Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/03/03

[***] Summary: [***]

57 new OPEN, 74 new PRO (57 + 17). Raccoon Stealer, Cobalt Strike,
CVE, AsyncRAT, Various Phish.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2031749 - ET CURRENT_EVENTS Possible Successful Docusign Phish
2015-07-27 (current_events.rules)
2031750 - ET CURRENT_EVENTS Successful Phish Fake Document Loading
Error 2015-07-27 (current_events.rules)
2031751 - ET CURRENT_EVENTS Possible Successful Google Drive Phish
M1 2015-07-28 (current_events.rules)
2031752 - ET CURRENT_EVENTS Possible Successful Google Drive Phish
2015-07-28 (current_events.rules)
2031753 - ET CURRENT_EVENTS Possible Successful Fedex Phish
2015-07-28 (current_events.rules)
2031754 - ET CURRENT_EVENTS Possible Successful Apple Phish
2015-07-30 (current_events.rules)
2031755 - ET CURRENT_EVENTS Possible Successful Apple Phish
2015-07-31 (current_events.rules)
2031756 - ET CURRENT_EVENTS Possible Successful Generic Phish
2015-07-31 (current_events.rules)
2031757 - ET CURRENT_EVENTS Possible Successful AirCanada Phish
2015-08-06 (current_events.rules)
2031758 - ET CURRENT_EVENTS Successful Email Credential Phish
2015-08-12 (current_events.rules)
2031759 - ET CURRENT_EVENTS Successful Canada Revenue Agency Phish
2015-08-18 (current_events.rules)
2031760 - ET CURRENT_EVENTS Successful Canada Revenue Agency Phish
2015-08-18 (current_events.rules)
2031762 - ET CURRENT_EVENTS Successful Amazon Account Phish
2015-08-21 (current_events.rules)
2031763 - ET CURRENT_EVENTS Successful Amazon Account Phish
2015-08-21 (current_events.rules)
2031764 - ET CURRENT_EVENTS Successful Adobe Online Account Phish
2015-08-21 (current_events.rules)
2031765 - ET CURRENT_EVENTS Successful BBVA Compass Account Phish
2015-08-21 (current_events.rules)
2031766 - ET CURRENT_EVENTS Successful Carribean International Bank
Account Phish 2015-08-25 (current_events.rules)
2031767 - ET CURRENT_EVENTS Successful Adobe Phish 2015-08-31
(current_events.rules)
2031768 - ET CURRENT_EVENTS Successful Account Update Phish
2015-09-01 (current_events.rules)
2031769 - ET CURRENT_EVENTS Successful EDF Account Phish 2015-09-01
(current_events.rules)
2031770 - ET CURRENT_EVENTS Successful Amazon Phish 2015-09-22
(current_events.rules)
2031771 - ET CURRENT_EVENTS Successful Chase Phish 2015-09-24
(current_events.rules)
2031772 - ET CURRENT_EVENTS Successful Chase Phish 2015-09-24
(current_events.rules)
2031773 - ET CURRENT_EVENTS Successful Chase Phish 2015-09-24
(current_events.rules)
2031774 - ET CURRENT_EVENTS Successful Adobe Online Phish 2015-09-30
(current_events.rules)
2031775 - ET CURRENT_EVENTS Successful Bank of America Phish M2
2015-10-02 (current_events.rules)
2031776 - ET CURRENT_EVENTS Successful Yahoo Credential Phish
2015-10-03 (current_events.rules)
2031777 - ET CURRENT_EVENTS Successful Alibaba Credential Phish
2015-10-05 (current_events.rules)
2031778 - ET CURRENT_EVENTS Successful Blackboard Account Phish
2015-10-08 (current_events.rules)
2031779 - ET CURRENT_EVENTS Successful AOL Phish 2015-10-09
(current_events.rules)
2031780 - ET CURRENT_EVENTS Successful Apple Phish 2015-10-23
(current_events.rules)
2031781 - ET CURRENT_EVENTS Successful Bank of America Phish
2015-10-29 (current_events.rules)
2031782 - ET CURRENT_EVENTS Successful Paypal Phish 2015-10-29
(current_events.rules)
2031783 - ET CURRENT_EVENTS Successful Bank of Scotland Phish M1
2015-11-05 (current_events.rules)
2031784 - ET CURRENT_EVENTS Successful Amazon Phish 2015-11-07
(current_events.rules)
2031785 - ET INFO Data Submitted to Weebly.com - Possible Phishing
(info.rules)
2031786 - ET CURRENT_EVENTS Weebly Phishing Landing Observed
2015-11-10 (current_events.rules)
2031787 - ET CURRENT_EVENTS Google Drive Phishing Landing 2015-11-17
(current_events.rules)
2031788 - ET CURRENT_EVENTS Successful Adobe Shared Document
Phishing 2015-11-20 (current_events.rules)
2031789 - ET CURRENT_EVENTS Successful Bank of America Phish
2015-11-21 (current_events.rules)
2031790 - ET CURRENT_EVENTS Successful SFR Phishing 2015-11-24
(current_events.rules)
2031791 - ET WEB_CLIENT Anonisma Phishing CSS 2015-12-01 (web_client.rules)
2031792 - ET CURRENT_EVENTS Successful Apple Phish M1 2015-12-02
(current_events.rules)
2031793 - ET CURRENT_EVENTS Successful iCloud Phish 2015-12-02
(current_events.rules)
2031794 - ET CURRENT_EVENTS Successful Wildblue/CenturyLink Phish
2015-12-08 (current_events.rules)
2031795 - ET CURRENT_EVENTS Successful Paypal Phish 2015-12-05
(current_events.rules)
2031796 - ET CURRENT_EVENTS Successful Google Docs Phish 2015-12-09
(current_events.rules)
2031797 - ET CURRENT_EVENTS Successful Dropbox Phish 2015-12-10
(current_events.rules)
2031798 - ET CURRENT_EVENTS Successful Chase Phish 2015-12-22
(current_events.rules)
2031799 - ET CURRENT_EVENTS Successful Paypal Phish 2015-12-24 M1
(current_events.rules)
2031800 - ET WEB_CLIENT Anonisma Phishing CSS 2015-12-29 (web_client.rules)
2031801 - ET CURRENT_EVENTS Successful Anonisma Paypal Phish
2015-12-29 (current_events.rules)
2031802 - ET CURRENT_EVENTS Successful PHOEN!X Apple Phish M2
2015-12-29 (current_events.rules)
2031803 - ET INFO Hidden embedded HTML Document (info.rules)
2031804 - ET EXPLOIT DNS Change Attempt (Unknown Device) (exploit.rules)
2031805 - ET TROJAN Win32.Raccoon Stealer CnC Domain in TLS SNI (trojan.rules)
2031806 - ET TROJAN Cobalt Strike CnC Activity (trojan.rules)

Pro:

2812833 - ETPRO CURRENT_EVENTS Successful Google Drive Phish
2020-09-01 (current_events.rules)
2847424 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2847425 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2847426 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish
2021-03-03 (current_events.rules)
2847427 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-03 1) (trojan.rules)
2847428 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-03 2) (trojan.rules)
2847429 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-03 3) (trojan.rules)
2847430 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-03 4) (trojan.rules)
2847431 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2021-03-03 (current_events.rules)
2847432 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-03-03
(current_events.rules)
2847433 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-03-03
(current_events.rules)
2847434 - ETPRO CURRENT_EVENTS Successful Generic DarkX Phish
2021-03-03 (current_events.rules)
2847435 - ETPRO CURRENT_EVENTS Successful UOL SAC Phish 2021-03-03
(current_events.rules)
2847436 - ETPRO CURRENT_EVENTS Successful UOL SAC Phish 2021-03-03
(current_events.rules)
2847437 - ETPRO CURRENT_EVENTS Successful BNP Paribas Phish
2021-03-03 (current_events.rules)
2847438 - ETPRO EXPLOIT Windows DirectWrite Heap-Based Buffer
Overflow Inbound (CVE-2021-24093) (exploit.rules)
2847439 - ETPRO TROJAN Suspected Cobalt Strike Stager DNS Activity
(trojan.rules)

[///] Modified active rules: [///]

2023467 - ET EXPLOIT COMTREND ADSL Router CT-5367 Remote DNS Change
Attempt (exploit.rules)
2842557 - ETPRO TROJAN Win32/TrojanDownloader.Banload.ZIK Variant
CnC Activity (trojan.rules)
2846889 - ETPRO CURRENT_EVENTS Successful Generic Multibrand Phish
2021-02-02 (current_events.rules)
2847420 - ETPRO EXPLOIT Microsoft Exchange - Possible RCE with
WebShell Inbound M2 (CVE-2021-26857) (exploit.rules)

[---] Disabled rules: [---]

2815464 - ETPRO WEB_CLIENT Phishing Kit KeNiHaCk Observed (web_client.rules)

Date:
Summary title:
57 new OPEN, 74 new PRO (57 + 17). Raccoon Stealer, Cobalt Strike, CVE, AsyncRAT, Various Phish.