Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/03/02

[***] Summary: [***]

64 new OPEN, 89 new PRO (64 + 25). Ursnif, Echmark, AsyncRAT,
OrcusRAT, Various Phish.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2031685 - ET CURRENT_EVENTS Successful Outlook Webmail Account Phish
2015-09-02 (current_events.rules)
2031686 - ET CURRENT_EVENTS Successful Bank of America Phish
2015-10-02 (current_events.rules)
2031687 - ET CURRENT_EVENTS Successful Paypal Account Phish
2015-10-16 (current_events.rules)
2031688 - ET CURRENT_EVENTS Yahoo Account Phish Landing 2015-10-23
(current_events.rules)
2031689 - ET CURRENT_EVENTS Successful Zimbra Phish 2015-11-03
(current_events.rules)
2031690 - ET CURRENT_EVENTS Outlook WebApp Phish Landing 2015-11-05
(current_events.rules)
2031691 - ET CURRENT_EVENTS Outlook WebApp Phish Landing 2015-11-05
(current_events.rules)
2031692 - ET CURRENT_EVENTS Excel Online Phish Landing 2015-12-08
(current_events.rules)
2031693 - ET CURRENT_EVENTS PHOEN!X Apple Phish Landing Page
2015-12-29 (current_events.rules)
2031694 - ET WEB_CLIENT PHOEN!X Phish Loading Page 2015-12-29
(web_client.rules)
2031695 - ET CURRENT_EVENTS Base64 HTTP URL Refresh - Common Phish
Landing Obfuscation 2016-01-01 (current_events.rules)
2031696 - ET CURRENT_EVENTS Fake Webmail Account Phishing Landing
2015-09-10 (current_events.rules)
2031697 - ET WEB_CLIENT Phishing Fake Document Loading Error
2015-10-01 (web_client.rules)
2031698 - ET CURRENT_EVENTS Obfuscated Phishing Landing 2015-11-05
(current_events.rules)
2031699 - ET CURRENT_EVENTS Metro Document Phishing Landing
2015-11-17 (current_events.rules)
2031700 - ET CURRENT_EVENTS Wire Transfer Phishing Landing
2015-11-19 (current_events.rules)
2031701 - ET CURRENT_EVENTS Google Drive Phishing Landing 2015-11-20
(current_events.rules)
2031702 - ET CURRENT_EVENTS Outlook Webmail Phishing Landing
2015-11-21 (current_events.rules)
2031703 - ET CURRENT_EVENTS Successful Outlook Webmail Phishing
2015-11-21 (current_events.rules)
2031704 - ET CURRENT_EVENTS cPanel Phishing Landing 2015-12-01
(current_events.rules)
2031705 - ET CURRENT_EVENTS Anonisma Phishing Landing 2015-12-01
(current_events.rules)
2031706 - ET WEB_CLIENT Anonisma Paypal Phishing Loading Page
2015-12-29 (web_client.rules)
2031707 - ET CURRENT_EVENTS Possible Google Drive Phishing Landing
2015-07-13 (current_events.rules)
2031708 - ET CURRENT_EVENTS Apple Phishing Landing 2015-07-27
(current_events.rules)
2031709 - ET CURRENT_EVENTS Possible Successful Apple Phish
2015-07-27 (current_events.rules)
2031710 - ET CURRENT_EVENTS Possible Successful Apple Phish
2015-07-27 (current_events.rules)
2031711 - ET CURRENT_EVENTS Possible Successful Apple Phish
2015-07-27 (current_events.rules)
2031712 - ET CURRENT_EVENTS Google Drive Phishing Landing 2015-07-28
(current_events.rules)
2031713 - ET CURRENT_EVENTS Google Drive Phishing Landing 2015-07-28
(current_events.rules)
2031714 - ET CURRENT_EVENTS Possible Fedex Phishing Landing
2015-07-28 (current_events.rules)
2031715 - ET CURRENT_EVENTS Possible Apple Store Phish Landing
2015-07-30 (current_events.rules)
2031716 - ET CURRENT_EVENTS Possible Apple Store Phish Landing
2015-07-30 (current_events.rules)
2031717 - ET CURRENT_EVENTS Possible Apple Store Phish Landing
2015-07-30 (current_events.rules)
2031718 - ET CURRENT_EVENTS Possible Apple Store Phish Landing
2015-07-30 (current_events.rules)
2031719 - ET CURRENT_EVENTS Successful Generic Credential Phish -
Loading Messages 2015-08-12 (current_events.rules)
2031720 - ET CURRENT_EVENTS Successful Survey Credential Phish
2015-08-12 (current_events.rules)
2031721 - ET CURRENT_EVENTS Cloud Drive Phish Landing 2015-08-12
(current_events.rules)
2031722 - ET CURRENT_EVENTS Mailbox Renewal Phish Landing 2015-08-14
(current_events.rules)
2031723 - ET CURRENT_EVENTS Apple ID Phishing Landing 2015-08-19
(current_events.rules)
2031724 - ET CURRENT_EVENTS Successful Commonwealth Bank Phish Fake
Error Page 2015-08-20 (current_events.rules)
2031725 - ET CURRENT_EVENTS Horde Webmail Phishing Landing
2015-08-21 (current_events.rules)
2031726 - ET CURRENT_EVENTS Successful Horde Webmail Phish
2015-08-21 (current_events.rules)
2031727 - ET CURRENT_EVENTS Successful Fake Webmail Quota Phish
2015-09-10 (current_events.rules)
2031728 - ET CURRENT_EVENTS DHL Phish Landing Page 2015-10-17
(current_events.rules)
2031729 - ET CURRENT_EVENTS Successful Battle.net Phish 2015-09-22
(current_events.rules)
2031730 - ET CURRENT_EVENTS Successful Vmware/Zimbra Phish
2015-09-28 (current_events.rules)
2031731 - ET CURRENT_EVENTS Successful Outlook Web App Phish
2015-10-15 (current_events.rules)
2031732 - ET CURRENT_EVENTS Successful Paypal Phish 2015-10-28
(current_events.rules)
2031733 - ET CURRENT_EVENTS Successful Paypal Phish 2015-10-28 3
(current_events.rules)
2031734 - ET CURRENT_EVENTS Successful Paypal Phish 2015-11-03 M3
(current_events.rules)
2031735 - ET CURRENT_EVENTS Successful Paypal Phish 2015-11-03 M4
(current_events.rules)
2031736 - ET CURRENT_EVENTS Google Drive Phishing Landing 2015-11-06
(current_events.rules)
2031737 - ET CURRENT_EVENTS Adobe Shared Document Phish Landing
2015-11-14 (current_events.rules)
2031738 - ET CURRENT_EVENTS Successful Adobe Shared Document Phish
2015-11-14 (current_events.rules)
2031739 - ET CURRENT_EVENTS DHL Phish Landing 2015-11-14
(current_events.rules)
2031740 - ET CURRENT_EVENTS Apple Account Phishing Landing
2015-11-18 (current_events.rules)
2031741 - ET CURRENT_EVENTS Anonisma AES Crypto Observed in
Javascript - Possible Phishing Landing 2015-12-29
(current_events.rules)
2031742 - ET CURRENT_EVENTS Successful Battle.net Phish 2015-09-22
(current_events.rules)
2031743 - ET TROJAN Ursnif Payload Request (cook32.rar) (trojan.rules)
2031744 - ET TROJAN Ursnif Payload Request (cook64.rar) (trojan.rules)
2031745 - ET TROJAN Ursnif Payload Request (grab32.rar) (trojan.rules)
2031746 - ET TROJAN Ursnif Payload Request (grab64.rar) (trojan.rules)
2031747 - ET INFO Observed Interesting Content-Type Inbound
(application/x-sh) (info.rules)
2031748 - ET TROJAN W32/Echmark CnC Activity M2 (trojan.rules)

Pro:

2847393 - ETPRO CURRENT_EVENTS Successful Hulu Phish 2020-04-14
(current_events.rules)
2847394 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2847395 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2847396 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2847397 - ETPRO TROJAN Observed Malicious SSL Cert (OrcusRAT) (trojan.rules)
2847398 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2021-03-02 (current_events.rules)
2847399 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2021-03-02 (current_events.rules)
2847400 - ETPRO CURRENT_EVENTS Successful ING Phish 2021-03-02
(current_events.rules)
2847401 - ETPRO CURRENT_EVENTS Successful Huntington Bank Phish
2021-03-02 (current_events.rules)
2847402 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2021-03-02 (current_events.rules)
2847403 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2021-03-02 (current_events.rules)
2847404 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2021-03-02
(current_events.rules)
2847405 - ETPRO CURRENT_EVENTS Successful Docusign Phish 2021-03-02
(current_events.rules)
2847406 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2021-03-02
(current_events.rules)
2847407 - ETPRO CURRENT_EVENTS Successful Telekom / Tmobile Phish
2021-03-02 (current_events.rules)
2847408 - ETPRO CURRENT_EVENTS Successful My HKT Phish 2021-03-02
(current_events.rules)
2847409 - ETPRO CURRENT_EVENTS Successful Generic Cloud Documents
Phish 2021-03-02 (current_events.rules)
2847410 - ETPRO CURRENT_EVENTS Successful Chase Phish 2021-03-02
(current_events.rules)
2847411 - ETPRO CURRENT_EVENTS Successful Orange FR Phish 2021-03-02
(current_events.rules)
2847412 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-02 1) (trojan.rules)
2847413 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-02 2) (trojan.rules)
2847414 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-02 3) (trojan.rules)
2847415 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-02 4) (trojan.rules)
2847416 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-02 5) (trojan.rules)
2847417 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-02 6) (trojan.rules)

[///] Modified active rules: [///]

2838632 - ETPRO CURRENT_EVENTS Possible Malicious SSL Cert -
Commonly Abused FileHosting (MalDoc DL 2019-09-30 2)
(current_events.rules)

[---] Disabled and modified rules: [---]

2842015 - ETPRO CURRENT_EVENTS Successful Hulu Phish 2020-04-14
(current_events.rules)

Date:
Summary title:
64 new OPEN, 89 new PRO (64 + 25). Ursnif, Echmark, AsyncRAT, OrcusRAT, Various Phish.