Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/03/01

[***] Summary: [***]

6 new OPEN, 36 new PRO (6 + 30). OceanLotus, AsyncRAT, Ursnif, Remcos,
Various Phish.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2031679 - ET WEB_SERVER Generic Mailer Accessed on Internal
Compromised Server (web_server.rules)
2031680 - ET WEB_CLIENT Generic Mailer Accessed on External
Compromised Server (web_client.rules)
2031681 - ET WEB_SERVER Generic Uploader Accessed on Internal
Compromised Server (web_server.rules)
2031682 - ET WEB_CLIENT Generic Uploader Accessed on External
Compromised Server (web_client.rules)
2031683 - ET TROJAN Suspected APT32/OceanLotus Activity (trojan.rules)
2031684 - ET USER_AGENTS Suspicious User-Agent (Collection Info)
(user_agents.rules)

Pro:

2847363 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2847364 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2847365 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2847366 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2847367 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2847368 - ETPRO TROJAN Ursnif Variant CnC Beacon 13 (trojan.rules)
2847369 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-27 1) (trojan.rules)
2847370 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-27 2) (trojan.rules)
2847371 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-27 3) (trojan.rules)
2847372 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-27 4) (trojan.rules)
2847373 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-01 1) (trojan.rules)
2847374 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-01 2) (trojan.rules)
2847375 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-01 3) (trojan.rules)
2847376 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-01 4) (trojan.rules)
2847377 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-01 5) (trojan.rules)
2847378 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-01 6) (trojan.rules)
2847379 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-01 7) (trojan.rules)
2847380 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-01 8) (trojan.rules)
2847381 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-01 9) (trojan.rules)
2847382 - ETPRO CURRENT_EVENTS Successful Intesa Sanpaolo Phish
2021-03-01 (current_events.rules)
2847383 - ETPRO CURRENT_EVENTS Successful Banco del Pacifico Phish
2021-03-01 (current_events.rules)
2847384 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2021-03-01 (current_events.rules)
2847385 - ETPRO CURRENT_EVENTS Successful DBS iBanking Phish
2021-03-01 (current_events.rules)
2847386 - ETPRO CURRENT_EVENTS Successful Amazon JP Phish 2021-03-01
(current_events.rules)
2847387 - ETPRO CURRENT_EVENTS Successful Generic Account Validation
Phish 2021-03-01 (current_events.rules)
2847388 - ETPRO TROJAN Generic Multipart HTTP POST Zip to
000webhostapp (trojan.rules)
2847389 - ETPRO TROJAN MSIL/TrojanDownloader.Agent.HLU Variant CnC
Activity (trojan.rules)
2847390 - ETPRO TROJAN Win32/Remcos RAT Checkin 681 (trojan.rules)
2847391 - ETPRO TROJAN Win32.Raccoon Stealer CnC Domain in TLS SNI
(trojan.rules)
2847392 - ETPRO TROJAN DoNot Group Activity (trojan.rules)

Date:
Summary title:
6 new OPEN, 36 new PRO (6 + 30). OceanLotus, AsyncRAT, Ursnif, Remcos, Various Phish.