Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/04/16

[***] Summary: [***]

7 new OPEN, 16 new PRO (7 + 9). Raccoon Stealer, Remcos 3.x,
AsyncRAT, Others.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2032771 - ET TROJAN Observed Win32.Raccoon Stealer CnC Domain
(youareperfect2day .top in TLS SNI) (trojan.rules)
2032772 - ET TROJAN Observed Win32.Raccoon Stealer CnC Domain
(mindbreaker .top in TLS SNI) (trojan.rules)
2032773 - ET TROJAN Observed Win32.Raccoon Stealer CnC Domain
(attentionmagnet .top in TLS SNI) (trojan.rules)
2032774 - ET WEB_CLIENT Generic Webshell Accessed on External
Compromised Server (web_client.rules)
2032775 - ET WEB_SERVER Generic Webshell Accessed on Internal
Compromised Server (web_server.rules)
2032776 - ET TROJAN Remocs 3.x Unencrypted Checkin (trojan.rules)
2032777 - ET TROJAN Remocs 3.x Unencrypted Server Response (trojan.rules)

Pro:

2848216 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848217 - ETPRO TROJAN Unk.MalDoc CnC Exfil (trojan.rules)
2848218 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848219 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-16 1) (trojan.rules)
2848220 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-16 2) (trojan.rules)
2848221 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-16 3) (trojan.rules)
2848222 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-16 4) (trojan.rules)
2848223 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2021-04-16 (current_events.rules)
2848224 - ETPRO TROJAN Win64/Agent.ANJ CnC Activity (trojan.rules)

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:
Summary title:
7 new OPEN, 16 new PRO (7 + 9). Raccoon Stealer, Remcos 3.x, AsyncRAT, Others.