Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/04/26

[***] Summary: [***]

5 new OPEN, 32 new PRO (5 + 27). Win32.Raccoon Stealer, PHP
Skimmer, AsyncRAT, Various CoinMiners, Win32/GoNmaes, Win32/Shelr.

Thanks: @rootprivilege

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2032825 - ET TROJAN Observed Win32.Raccoon Stealer CnC Domain (birdmilk
.top in TLS SNI) (trojan.rules)
2032826 - ET TROJAN Observed Win32.Raccoon Stealer CnC Domain
(footballstar .top in TLS SNI) (trojan.rules)
2032827 - ET TROJAN Observed Win32.Raccoon Stealer CnC Domain (stockme
.top in TLS SNI) (trojan.rules)
2032828 - ET TROJAN PHP Skimmer CnC Domain in DNS Lookup
(secure-authorize .net) (trojan.rules)
2032829 - ET TROJAN PHP Skimmer Exfil Attempt (trojan.rules)

Pro:

2848298 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2848299 - ETPRO TROJAN Win32/Masslogger!ml CnC Exfil (trojan.rules)
2848300 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-24 1) (trojan.rules)
2848301 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-24 2) (trojan.rules)
2848302 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-24 3) (trojan.rules)
2848303 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-24 4) (trojan.rules)
2848304 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-24 5) (trojan.rules)
2848305 - ETPRO TROJAN Win32/Presenoker Requesting Batch File M11
(trojan.rules)
2848306 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-25 1) (trojan.rules)
2848307 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-25 2) (trojan.rules)
2848308 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-25 3) (trojan.rules)
2848309 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-25 4) (trojan.rules)
2848310 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-25 5) (trojan.rules)
2848311 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-25 6) (trojan.rules)
2848312 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-25 7) (trojan.rules)
2848313 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-25 8) (trojan.rules)
2848314 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-25 9) (trojan.rules)
2848315 - ETPRO POLICY Suspicious Batch Set Obfuscation Inbound M1
(policy.rules)
2848316 - ETPRO TROJAN Win32/GoNmaes Submitting System Info to CnC
(trojan.rules)
2848317 - ETPRO INFO Suspicious AppData Local Temp File Upload in
Outbound POST (info.rules)
2848318 - ETPRO POLICY External IP Check (ip.dhcp.cn) (policy.rules)
2848319 - ETPRO TROJAN Win32/Remcos RAT Checkin 706 (trojan.rules)
2848322 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set)
(current_events.rules)
2848323 - ETPRO CURRENT_EVENTS Successful Orange (FR) Phish 2021-04-26
(current_events.rules)
2848324 - ETPRO TROJAN Win32/Shelr Sending System Information
(trojan.rules)

[///] Modified active rules: [///]

2838650 - ETPRO TROJAN Win32/Presenoker Requesting Batch File M4
(trojan.rules)

Date:
Summary title:
5 new OPEN, 32 new PRO (5 + 27). Win32.Raccoon Stealer, PHP Skimmer, AsyncRAT, Various CoinMiners, Win32/GoNmaes, Win32/Shelr.