Daily Ruleset Update Summary 2021/02/26

[***] Summary: [***]

5 new OPEN, 25 new PRO (5 + 20). Inception/CloudAtlas, Hashicorp Consul
RCE, Gameredon Loader, TimeMachineEX CnC, Coinminers, and VARIOUS PHISHING.

Today it is Friday.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2031674 - ET TROJAN Inception Group CnC Observed in DNS Query
(ms-check-new-update .com) (trojan.rules)
2031675 - ET EXPLOIT Inbound Hashicorp Consul RCE via Services API
(exploit.rules)
2031676 - ET TROJAN Gameredon Loader Activity (trojan.rules)
2031677 - ET TROJAN Inception/CloudAtlas CnC Domain in DNS Lookup
(ms-officeupdate .com) (trojan.rules)
2031678 - ET TROJAN Inception/CloudAtlas CnC Domain in DNS Lookup
(newmsoffice .com) (trojan.rules)

Pro:

2847343 - ETPRO TROJAN Win32/Unk.Loader Retrieving Payload 2021-02-26
(trojan.rules)
2847344 - ETPRO TROJAN Observed Win32/Unk.Loader Domain in TLS SNI
(trojan.rules)
2847345 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-26 1) (trojan.rules)
2847346 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-26 2) (trojan.rules)
2847347 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-26 3) (trojan.rules)
2847348 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-26 4) (trojan.rules)
2847349 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-26 5) (trojan.rules)
2847350 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-26 6) (trojan.rules)
2847351 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-26 7) (trojan.rules)
2847352 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-26 8) (trojan.rules)
2847353 - ETPRO CURRENT_EVENTS Successful BW Bank DE Phish 2021-02-26
(current_events.rules)
2847354 - ETPRO CURRENT_EVENTS Successful Gmail Phish 2021-02-26
(current_events.rules)
2847355 - ETPRO CURRENT_EVENTS Successful Chase Phish 2021-02-26
(current_events.rules)
2847356 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2021-02-26 (current_events.rules)
2847357 - ETPRO CURRENT_EVENTS Successful Generic Webmail Session Expired
Phish 2021-02-26 (current_events.rules)
2847358 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2021-02-26 (current_events.rules)
2847359 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2021-02-26 (current_events.rules)
2847360 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-02-26
(current_events.rules)
2847361 - ETPRO TROJAN TimeMachineEX CnC Activity (trojan.rules)
2847362 - ETPRO CURRENT_EVENTS Successful Comerica Bank Phish 2021-02-26
(current_events.rules)

[---] Removed rules: [---]

2838420 - ETPRO TROJAN Inception Group CnC Observed in DNS Query
(trojan.rules)

Date:

Friday, February 26, 2021

Summary title:

5 new OPEN, 25 new PRO (5 + 20). Inception/CloudAtlas, Hashicorp Consul RCE, Gameredon Loader, TimeMachineEX CnC, Coinminers, and VARIOUS PHISHING.