Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/04/01

[***] Summary: [***]

6 new OPEN, 43 new PRO (6 + 37). DriverPack, CVE-2021-3449, Cobalt
Strike,
Various Android/Agent.BQ, AsyncRAT, Win32/Stealer.yec, Win32/Delf.BML,
Various RedLine, Coinminers, VARIOUS PHISH.

tks: @z0ul_ and @MichalKoczwara

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2032357 - ET MALWARE DriverPack Domain in DNS Query (malware.rules)
2032358 - ET EXPLOIT Possible OpenSSL TLSv1.2 DoS Inbound (CVE-2021-3449)
(exploit.rules)
2032359 - ET INFO Terse Request for EXE from DigitalOcean Spaces
(info.rules)
2032360 - ET TROJAN Cobalt Strike Beacon Activity (trojan.rules)
2032361 - ET TROJAN WebMonitor/RevCode RAT CnC Domain in DNS Lookup
(trojan.rules)
2032362 - ET TROJAN Cobalt Strike Beacon Activity (trojan.rules)

Pro:

2847943 - ETPRO MOBILE_MALWARE Android Piom Checkin (mobile_malware.rules)
2847944 - ETPRO MOBILE_MALWARE Android.Smforw.ff Checkin
(mobile_malware.rules)
2847945 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.wj Checkin
(mobile_malware.rules)
2847946 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI)
(mobile_malware.rules)
2847947 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 2
(mobile_malware.rules)
2847948 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 3
(mobile_malware.rules)
2847949 - ETPRO MOBILE_MALWARE Android/Obfus.RJ (TLS SNI) 113
(mobile_malware.rules)
2847950 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 4
(mobile_malware.rules)
2847951 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 5
(mobile_malware.rules)
2847952 - ETPRO CURRENT_EVENTS Possible PII Phish Cabanova Hosted
2021-04-01 (current_events.rules)
2847953 - ETPRO INFO HTTP 200 Stat Code with 404 in Body (info.rules)
2847954 - ETPRO TROJAN Cobalt Strike Malleable C2 (Unknown Profile)
(trojan.rules)
2847955 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847956 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847957 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847958 - ETPRO CURRENT_EVENTS Successful Regions Bank Phish 2021-04-01
(current_events.rules)
2847959 - ETPRO CURRENT_EVENTS Possible PII Phish Cabanova Hosted
2021-04-01 (current_events.rules)
2847960 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2021-04-01 (current_events.rules)
2847961 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-01 1) (trojan.rules)
2847962 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-01 2) (trojan.rules)
2847963 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-01 3) (trojan.rules)
2847964 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2021-04-01 (current_events.rules)
2847965 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2021-04-01 (current_events.rules)
2847966 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2021-04-01 (current_events.rules)
2847967 - ETPRO TROJAN Win32/Delf.BML Variant Heartbeat CnC Activity
(trojan.rules)
2847968 - ETPRO TROJAN Win32/Delf.BML Variant Server Listing CnC Activity
(trojan.rules)
2847969 - ETPRO TROJAN Win32/Delf.BML Variant CnC Activity (trojan.rules)
2847970 - ETPRO TROJAN MSIL/Agent.UL Variant CnC Initial Host Checkin
(trojan.rules)
2847971 - ETPRO TROJAN MSIL/Agent.UL Variant CnC Activity (trojan.rules)
2847972 - ETPRO TROJAN Win32/Stealer.yec CnC Activity M1 (trojan.rules)
2847973 - ETPRO TROJAN Win32/Stealer.yec CnC Activity M2 (trojan.rules)
2847974 - ETPRO TROJAN RedLine - RequestSession (trojan.rules)
2847975 - ETPRO TROJAN RedLine - SubmitSession (trojan.rules)
2847976 - ETPRO TROJAN RedLine - RequestUpdates (trojan.rules)
2847977 - ETPRO TROJAN Observed Elysium Variant CnC Domain (powerins3rts
.xyz in TLS SNI) (trojan.rules)
2847978 - ETPRO TROJAN Win32/Remcos RAT Checkin 701 (trojan.rules)
2847979 - ETPRO TROJAN Valyria Maldoc Activity (GET) (trojan.rules)

[---] Disabled rules: [---]

2032343 - ET TROJAN Valyria Maldoc Activity (GET) (trojan.rules)
2836902 - ETPRO TROJAN Suspected APT33 Spearphishing Related DNS Lookup
(trojan.rules)
2847942 - ETPRO TROJAN Valyria Maldoc Activity (GET) (trojan.rules)

Date:
Summary title:
6 new OPEN, 43 new PRO (6 + 37). DriverPack, CVE-2021-3449, Cobalt Strike, Various Android/Agent.BQ, AsyncRAT, Win32/Stealer.yec, Win32/Delf.BML, Various RedLine, Coinminers, VARIOUS PHISH.