Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/04/30

[***] Summary: [***]

4 new OPEN, 10 new PRO (4 + 6). Win32/XRat.AT Variant, Buer -
DomainInfo, DarkSide Ransomware, RustyBuer Checkin, Coinminer, Phish.

Thanks: Jason Reaves

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2032888 - ET TROJAN Win32/XRat.AT Variant CnC Activity (trojan.rules)
2032892 - ET MALWARE Buer - DomainInfo User-Agent (malware.rules)
2032893 - ET TROJAN Observed DNS Query to Buer - DomainInfo Domain
(trojan.rules)
2032894 - ET TROJAN Observed DarkSide Ransomware Domain (baroquetees .com
in TLS SNI) (trojan.rules)

Pro:

2848361 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-30 1) (trojan.rules)
2848362 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-30 2) (trojan.rules)
2848363 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-30 3) (trojan.rules)
2848364 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-30 4) (trojan.rules)
2848365 - ETPRO TROJAN RustyBuer Checkin (trojan.rules)
2848366 - ETPRO CURRENT_EVENTS Successful Generic Credential Phish
2021-04-30 (current_events.rules)

[///] Modified active rules: [///]

2827715 - ETPRO TROJAN W32.Zenar HTTP Request Header (trojan.rules)

[---] Removed rules: [---]

2032888 - ET TELNET Win32/XRat.AT Variant CnC Activity (telnet.rules)

Date:
Summary title:
4 new OPEN, 10 new PRO (4 + 6). Win32/XRat.AT Variant, Buer - DomainInfo, DarkSide Ransomware, RustyBuer Checkin, Coinminer, Phish.