Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/03/25

[***] Summary: [***]

12 new OPEN, 42 new PRO (12 + 30) Android Phantom, AsyncRAT, Cobalt
Strike, and VARIOUS PHISHING

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2032321 - ET CURRENT_EVENTS Observed CloudFlare Interstitial Phishing Page
(current_events.rules)
2032322 - ET CURRENT_EVENTS ANTIBOT Phishing Panel Accessed on Internal
Compromised Server (current_events.rules)
2032323 - ET CURRENT_EVENTS ANTIBOT Phishing Panel Accessed on External
Compromised Server (current_events.rules)
2032324 - ET CURRENT_EVENTS Generic Phishing Panel Accessed on External
Server (current_events.rules)
2032325 - ET CURRENT_EVENTS Generic Phishing Panel Accessed on Internal
Server (current_events.rules)
2032326 - ET EXPLOIT DD-WRT UPNP Unauthenticated Buffer Overflow
(CVE-2021-27137) (exploit.rules)
2032327 - ET TROJAN Win32/Adware.Agent.NSU CnC Activity M2 (trojan.rules)
2032328 - ET TROJAN MSIL/TrojanDownloader.Small.CLJ CnC Activity
(trojan.rules)
2032329 - ET TROJAN Konni Related Activity (trojan.rules)
2032330 - ET TROJAN Cobalt Strike Activity (trojan.rules)
2032331 - ET TROJAN Black KingDom Ransomware Related Activity
(trojan.rules)
2032332 - ET TROJAN Cobalt Strike Activity (trojan.rules)

Pro:

2847800 - ETPRO MOBILE_MALWARE Android Phantom Plugin CnC Beacon
(mobile_malware.rules)
2847801 - ETPRO MOBILE_MALWARE Android Phantom Plugin CnC Beacon 2
(mobile_malware.rules)
2847802 - ETPRO MOBILE_MALWARE Android Action Spy Checkin
(mobile_malware.rules)
2847803 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847804 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847805 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847806 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847807 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-25 1) (trojan.rules)
2847808 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-25 2) (trojan.rules)
2847809 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-25 3) (trojan.rules)
2847810 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-25 4) (trojan.rules)
2847811 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-25 5) (trojan.rules)
2847812 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-25 6) (trojan.rules)
2847813 - ETPRO CURRENT_EVENTS Successful Banco de Oro Phish 2021-03-25
(current_events.rules)
2847814 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2021-03-25 (current_events.rules)
2847815 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2021-03-25
(current_events.rules)
2847816 - ETPRO CURRENT_EVENTS Successful First American Title Phish
2021-03-25 (current_events.rules)
2847817 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish 2021-03-25
(current_events.rules)
2847818 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2021-03-25
(current_events.rules)
2847819 - ETPRO CURRENT_EVENTS Successful Custom Logo Outlook Phish
2021-03-25 (current_events.rules)
2847820 - ETPRO CURRENT_EVENTS Successful Regions Bank Phish 2021-03-25
(current_events.rules)
2847821 - ETPRO CURRENT_EVENTS Successful Generic Shared Document Phish
2021-03-25 (current_events.rules)
2847822 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2021-03-25
(current_events.rules)
2847823 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2021-03-25
(current_events.rules)
2847824 - ETPRO CURRENT_EVENTS Successful RegioBank Phish 2021-03-25
(current_events.rules)
2847825 - ETPRO CURRENT_EVENTS Successful RegioBank Phish 2021-03-25
(current_events.rules)
2847826 - ETPRO CURRENT_EVENTS Successful Saudi Post Phish 2021-03-25
(current_events.rules)
2847827 - ETPRO TROJAN Win32/Spy.Agent.PVI Variant CnC Activity
(trojan.rules)
2847828 - ETPRO TROJAN Win32/Masson.A!ac CnC Activity M2 (trojan.rules)
2847829 - ETPRO TROJAN Win32/Remcos RAT Checkin 696 (trojan.rules)

[///] Modified active rules: [///]

2030588 - ET CURRENT_EVENTS Generic Phishing Panel Accessed on External
Server (current_events.rules)
2030589 - ET CURRENT_EVENTS Generic Phishing Panel Accessed on Internal
Server (current_events.rules)

Date:
Summary title:
12 new OPEN, 42 new PRO (12 + 30) Android Phantom, AsyncRAT, Cobalt Strike, and VARIOUS PHISHING