Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/03/30

[***] Summary: [***]

8 new OPEN, 34 new PRO (8 + 26). CVE-2021-26877/26897, GCleaner
Downloader, Cobalt Strike Beacon, Android Spy
ConstantYummy, AsyncRAT, Win32/Ciadoor, Coinminers, VARIOUS PHISH.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2032347 - ET EXPLOIT Windows DNS Server RCE Attempt Inbound
(CVE-2021-26877) (exploit.rules)
2032348 - ET EXPLOIT Windows DNS Server RCE Attempt Inbound
(CVE-2021-26897) (exploit.rules)
2032349 - ET TROJAN GCleaner Downloader Activity M1 (trojan.rules)
2032350 - ET TROJAN GCleaner Downloader Activity M2 (trojan.rules)
2032351 - ET TROJAN GCleaner Downloader Activity M3 (trojan.rules)
2032352 - ET TROJAN Campo Loader Activity (GET) (trojan.rules)
2032353 - ET TROJAN Cobalt Strike Beacon (Amazon Profile) M2
(trojan.rules)
2032354 - ET TROJAN Cobalt Strike Beacon (Bing Profile) (trojan.rules)

Pro:

2847886 - ETPRO MOBILE_MALWARE Android Spy ConstantYummy Checkin
(mobile_malware.rules)
2847887 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847888 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847889 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847890 - ETPRO CURRENT_EVENTS Successful Saudi Post Phish 2021-03-30
(current_events.rules)
2847891 - ETPRO CURRENT_EVENTS Successful Idaho Central Credit Union
Phish 2021-03-30 (current_events.rules)
2847892 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2021-03-30 (current_events.rules)
2847893 - ETPRO CURRENT_EVENTS Successful TSB Bank Phish 2021-03-30
(current_events.rules)
2847894 - ETPRO CURRENT_EVENTS Successful DHL Phish 2021-03-30
(current_events.rules)
2847895 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2021-03-30
(current_events.rules)
2847896 - ETPRO CURRENT_EVENTS Successful Chase Bank Phish 2021-03-30
(current_events.rules)
2847897 - ETPRO CURRENT_EVENTS Successful Barclays Phish 2021-03-30
(current_events.rules)
2847898 - ETPRO CURRENT_EVENTS Successful Sparkasse Phish 2021-03-30
(current_events.rules)
2847899 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2021-03-30
(current_events.rules)
2847900 - ETPRO CURRENT_EVENTS Successful Bancolumbia Phish 2021-03-30
(current_events.rules)
2847901 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2021-03-30
(current_events.rules)
2847902 - ETPRO CURRENT_EVENTS Successful Snapchat Phish 2021-03-30
(current_events.rules)
2847903 - ETPRO CURRENT_EVENTS Successful Bank of America EDD Debit Card
Phish 2021-03-30 (current_events.rules)
2847904 - ETPRO CURRENT_EVENTS Successful Chase Phish 2021-03-30
(current_events.rules)
2847905 - ETPRO CURRENT_EVENTS Successful Chase Phish 2021-03-30
(current_events.rules)
2847906 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-30 1) (trojan.rules)
2847907 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-30 2) (trojan.rules)
2847908 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-30 3) (trojan.rules)
2847909 - ETPRO MALWARE Win32/Ciadoor Variant CnC Activity (malware.rules)
2847910 - ETPRO MALWARE Win32/Unk Stealer CnC Activity (malware.rules)
2847912 - ETPRO TROJAN Observed Suspicious SSL Cert (testexample)
(trojan.rules)

Date:
Summary title:
8 new OPEN, 34 new PRO (8 + 26). CVE-2021-26877/26897, GCleaner Downloader, Cobalt Strike Beacon, Android Spy ConstantYummy, AsyncRAT, Win32/Ciadoor, Coinminers, VARIOUS PHISH.