Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/03/22

[***] Summary: [***]

49 new OPEN, 75 new PRO (49 + 26) MALWARECAT, Android GolfSpy, JsoutProx
Activity, chMiner/RAT and VARIOUS PHISH.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2032227 - ET CURRENT_EVENTS Successful Adobe Phish 2016-04-29
(current_events.rules)
2032228 - ET CURRENT_EVENTS Successful Adobe Shared Document Phish
2016-05-04 (current_events.rules)
2032229 - ET CURRENT_EVENTS Successful Adobe Phish M1 2016-07-11
(current_events.rules)
2032230 - ET CURRENT_EVENTS Successful AOL Phish M1 2016-07-14
(current_events.rules)
2032231 - ET CURRENT_EVENTS Successful AOL Phish M1 2016-07-14
(current_events.rules)
2032232 - ET CURRENT_EVENTS Successful AOL Phish M3 2016-07-14
(current_events.rules)
2032233 - ET CURRENT_EVENTS Successful Adobe Phish 2016-07-21
(current_events.rules)
2032234 - ET CURRENT_EVENTS Successful Adobe Shared Document Phish
2016-08-10 (current_events.rules)
2032235 - ET CURRENT_EVENTS Successful Adobe Shared Document Phish
2016-08-26 (current_events.rules)
2032236 - ET CURRENT_EVENTS Successful Apple Store Transaction
Cancellation Phish 2016-08-30 (current_events.rules)
2032237 - ET CURRENT_EVENTS Successful Generic Epass Phish 2016-09-01
(current_events.rules)
2032238 - ET CURRENT_EVENTS Successful Account Update Phish 2016-09-06
(current_events.rules)
2032239 - ET CURRENT_EVENTS Successful Apple Phish M1 2016-09-14
(current_events.rules)
2032240 - ET CURRENT_EVENTS Successful Apple Phish M2 2016-09-14
(current_events.rules)
2032241 - ET CURRENT_EVENTS Successful Apple Phish M3 2016-09-14
(current_events.rules)
2032242 - ET CURRENT_EVENTS Successful Adobe Phish 2016-09-14
(current_events.rules)
2032243 - ET CURRENT_EVENTS Successful Personalized Phish 2016-09-14
(current_events.rules)
2032244 - ET CURRENT_EVENTS Possible Successful Phish - Generic Form Names
2016-09-16 (current_events.rules)
2032245 - ET CURRENT_EVENTS Successful Alibaba Phish 2016-09-28
(current_events.rules)
2032246 - ET CURRENT_EVENTS Successful Adobe Shared Document Phish
2016-09-29 (current_events.rules)
2032247 - ET CURRENT_EVENTS Successful Alibaba Phish 2016-09-29
(current_events.rules)
2032248 - ET CURRENT_EVENTS Successful Apple Phish M3 2016-09-29
(current_events.rules)
2032249 - ET CURRENT_EVENTS Successful Apple ID Phish M1 2016-10-04
(current_events.rules)
2032250 - ET CURRENT_EVENTS Successful Apple Phish 2016-10-05
(current_events.rules)
2032251 - ET CURRENT_EVENTS Successful Amazon Phish M2 2016-10-05
(current_events.rules)
2032252 - ET CURRENT_EVENTS Successful Apple Phish M1 2016-10-07
(current_events.rules)
2032253 - ET CURRENT_EVENTS Successful Apple Phish M2 2016-10-07
(current_events.rules)
2032254 - ET CURRENT_EVENTS Successful Amazon (UK) Phish 2016-10-17
(current_events.rules)
2032255 - ET CURRENT_EVENTS Successful Alibaba Phish 2016-10-18
(current_events.rules)
2032256 - ET CURRENT_EVENTS Successful Alibaba Phish 2016-10-26
(current_events.rules)
2032257 - ET CURRENT_EVENTS Successful ABSA Phish 2016-10-26
(current_events.rules)
2032258 - ET CURRENT_EVENTS Successful Ameli.fr Phish M1 2016-10-26
(current_events.rules)
2032259 - ET CURRENT_EVENTS Successful Ameli.fr Phish M2 Oct 26 2016-10-26
(current_events.rules)
2032260 - ET CURRENT_EVENTS Successful Alibaba Phish 2016-10-28
(current_events.rules)
2032261 - ET CURRENT_EVENTS Successful Apple Phish Oct 31 2016
(current_events.rules)
2032262 - ET CURRENT_EVENTS Successful Adobe Shared Document Phish
2016-11-15 (current_events.rules)
2032263 - ET CURRENT_EVENTS Successful Generic Webmail Phish M1 2016-11-18
(current_events.rules)
2032264 - ET CURRENT_EVENTS Successful Alibaba Phish 2016-12-20
(current_events.rules)
2032265 - ET CURRENT_EVENTS Successful Apple Store Phish M1 2016-12-29
(current_events.rules)
2032266 - ET CURRENT_EVENTS Successful Apple Store Phish M2 2016-12-29
(current_events.rules)
2032267 - ET CURRENT_EVENTS Successful Apple Store Phish M3 2016-12-29
(current_events.rules)
2032268 - ET CURRENT_EVENTS Successful Apple Store Phish M4 2016-12-29
(current_events.rules)
2032270 - ET MOBILE_MALWARE Android GolfSpy (services4me .net in TLS SNI)
(mobile_malware.rules)
2032271 - ET TROJAN Win32/MALWARECAT Exfil via SMTP (trojan.rules)
2032272 - ET TROJAN Win32.Raccoon Stealer CnC Domain in TLS SNI
(habbybearshop .top) (trojan.rules)
2032273 - ET TROJAN Win32.Raccoon Stealer CnC Domain in TLS SNI
(youcanfindmeonthe .top) (trojan.rules)
2032274 - ET TROJAN Cobalt Strike Beacon Activity (trojan.rules)
2032275 - ET TROJAN Kimsuky Maldoc Activity (trojan.rules)
2032276 - ET TROJAN Observed Malicious SSL Cert (chMiner/RAT)
(trojan.rules)

Pro:

2847713 - ETPRO TROJAN AsyncRAT Style CnC Server SSL Cert (trojan.rules)
2847714 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-20 1) (trojan.rules)
2847715 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-20 2) (trojan.rules)
2847716 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-20 3) (trojan.rules)
2847717 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-20 4) (trojan.rules)
2847718 - ETPRO CURRENT_EVENTS Successful OLX Phish 2021-03-22
(current_events.rules)
2847719 - ETPRO CURRENT_EVENTS Successful Apple Phish 2021-03-22
(current_events.rules)
2847720 - ETPRO CURRENT_EVENTS Successful Apple Phish 2021-03-22
(current_events.rules)
2847721 - ETPRO CURRENT_EVENTS Successful Global Sources Phish 2021-03-22
(current_events.rules)
2847722 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2021-03-22
(current_events.rules)
2847723 - ETPRO CURRENT_EVENTS Successful Twitter Phish 2021-03-22
(current_events.rules)
2847724 - ETPRO CURRENT_EVENTS Successful Twitter Phish 2021-03-22
(current_events.rules)
2847725 - ETPRO CURRENT_EVENTS Successful Allegro PL Phish 2021-03-22
(current_events.rules)
2847726 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Authorization DE Phish 2021-03-22 (current_events.rules)
2847727 - ETPRO CURRENT_EVENTS Successful Bank of America EDD Debit Card
Phish 2021-03-22 (current_events.rules)
2847728 - ETPRO CURRENT_EVENTS Successful USPS Phish 2021-03-22
(current_events.rules)
2847729 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2021-03-22 (current_events.rules)
2847730 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2021-03-22 (current_events.rules)
2847731 - ETPRO CURRENT_EVENTS Successful Denizbank Phish 2021-03-22
(current_events.rules)
2847732 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2021-03-22
(current_events.rules)
2847733 - ETPRO TROJAN Win32/MALWARECAT CnC Activity (trojan.rules)
2847734 - ETPRO CURRENT_EVENTS Successful Fortuneo Banque Phish 2021-03-22
(current_events.rules)
2847735 - ETPRO CURRENT_EVENTS Successful Match Phish 2021-03-22
(current_events.rules)
2847736 - ETPRO CURRENT_EVENTS Successful Posten Phish 2021-03-22
(current_events.rules)
2847737 - ETPRO TROJAN Win32/Remcos RAT Checkin 694 (trojan.rules)
2847738 - ETPRO TROJAN Suspected JsoutProx Activity (trojan.rules)

[///] Modified active rules: [///]

2845893 - ETPRO TROJAN MSIL/Apocalypse Stealer CnC Exfil (trojan.rules)

[---] Removed rules: [---]

2819995 - ETPRO CURRENT_EVENTS Successful Adobe Phish Apr 29 2016
(current_events.rules)
2820061 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish May
4 (current_events.rules)
2821032 - ETPRO CURRENT_EVENTS Successful Adobe Phish M1 Jul 11 2016
(current_events.rules)
2821138 - ETPRO CURRENT_EVENTS Successful AOL Phish M1 Jul 14 2016
(current_events.rules)
2821139 - ETPRO CURRENT_EVENTS Successful AOL Phish M1 Jul 14 2016
(current_events.rules)
2821140 - ETPRO CURRENT_EVENTS Successful AOL Phish M3 Jul 14 20116
(current_events.rules)
2821312 - ETPRO CURRENT_EVENTS Successful Adobe Phish Jul 21 2016
(current_events.rules)
2821598 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Aug
10 2016 (current_events.rules)
2821870 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Aug
26 2016 (current_events.rules)
2821914 - ETPRO CURRENT_EVENTS Successful Apple Store Transaction
Cancellation Phish Aug 30 2016 (current_events.rules)
2821964 - ETPRO CURRENT_EVENTS Successful Generic Epass Phish Aug 31 2016
(current_events.rules)
2822004 - ETPRO CURRENT_EVENTS Successful Account Update Phish Sept 6 2016
(current_events.rules)
2822111 - ETPRO CURRENT_EVENTS Successful Apple Phish M1 Sept 14 2016
(current_events.rules)
2822112 - ETPRO CURRENT_EVENTS Successful Apple Phish M2 Sept 14 2016
(current_events.rules)
2822113 - ETPRO CURRENT_EVENTS Successful Apple Phish M3 Sept 14 2016
(current_events.rules)
2822121 - ETPRO CURRENT_EVENTS Successful Adobe Phish Sept 14 2016
(current_events.rules)
2822122 - ETPRO CURRENT_EVENTS Successful Personalized Phish Sept 14 2016
(current_events.rules)
2822144 - ETPRO CURRENT_EVENTS Possible Successful Phish - Generic Form
Names Sept 9 2016 (current_events.rules)
2822286 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Sept 28 2016
(current_events.rules)
2822292 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Sept
29 2016 (current_events.rules)
2822310 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Sept 29 2016
(current_events.rules)
2822313 - ETPRO CURRENT_EVENTS Successful Apple Phish M3 Sept 29 2016
(current_events.rules)
2822376 - ETPRO CURRENT_EVENTS Successful Apple ID Phish M1 Oct 04 2016
(current_events.rules)
2822401 - ETPRO CURRENT_EVENTS Successful Apple Phish Oct 04 2016
(current_events.rules)
2822419 - ETPRO CURRENT_EVENTS Successful Amazon Phish M2 Oct 05 2016
(current_events.rules)
2822493 - ETPRO CURRENT_EVENTS Successful Apple Phish M1 Oct 07 2016
(current_events.rules)
2822499 - ETPRO CURRENT_EVENTS Successful Apple Phish M2 Oct 07 2016
(current_events.rules)
2822665 - ETPRO CURRENT_EVENTS Successful Amazon (UK) Phish Oct 17 2016
(current_events.rules)
2822713 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Oct 18 2016
(current_events.rules)
2822891 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Oct 26 2016
(current_events.rules)
2822897 - ETPRO CURRENT_EVENTS Successful ABSA Phish Oct 26 2016
(current_events.rules)
2822903 - ETPRO CURRENT_EVENTS Successful Ameli.fr Phish M1 Oct 26 2016
(current_events.rules)
2822904 - ETPRO CURRENT_EVENTS Successful Ameli.fr Phish M2 Oct 26 2016
(current_events.rules)
2822982 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Oct 28 2016
(current_events.rules)
2823041 - ETPRO CURRENT_EVENTS Successful Apple Phish Oct 31 2016
(current_events.rules)
2823272 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Nov
15 2016 (current_events.rules)
2823362 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish M1 Nov 18
2016 (current_events.rules)
2823969 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Dec 20 2016
(current_events.rules)
2824108 - ETPRO CURRENT_EVENTS Successful Apple Store Phish M1 Dec 29 2016
(current_events.rules)
2824109 - ETPRO CURRENT_EVENTS Successful Apple Store Phish M2 Dec 29 2016
(current_events.rules)
2824110 - ETPRO CURRENT_EVENTS Successful Apple Store Phish M3 Dec 29 2016
(current_events.rules)
2824111 - ETPRO CURRENT_EVENTS Successful Apple Store Phish M4 Dec 29 2016
(current_events.rules)

Date:
Summary title:
49 new OPEN, 75 new PRO (49 + 26) MALWARECAT, Android GolfSpy, JsoutProx Activity, chMiner/RAT and VARIOUS PHISH.