[***] Summary: [***]
12 new OPEN, 28 new PRO (12 + 16) STEADYPUSE Webshell, Ursnif, AsyncRAT
and 44 Caliber Stealer
Thanks @ThingzEye!
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2032792 - ET INFO Observed DNS Query to DDNS Domain .myfirewall .org
(info.rules)
2032793 - ET TROJAN Unk.PSAttack Activity (trojan.rules)
2032794 - ET TROJAN Likely Evil Request for uac.exe With Minimal Headers
(trojan.rules)
2032795 - ET CURRENT_EVENTS Observed DNS Query to Phishing Domain
(apiujpnkbrhsdn57oi0ns0qmbaj0wcdzjhblj6frlh1tr .eur .lc)
(current_events.rules)
2032796 - ET CURRENT_EVENTS Observed DNS Query to Phishing Domain
(hombreymaquina .com) (current_events.rules)
2032797 - ET CURRENT_EVENTS Observed DNS Query to Phishing Domain
(igconsulting. pe) (current_events.rules)
2032798 - ET TROJAN Observed DNS Query to Ursnif CnC Domain (vorulenuke.
us) (trojan.rules)
2032799 - ET TROJAN Observed DNS Query to Ursnif CnC Domain (horulenuke
.us) (trojan.rules)
2032800 - ET TROJAN Possible STEADYPULSE Webshell Accessed M2
(trojan.rules)
2032801 - ET TROJAN Possible STEADYPULSE Webshell Accessed M1
(trojan.rules)
2032802 - ET TROJAN Observed Win32.Raccoon Stealer CnC Domain
(gimmegimmejimmy .top in TLS SNI) (trojan.rules)
2032803 - ET TROJAN 44 Caliber Stealer Data Exfil via Discord
(trojan.rules)
Pro:
2848263 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 20
(mobile_malware.rules)
2848264 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 21
(mobile_malware.rules)
2848265 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 22
(mobile_malware.rules)
2848266 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 23
(mobile_malware.rules)
2848267 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 24
(mobile_malware.rules)
2848268 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 25
(mobile_malware.rules)
2848269 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 26
(mobile_malware.rules)
2848270 - ETPRO INFO Observed POST Request Containing SQLite Database
(info.rules)
2848271 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2848272 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-21 1) (trojan.rules)
2848273 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-21 2) (trojan.rules)
2848274 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-21 3) (trojan.rules)
2848275 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-21 4) (trojan.rules)
2848276 - ETPRO CURRENT_EVENTS Successful Generic Credential Phish
2021-04-21 (current_events.rules)
2848277 - ETPRO CURRENT_EVENTS Successful BoA Phish 2021-04-21
(current_events.rules)
2848278 - ETPRO CURRENT_EVENTS Successful Tangerine Phish 2021-04-21
(current_events.rules)
[---] Disabled rules: [---]
2824544 - ETPRO TROJAN Malicious SSL Certificate Detected (Gootkit CnC)
(trojan.rules)