired
Phish 2021-02-25 (current_events.rules)
2847338 - ETPRO CURRENT_EVENTS Successful ING (NL) Phish 2021-02-25
(current_events.rules)
2847339 - ETPRO CURRENT_EVENTS Successful ING (NL) Phish 2021-02-25
(current_events.rules)
2847341 - ETPRO CURRENT_EVENTS Successful Idaho Central Credit Union
Phish 2021-02-25 (current_events.rules)
2847342 - ETPRO CURRENT_EVENTS Successful Generic Credential Phish
2021-02-25 (current_events.rules)
2847328 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2021-02-25
(current_events.rules)
2847317 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-24 1) (trojan.rules)
2847318 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-24 2) (trojan.rules)
2847319 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-24 3) (trojan.rules)
2847320 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-24 4) (trojan.rules)
2847321 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-24 5) (trojan.rules)
2847322 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-24 6) (trojan.rules)
2847323 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-24 7) (trojan.rules)
2847324 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-24 8) (trojan.rules)
2847325 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-24 9) (trojan.rules)
2847326 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-24 10) (trojan.rules)
2847329 - ETPRO TROJAN Observed Malicious SSL Cert (TA413 CnC)
(trojan.rules)
2847330 - ETPRO TROJAN Observed TA413 CnC Domain in DNS Query
(trojan.rules)
2847331 - ETPRO TROJAN Observed TA413 CnC Domain in DNS Query
(trojan.rules)
2847332 - ETPRO TROJAN Observed TA413 CnC Domain in DNS Query
(trojan.rules)
2847333 - ETPRO TROJAN Observed TA413 CnC Domain in DNS Query
(trojan.rules)
2847334 - ETPRO TROJAN Observed TA413 CnC Domain in DNS Query
(trojan.rules)
2847335 - ETPRO TROJAN Win32/IcedID Stage2 Checkin (trojan.rules)
2847336 - ETPRO TROJAN Win32/IcedID Stage2 CnC Activity (trojan.rules)
2847337 - ETPRO TROJAN Win32/Remcos RAT Checkin 680 (trojan.rules)
2847340 - ETPRO TROJAN Cobalt Strike Stager Activity (trojan.rules)

[///] Modified active rules: [///]

2816365 - ETPRO TROJAN W32.SOCKSBOT CnC Request (trojan.rules)
2846703 - ETPRO TROJAN Win32/CopperStealer CnC Activity M3 (trojan.rules)

Date:

Thursday, February 25, 2021

Summary title:

2 new OPEN, 45 new PRO (2 + 43). BazaBackdoor, THRALL Keylogger, Various TA413 CnC, Cobalt Strike Stager Activity, Win32/IcedID Stage2, Coinminers and VARIOUS PHISHING.