[***] Summary: [***]
13 new OPEN, 42 new PRO (13 + 29). StrongPity, Raccoon Stealer,
Ozone RAT, AsyncRAT, Various PHISH.
thanks: @BaoshengbinCumt
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2032531 - ET INFO Observed POST to xsph .ru Domain (info.rules)
2032532 - ET CURRENT_EVENTS Possible Successful Generic Phish (set)
2021-04-08 (current_events.rules)
2032533 - ET EXPLOIT Trend Micro IWSVA Unauthenticated Command
Injection Inbound (CVE-2020-8466) (exploit.rules)
2032534 - ET TROJAN Observed StrongPity CnC Domain
(hierarchicalfiles .com in TLS SNI) (trojan.rules)
2032535 - ET TROJAN Observed StrongPity CnC Domain
(resolutionplatform .com in TLS SNI) (trojan.rules)
2032536 - ET TROJAN Observed StrongPity CnC Domain (pulmonyarea .com
in TLS SNI) (trojan.rules)
2032537 - ET TROJAN Observed StrongPity CnC Domain (hardwareoption
.com in TLS SNI) (trojan.rules)
2032538 - ET TROJAN Win32.Raccoon Stealer CnC Domain in TLS SNI
(shehootastayonwhatshelirned .top) (trojan.rules)
2032539 - ET TROJAN Observed StrongPity CnC Domain (applicationrepo
.com in TLS SNI) (trojan.rules)
2032540 - ET TROJAN Observed StrongPity CnC Domain
(uppertrainingtool .com in TLS SNI) (trojan.rules)
2032541 - ET TROJAN Observed StrongPity CnC Domain
(hostoperationsystems .com in TLS SNI) (trojan.rules)
2032542 - ET TROJAN Ozone/Darktrack RAT Variant - Client Hello (set)
(trojan.rules)
2032543 - ET TROJAN Ozone/Darktrack RAT Variant - Server Hello (trojan.rules)
Pro:
2848072 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848073 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848074 - ETPRO TROJAN Win32/DelfInject.PNH!MTB Activity (trojan.rules)
2848075 - ETPRO TROJAN W32/PSWSteal.VBMT64 CnC Activity (trojan.rules)
2848076 - ETPRO TROJAN W32/PSWSteal.VBMT64 CnC Activity (trojan.rules)
2848077 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-08 1) (trojan.rules)
2848078 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-08 2) (trojan.rules)
2848079 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-08 3) (trojan.rules)
2848080 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-08 4) (trojan.rules)
2848081 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-08 5) (trojan.rules)
2848082 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-08 6) (trojan.rules)
2848083 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-08 7) (trojan.rules)
2848084 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-08 8) (trojan.rules)
2848085 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-08 9) (trojan.rules)
2848086 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-08 10) (trojan.rules)
2848087 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-08 11) (trojan.rules)
2848088 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-08 12) (trojan.rules)
2848089 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-08 13) (trojan.rules)
2848090 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-08 14) (trojan.rules)
2848091 - ETPRO CURRENT_EVENTS Successful University of Delaware
Phish 2021-04-08 (current_events.rules)
2848092 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2021-04-08 (current_events.rules)
2848093 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish
2021-04-08 (current_events.rules)
2848094 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish
2021-04-08 (current_events.rules)
2848095 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish
2021-04-08 (current_events.rules)
2848096 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2021-04-08
(current_events.rules)
2848097 - ETPRO CURRENT_EVENTS Successful Citizens Bank Phish
2021-04-08 (current_events.rules)
2848098 - ETPRO CURRENT_EVENTS Successful Likely Cryptocurrency
Wallet 000webhosapp Hosted Phish 2021-04-08 (current_events.rules)
2848099 - ETPRO CURRENT_EVENTS Successful Metrobank Phish 2021-04-08
(current_events.rules)
2848100 - ETPRO TROJAN Win32/Remcos RAT Checkin 703 (trojan.rules)
[///] Modified active rules: [///]
2030565 - ET MALWARE Downer.B Variant Checkin (malware.rules)
2828283 - ETPRO TROJAN VJworm Checkin (trojan.rules)
2843817 - ETPRO TROJAN Loda Logger CnC Activity (trojan.rules)
2847936 - ETPRO TROJAN MSIL/BloodyStealer CnC Activity (trojan.rules)