Daily Ruleset Update Summary 2021/03/24

[***] Summary: [***]

7 new OPEN, 42 new PRO (7 + 35) Vantage RCE, Hakistan Keylogger,
HiddenTears Ransomware and VARIOUS PHISHING.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2032314 - ET EXPLOIT Possible Vantage Velocity Field Unit RCE Inbound
(CVE-2020-9020) (exploit.rules)
2032315 - ET TROJAN Win32.Raccoon Stealer CnC Domain in TLS SNI
(onthewire1 .top) (trojan.rules)
2032316 - ET TROJAN Win32.Raccoon Stealer CnC Domain in TLS SNI
(companyllc .top) (trojan.rules)
2032317 - ET TROJAN Win32.Raccoon Stealer CnC Domain in TLS SNI
(rpirpiwhyyouleaveyourhorse .top) (trojan.rules)
2032318 - ET TROJAN Suspected Jobcrypter Ransomware Exfil (SMTP)
(trojan.rules)
2032319 - ET TROJAN Win32/Girostat Stealer (POST) (trojan.rules)
2032320 - ET TROJAN HiddenTears Ransomware Activity (GET) (trojan.rules)

Pro:

2847765 - ETPRO MOBILE_MALWARE Trojan/Android.SpyAgent.882726 Checkin
(mobile_malware.rules)
2847766 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Masplot.a
Reporting Installed Apps (mobile_malware.rules)
2847767 - ETPRO MOBILE_MALWARE Possible Android Joker (DNS Lookup)
(mobile_malware.rules)
2847768 - ETPRO MOBILE_MALWARE Android/Spy.Agent.BPG Reporting Contact
List (mobile_malware.rules)
2847769 - ETPRO TROJAN Observed Win32/Elysium Variant CnC Domain in TLS
SNI (trojan.rules)
2847770 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-24 1) (trojan.rules)
2847771 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-24 2) (trojan.rules)
2847772 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-24 3) (trojan.rules)
2847773 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-24 4) (trojan.rules)
2847774 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-24 5) (trojan.rules)
2847775 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-24 6) (trojan.rules)
2847776 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-24 7) (trojan.rules)
2847777 - ETPRO CURRENT_EVENTS Successful Regions Bank Phish 2021-03-24
(current_events.rules)
2847778 - ETPRO CURRENT_EVENTS Successful USPS Phish 2021-03-24
(current_events.rules)
2847779 - ETPRO CURRENT_EVENTS Successful Compromised Wordpress Microsoft
Account Phish 2021-03-24 (current_events.rules)
2847780 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-03-24
(current_events.rules)
2847781 - ETPRO CURRENT_EVENTS Successful BRB Banco de Brasilia Phish
2021-03-24 (current_events.rules)
2847782 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2021-03-24
(current_events.rules)
2847783 - ETPRO CURRENT_EVENTS Successful Generic Webmail Session Expired
Phish 2021-03-24 (current_events.rules)
2847784 - ETPRO CURRENT_EVENTS Successful Credit Agricole FR Phish
2021-03-24 (current_events.rules)
2847785 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2021-03-24
(current_events.rules)
2847786 - ETPRO CURRENT_EVENTS Successful Alibaba Phish 2021-03-24
(current_events.rules)
2847787 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-03-24
(current_events.rules)
2847788 - ETPRO CURRENT_EVENTS Successful SF Express Phish 2021-03-24
(current_events.rules)
2847789 - ETPRO CURRENT_EVENTS Successful Generic Cloned Website Phish
2021-03-24 (current_events.rules)
2847790 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2021-03-24
(current_events.rules)
2847791 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2021-03-24
(current_events.rules)
2847792 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2021-03-24
(current_events.rules)
2847793 - ETPRO TROJAN Snake Keylogger Reporting Infection via SMTP
(trojan.rules)
2847794 - ETPRO MOBILE_MALWARE Hakistan Keylogger Reporting Infection via
SMTP (mobile_malware.rules)
2847795 - ETPRO TROJAN BAT/PSW.Agent.CS Reporting Infection via SMTP
(trojan.rules)
2847796 - ETPRO TROJAN THRALL Reporting Infection via SMTP (trojan.rules)
2847797 - ETPRO TROJAN Win32/Spy.Banker.ABIP Variant Reporting Infection
via SMTP (trojan.rules)
2847798 - ETPRO TROJAN Ardamax Keylogger Reporting Infection via SMTP
(trojan.rules)
2847799 - ETPRO TROJAN Win32/Remcos RAT Checkin 695 (trojan.rules)

[///] Modified active rules: [///]

2026825 - ET TROJAN Atom Logger exfil via SMTP (trojan.rules)
2838106 - ETPRO TROJAN Sharik/Smokeloader CnC Beacon 16 (trojan.rules)
2847713 - ETPRO TROJAN AsyncRAT Style CnC Server SSL Cert (trojan.rules)

Date:

Wednesday, March 24, 2021

Summary title:

7 new OPEN, 42 new PRO (7 + 35) Vantage RCE, Hakistan Keylogger, HiddenTears Ransomware and VARIOUS PHISHING.