Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/03/26

[***] Summary: [***]

7 new OPEN, 28 new PRO (7 + 21). Various Stealers, Cobalt Strike,
BazaLoader, Various PHISH.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2032333 - ET MALWARE X-Files Stealer CnC Exfil Activity (malware.rules)
2032334 - ET TROJAN Win32.Raccoon Stealer CnC Domain in TLS SNI
(videomart .top) (trojan.rules)
2032335 - ET TROJAN Cobalt Strike Beacon Activity (GET) (trojan.rules)
2032336 - ET TROJAN Cobalt Strike Beacon Activity (GET) (trojan.rules)
2032337 - ET TROJAN Cobalt Strike Beacon Activity (GET) (trojan.rules)
2032338 - ET TROJAN Cobalt Strike Beacon Activity (GET) (trojan.rules)
2032339 - ET TROJAN Cobalt Strike Beacon Activity (Wordpress
Profile) (trojan.rules)

Pro:

2847830 - ETPRO INFO Suspicious POST to .exe Without Referer (info.rules)
2847831 - ETPRO TROJAN BazaLoader MalDoc CnC Checkin (trojan.rules)
2847832 - ETPRO TROJAN BazaLoader MalDoc Retrieving Payload (trojan.rules)
2847833 - ETPRO TROJAN Observed Malicious SSL Cert (BazaLoader CnC)
(trojan.rules)
2847834 - ETPRO USER_AGENTS Obvserved Suspicious User-Agent
(user_agents.rules)
2847835 - ETPRO TROJAN BazaLoader CnC Activity (trojan.rules)
2847836 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2847837 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2847838 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2847839 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2847840 - ETPRO CURRENT_EVENTS Successful Liberbank Phish 2021-03-26
(current_events.rules)
2847841 - ETPRO CURRENT_EVENTS Successful SMBC JP Phish 2021-03-26
(current_events.rules)
2847842 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2021-03-26 (current_events.rules)
2847843 - ETPRO CURRENT_EVENTS Successful Generic Email Update Phish
2021-03-26 (current_events.rules)
2847844 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-26 1) (trojan.rules)
2847845 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-26 2) (trojan.rules)
2847846 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-26 3) (trojan.rules)
2847847 - ETPRO MALWARE Win32/Spy.Delf.OPR Variant CnC Activity
(malware.rules)
2847848 - ETPRO TROJAN MSIL/PSW.Agent.QIM Variant Reporting
Infection via SMTP (trojan.rules)
2847849 - ETPRO TROJAN IM-CHEATER Stealer Reporting Logs via SMTP
(trojan.rules)
2847850 - ETPRO TROJAN Unknown PL Stealer Reporting Logs via SMTP
(trojan.rules)

Date:
Summary title:
7 new OPEN, 28 new PRO (7 + 21). Various Stealers, Cobalt Strike, BazaLoader, Various PHISH.