Daily Ruleset Update Summary 2021/04/14

[***] Summary: [***]

5 new OPEN, 32 new PRO (5 + 27). AsyncRAT, Win32/Woreflint, Raccoon
Stealer, Various Phish, Others.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2032758 - ET INFO Suspicious Netlify Hosted GET Request - Possible
Phishing Landing (info.rules)
2032759 - ET INFO Suspicious Netlify Hosted DNS Request - Possible
Phishing Landing (info.rules)
2032760 - ET INFO Suspicious Netlify Hosted TLS SNI Request -
Possible Phishing Landing (info.rules)
2032761 - ET MALWARE Win32/Adware.Vonteera.M Variant CnC Activity
(malware.rules)
2032762 - ET TROJAN Observed Win32.Raccoon Stealer CnC Domain
(whatsthescore .top in TLS SNI) (trojan.rules)

Pro:

2848171 - ETPRO TROJAN RedLine - GetArguments Request (trojan.rules)
2848172 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848173 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848174 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848175 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848176 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848177 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848178 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848179 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-14 1) (trojan.rules)
2848180 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-14 2) (trojan.rules)
2848181 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-14 3) (trojan.rules)
2848182 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-14 4) (trojan.rules)
2848183 - ETPRO CURRENT_EVENTS Successful Impots Gouv FR Phish
2021-04-14 (current_events.rules)
2848184 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2021-04-14 (current_events.rules)
2848185 - ETPRO CURRENT_EVENTS Successful ANZ Phish 2021-04-14
(current_events.rules)
2848186 - ETPRO CURRENT_EVENTS Successful Etrade Phish 2021-04-14
(current_events.rules)
2848187 - ETPRO CURRENT_EVENTS Successful Generic Spox Phish
2021-04-14 (current_events.rules)
2848188 - ETPRO TROJAN Win32/Agent.UBJ Variant CnC Activity (trojan.rules)
2848189 - ETPRO CURRENT_EVENTS Successful Allianz Bank Phish
2021-04-14 (current_events.rules)
2848190 - ETPRO CURRENT_EVENTS Successful Blockchain Phish
2021-04-14 (current_events.rules)
2848191 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-04-14
(current_events.rules)
2848192 - ETPRO CURRENT_EVENTS Successful Paxful Phish 2021-04-14
(current_events.rules)
2848193 - ETPRO CURRENT_EVENTS Successful Square Phish 2021-04-14
(current_events.rules)
2848194 - ETPRO CURRENT_EVENTS Successful Generic Credential Phish
2021-04-14 (current_events.rules)
2848196 - ETPRO CURRENT_EVENTS Successful Vodafone Phish 2021-04-14
(current_events.rules)
2848197 - ETPRO TROJAN Win32/Woreflint Activity (POST) (trojan.rules)

[///] Modified active rules: [///]

2811158 - ETPRO TROJAN Win32/MewsSpy.AE CnC Activity (trojan.rules)
2848169 - ETPRO TROJAN HyperBro CnC Activity (trojan.rules)

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:

Wednesday, April 14, 2021

Summary title:

5 new OPEN, 32 new PRO (5 + 27). AsyncRAT, Win32/Woreflint, Raccoon Stealer, Various Phish, Others.