Daily Ruleset Update Summary 2021/03/15

Daily Ruleset Update Summary

[***] Summary: [***]

10 new OPEN, 48 new PRO (10 + 38). Jasmin Ransomware, Racoon Stealer,
CVE-2021-21978, Gootloader, Various PHISH.

Thanks: Kevin Ross, @c3rb3ru5d3d53c

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2032004 - ET TROJAN Project Plague CnC Activity (trojan.rules)
2032005 - ET WEB_SERVER Generic Mailer Accessed on Internal Compromised
Server (web_server.rules)
2032006 - ET WEB_CLIENT Generic Mailer Accessed on External Compromised
Server (web_client.rules)
2032007 - ET CURRENT_EVENTS OneDrive Phishing Landing 2021-03-15
(current_events.rules)
2032008 - ET EXPLOIT VMWare View Planner RCE (CVE-2021-21978) Attempt M2
(exploit.rules)
2032009 - ET EXPLOIT VMWare View Planner RCE (CVE-2021-21978) Attempt M1
(exploit.rules)
2032010 - ET TROJAN Jasmin Ransomware C2 Checkin (trojan.rules)
2032011 - ET TROJAN Win32.Raccoon Stealer CnC Domain in TLS SNI
(youaresoslow .top) (trojan.rules)
2032012 - ET CURRENT_EVENTS Phishing Landing via Tripod.com (set)
2016-03-31 (current_events.rules)
2032013 - ET CURRENT_EVENTS Phishing Landing via Tripod.com Mar 31 M3
(current_events.rules)

Pro:

2847583 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847584 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847585 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847586 - ETPRO TROJAN Observed Malicious SSL Cert (OrcusRAT)
(trojan.rules)
2847587 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847588 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847589 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-13 1) (trojan.rules)
2847590 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-13 2) (trojan.rules)
2847591 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-13 3) (trojan.rules)
2847592 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-13 4) (trojan.rules)
2847593 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-13 5) (trojan.rules)
2847594 - ETPRO CURRENT_EVENTS Successful Jaccs JP Phish 2021-03-15
(current_events.rules)
2847595 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2021-03-15 (current_events.rules)
2847596 - ETPRO CURRENT_EVENTS Successful Blockchain Phish 2021-03-15
(current_events.rules)
2847597 - ETPRO CURRENT_EVENTS Successful Whatsapp Phish 2021-03-15
(current_events.rules)
2847598 - ETPRO CURRENT_EVENTS Successful OLX PL Phish 2021-03-15
(current_events.rules)
2847599 - ETPRO CURRENT_EVENTS Successful Blockchain Phish 2021-03-15
(current_events.rules)
2847600 - ETPRO CURRENT_EVENTS Successful Generic Verify Account Phish
2021-03-15 (current_events.rules)
2847601 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
2021-03-15 (current_events.rules)
2847602 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2021-03-15 (current_events.rules)
2847603 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2021-03-15 (current_events.rules)
2847604 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-15 1) (trojan.rules)
2847605 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-15 2) (trojan.rules)
2847606 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-15 3) (trojan.rules)
2847607 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-15 4) (trojan.rules)
2847608 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-15 5) (trojan.rules)
2847609 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-15 6) (trojan.rules)
2847610 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-15 7) (trojan.rules)
2847611 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-15 8) (trojan.rules)
2847612 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2021-03-15
(current_events.rules)
2847613 - ETPRO CURRENT_EVENTS Possible Successful Phishing - Credentials
Sent via AJAX in JSON Blob (current_events.rules)
2847614 - ETPRO TROJAN VBS/Bolt Variant CnC Activity (trojan.rules)
2847615 - ETPRO TROJAN Win32/Spy.Agent.PTQ Variant CnC Activity
(trojan.rules)
2847616 - ETPRO TROJAN Win32/TrojanDownloader.Sednit.CBV Variant CnC
Activity (trojan.rules)
2847617 - ETPRO TROJAN Win32/Remcos RAT Checkin 691 (trojan.rules)
2847618 - ETPRO TROJAN Observed AZORult CnC Domain in TLS SNI
(trojan.rules)
2847619 - ETPRO CURRENT_EVENTS Successful Axis Bank Phish 2021-03-15
(current_events.rules)
2847620 - ETPRO TROJAN GootLoader Activity (trojan.rules)

[///] Modified active rules: [///]

2824244 - ETPRO TROJAN Observed Malicious SSL Certificate (Orcus RAT)
(trojan.rules)

[---] Removed rules: [---]

2816849 - ETPRO CURRENT_EVENTS Phishing Landing via Tripod.com (set)
2016-03-31 (current_events.rules)
2816852 - ETPRO CURRENT_EVENTS Phishing Landing via Tripod.com Mar 31 M3
(current_events.rules)
2843590 - ETPRO TROJAN MSIL/Agent.QUI Variant CnC Activity (trojan.rules)

Date:

Monday, March 15, 2021

Summary title:

10 new OPEN, 48 new PRO (10 + 38). Jasmin Ransomware, Racoon Stealer, CVE-2021-21978, Gootloader, Various PHISH.