Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/03/23

[***] Summary: [***]

37 new OPEN, 63 new PRO (37 + 26) Bazar Backdoor,
Trojan:Script/Phonzy.A!ml , Raccoon Stealer, and VARIOUS PHISHING

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2032277 - ET CURRENT_EVENTS Successful UK Tax Phishing M1 2016-02-01
(current_events.rules)
2032278 - ET CURRENT_EVENTS Successful UK Tax Phishing M2 2016-02-01
(current_events.rules)
2032279 - ET CURRENT_EVENTS Successful Apple Phishing M1 2016-03-01
(current_events.rules)
2032280 - ET CURRENT_EVENTS L33bo Phishing Kit - Successful Credential
Phish M1 2016-03-29 (current_events.rules)
2032281 - ET CURRENT_EVENTS L33bo Phishing Kit - Successful Credential
Phish M2 2016-03-29 (current_events.rules)
2032282 - ET CURRENT_EVENTS L33bo Phishing Kit - Successful Credential
Phish M3 2016-03-29 (current_events.rules)
2032283 - ET CURRENT_EVENTS L33bo Phishing Kit - Successful Credential
Phish M4 2016-03-29 (current_events.rules)
2032284 - ET CURRENT_EVENTS Successful Dropbox Phish 2016-05-16
(current_events.rules)
2032285 - ET CURRENT_EVENTS Successful Webmail Phish M2 2016-06-22
(current_events.rules)
2032286 - ET CURRENT_EVENTS Successful Webmail Phish M3 2016-06-22
(current_events.rules)
2032287 - ET CURRENT_EVENTS Successful Outlook Phish 2016-07-14
(current_events.rules)
2032288 - ET CURRENT_EVENTS Successful Blocked Email Account Phish M1
2016-08-23 (current_events.rules)
2032289 - ET CURRENT_EVENTS Successful Canada Revenue Agency Phish
2016-08-30 (current_events.rules)
2032290 - ET CURRENT_EVENTS Successful Barclays Phish M1 2016-09-09
(current_events.rules)
2032291 - ET CURRENT_EVENTS Successful Barclays Phish M2 2016-09-09
(current_events.rules)
2032292 - ET CURRENT_EVENTS Successful Barclays Phish M3 2016-09-09
(current_events.rules)
2032293 - ET CURRENT_EVENTS Possible Successful Banking Phish (BR)
2016-09-29 (current_events.rules)
2032294 - ET CURRENT_EVENTS Successful Bank of America Phish 2016-10-03
(current_events.rules)
2032295 - ET CURRENT_EVENTS Successful Barclays Phish M1 2016-10-06
(current_events.rules)
2032296 - ET CURRENT_EVENTS Successful Barclays Phish M2 2016-10-06
(current_events.rules)
2032297 - ET CURRENT_EVENTS Successful CenturyLink Phish 2016-10-12
(current_events.rules)
2032298 - ET CURRENT_EVENTS Successful Chase Phish M1 2016-10-17
(current_events.rules)
2032299 - ET CURRENT_EVENTS Successful Chase Phish M2 2016-10-17
(current_events.rules)
2032300 - ET CURRENT_EVENTS Successful Bank of America Phish M2 2016-10-21
(current_events.rules)
2032301 - ET CURRENT_EVENTS Successful Bank of America Phish M1 2016-10-27
(current_events.rules)
2032302 - ET CURRENT_EVENTS Successful Bank of America Phish M2 2016-10-27
(current_events.rules)
2032303 - ET CURRENT_EVENTS Successful Bank of America Phish M3 2016-10-27
(current_events.rules)
2032304 - ET CURRENT_EVENTS Successful Bank of America Phish M4 2016-10-27
(current_events.rules)
2032305 - ET CURRENT_EVENTS Successful Bank of America Phish M1 2016-11-23
(current_events.rules)
2032306 - ET CURRENT_EVENTS Successful Bank of America Phish M2 2016-11-23
(current_events.rules)
2032307 - ET CURRENT_EVENTS Successful Chase Phish M2 2016-12-07
(current_events.rules)
2032308 - ET CURRENT_EVENTS Successful Banco Itau (BR) Phish M1 2016-12-08
(current_events.rules)
2032309 - ET CURRENT_EVENTS Successful Banco Itau (BR) Phish M2 2016-12-08
(current_events.rules)
2032310 - ET CURRENT_EVENTS Successful Banque Populaire (FR) Phish
2016-12-12 (current_events.rules)
2032311 - ET CURRENT_EVENTS Successful Chase Phish 2016-12-16
(current_events.rules)
2032312 - ET TROJAN Win32.Raccoon Stealer CnC Domain in TLS SNI
(nameyourcatlikeshedeserved .top) (trojan.rules)
2032313 - ET TROJAN Observed Malicious SSL Cert (Bazar Backdoor)
(trojan.rules)

Pro:

2847739 - ETPRO TROJAN Observed Win32/Unk.Loader Domain Domain in TLS SNI
(trojan.rules)
2847740 - ETPRO TROJAN Trojan:Script/Phonzy.A!ml CnC Activity M2
(trojan.rules)
2847741 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-23 1) (trojan.rules)
2847742 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-23 2) (trojan.rules)
2847743 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-23 3) (trojan.rules)
2847744 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-23 4) (trojan.rules)
2847745 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-23 5) (trojan.rules)
2847746 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-23 6) (trojan.rules)
2847747 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-23 7) (trojan.rules)
2847748 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-23 8) (trojan.rules)
2847749 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-23 9) (trojan.rules)
2847750 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-23 10) (trojan.rules)
2847751 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-23 11) (trojan.rules)
2847752 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-23 12) (trojan.rules)
2847753 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-23 13) (trojan.rules)
2847754 - ETPRO CURRENT_EVENTS Successful Carrefour PASS Phish 2021-03-23
(current_events.rules)
2847755 - ETPRO CURRENT_EVENTS Successful OLX Phish 2021-03-23
(current_events.rules)
2847756 - ETPRO CURRENT_EVENTS Successful Huntington Bank Phish 2021-03-23
(current_events.rules)
2847757 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish 2021-03-23
(current_events.rules)
2847758 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2021-03-23 (current_events.rules)
2847759 - ETPRO CURRENT_EVENTS Successful USPS Phish 2021-03-23
(current_events.rules)
2847760 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish 2021-03-23
(current_events.rules)
2847761 - ETPRO CURRENT_EVENTS Successful DHL Phish 2021-03-23
(current_events.rules)
2847762 - ETPRO CURRENT_EVENTS Successful Chase Phish 2021-03-23
(current_events.rules)
2847763 - ETPRO TROJAN NSIS/TrojanDropper.Agent.DY CnC Activity
(trojan.rules)
2847764 - ETPRO TROJAN Trojan:Script/Phonzy.A!ml CnC Activity M1
(trojan.rules)

[///] Modified active rules: [///]

2007616 - ET MALWARE klm123.com Spyware User Agent (malware.rules)
2842556 - ETPRO TROJAN VB.Trojan.Valyri CnC Activity M2 (trojan.rules)
2847713 - ETPRO TROJAN AsyncRAT Style CnC Server SSL Cert (trojan.rules)

[---] Removed rules: [---]

2816019 - ETPRO CURRENT_EVENTS Successful UK Tax Phishing M1 Feb 01 2016
(current_events.rules)
2816020 - ETPRO CURRENT_EVENTS Successful UK Tax Phishing M2 Feb 01 2016
(current_events.rules)
2816451 - ETPRO CURRENT_EVENTS Successful Apple Phishing M1 Mar 1 2016
(current_events.rules)
2816791 - ETPRO CURRENT_EVENTS L33bo Phishing Kit - Successful Credential
Phish M1 Mar 29 2016 (current_events.rules)
2816792 - ETPRO CURRENT_EVENTS L33bo Phishing Kit - Successful Credential
Phish M2 Mar 29 2016 (current_events.rules)
2816793 - ETPRO CURRENT_EVENTS L33bo Phishing Kit - Successful Credential
Phish M3 Mar 29 2016 (current_events.rules)
2816794 - ETPRO CURRENT_EVENTS L33bo Phishing Kit - Successful Credential
Phish M4 Mar 29 2016 (current_events.rules)
2820237 - ETPRO CURRENT_EVENTS Successful Dropbox Phish May 16 2016
(current_events.rules)
2820833 - ETPRO CURRENT_EVENTS Successful Webmail Phish M2 Jun 22 2016
(current_events.rules)
2820834 - ETPRO CURRENT_EVENTS Successful Webmail Phish M3 Jun 22 2016
(current_events.rules)
2821137 - ETPRO CURRENT_EVENTS Successful Outlook Phish Jul 14 2016
(current_events.rules)
2821799 - ETPRO CURRENT_EVENTS Successful Blocked Email Account Phish M1
Aug 23 2016 (current_events.rules)
2821916 - ETPRO CURRENT_EVENTS Successful Canada Revenue Agency Phish Aug
30 2016 (current_events.rules)
2822069 - ETPRO CURRENT_EVENTS Successful Barclays Phish M1 Sept 9 2016
(current_events.rules)
2822070 - ETPRO CURRENT_EVENTS Successful Barclays Phish M2 Sept 9 2016
(current_events.rules)
2822071 - ETPRO CURRENT_EVENTS Successful Barclays Phish M3 Sept 9 2016
(current_events.rules)
2822316 - ETPRO CURRENT_EVENTS Possible Successful Banking Phish (BR) Sept
28 2017 (current_events.rules)
2822348 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Oct 3 2016
(current_events.rules)
2822432 - ETPRO CURRENT_EVENTS Successful Barclays Phish M1 Oct 06 2016
(current_events.rules)
2822433 - ETPRO CURRENT_EVENTS Successful Barclays Phish M2 Oct 06 2016
(current_events.rules)
2822593 - ETPRO CURRENT_EVENTS Successful CenturyLink Phish Oct 12 2016
(current_events.rules)
2822669 - ETPRO CURRENT_EVENTS Successful Chase Phish M1 Oct 17 2016
(current_events.rules)
2822670 - ETPRO CURRENT_EVENTS Successful Chase Phish M2 Oct 17 2016
(current_events.rules)
2822812 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M2 Oct 21
2016 (current_events.rules)
2822945 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 Oct 26
2016 (current_events.rules)
2822946 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M2 Oct 26
2016 (current_events.rules)
2822947 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M3 Oct 26
2016 (current_events.rules)
2822948 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M4 Oct 26
2016 (current_events.rules)
2823438 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 Nov 22
2016 (current_events.rules)
2823439 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M2 Nov 22
2016 (current_events.rules)
2823670 - ETPRO CURRENT_EVENTS Successful Chase Phish Dec 07 2016 M2
(current_events.rules)
2823691 - ETPRO CURRENT_EVENTS Successful Banco Itau (BR) Phish M1 Dec 08
2016 (current_events.rules)
2823692 - ETPRO CURRENT_EVENTS Successful Banco Itau (BR) Phish M2 Dec 08
2016 (current_events.rules)
2823777 - ETPRO CURRENT_EVENTS Successful Banque Populaire (FR) Phish Dec
12 2016 (current_events.rules)
2823932 - ETPRO CURRENT_EVENTS Successful Chase Phish Dec 16 2016
(current_events.rules)

Date:
Summary title:
37 new OPEN, 63 new PRO (37 + 26) Bazar Backdoor, Trojan:Script/Phonzy.A!ml , Raccoon Stealer, and VARIOUS PHISHING