Daily Ruleset Update Summary 2021/04/22

Daily Ruleset Update Summary

[***] Summary: [***]

1 new OPEN, 12 new PRO (1 + 11) Lunar Builder, Remcos, StormKitty and
Various CoinMiner.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2032804 - ET TROJAN Lunar Builder Exfil via Discord (trojan.rules)

Pro:

2848279 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2848280 - ETPRO TROJAN Unk.Shellcode Loader Inbound (trojan.rules)
2848281 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2848282 - ETPRO TROJAN Win32/StormKitty Variant CnC Exfil (trojan.rules)
2848283 - ETPRO TROJAN Win32/DiscordWH.Stealer CnC Checkin (trojan.rules)
2848284 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-22 1) (trojan.rules)
2848285 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-22 2) (trojan.rules)
2848286 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-22 3) (trojan.rules)
2848287 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-22 4) (trojan.rules)
2848288 - ETPRO TROJAN Win32/Remcos RAT Checkin 705 (trojan.rules)
2848289 - ETPRO CURRENT_EVENTS Successful HSBC Phish 2021-04-22
(current_events.rules)

[///] Modified active rules: [///]

2031445 - ET MOBILE_MALWARE Android Flubot / LIKEACHARM Stealer Exfil
(POST) (mobile_malware.rules)
2848272 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-21 1) (trojan.rules)

[---] Disabled and modified rules: [---]

2848197 - ETPRO TROJAN Win32/Woreflint Activity (POST) (trojan.rules)

Date:

Thursday, April 22, 2021

Summary title:

1 new OPEN, 12 new PRO (1 + 11) Lunar Builder, Remcos, StormKitty and Various CoinMiner.