Daily Ruleset Update Summary 2021/05/06

Daily Ruleset Update Summary

[***] Summary: [***]

4 new OPEN, 32 new PRO (4 + 28). Kimsuky, Multiple Android, Remcos, Phish.

Thanks @Thingzeye

Due to a company holiday, there will not be a rule push tomorrow (May 7th).

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2032920 - ET TROJAN Kimsuky APT CnC Domain in DNS Lookup (trojan.rules)
2032921 - ET TROJAN Kimsuky APT CnC Domain in DNS Lookup (trojan.rules)
2032922 - ET TROJAN Kimsuky APT CnC Domain in DNS Lookup (trojan.rules)
2032923 - ET MALWARE SuperAntiSpyware Install Checkin (malware.rules)

Pro:

2848429 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.aiye Checkin
(mobile_malware.rules)
2848430 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 29
(mobile_malware.rules)
2848432 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 30
(mobile_malware.rules)
2848433 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 31
(mobile_malware.rules)
2848434 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 32
(mobile_malware.rules)
2848435 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 33
(mobile_malware.rules)
2848436 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 34
(mobile_malware.rules)
2848437 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 35
(mobile_malware.rules)
2848438 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 36
(mobile_malware.rules)
2848439 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 37
(mobile_malware.rules)
2848440 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 38
(mobile_malware.rules)
2848441 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 39
(mobile_malware.rules)
2848442 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 40
(mobile_malware.rules)
2848443 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 41
(mobile_malware.rules)
2848444 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 42
(mobile_malware.rules)
2848445 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 43
(mobile_malware.rules)
2848446 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 44
(mobile_malware.rules)
2848447 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848448 - ETPRO TROJAN Possible ELF/Various IoT Bot Style Device
Checkin (unknown) (trojan.rules)
2848449 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-06 1) (trojan.rules)
2848450 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-06 2) (trojan.rules)
2848451 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-06 3) (trojan.rules)
2848452 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-06 4) (trojan.rules)
2848453 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-06 5) (trojan.rules)
2848454 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-06 6) (trojan.rules)
2848455 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-06 7) (trojan.rules)
2848456 - ETPRO TROJAN Win32/Remcos RAT Checkin 708 (trojan.rules)
2848457 - ETPRO CURRENT_EVENTS Successful Santander Phish 2021-05-06
(current_events.rules)

[///] Modified active rules: [///]

2019401 - ET POLICY Vulnerable Java Version 1.8.x Detected (policy.rules)
2027189 - ET NETBIOS DCERPC DCOM ExecuteShellCommand Call - Likely
Lateral Movement (netbios.rules)
2825827 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-04-07 1) (trojan.rules)
2825828 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-04-07 2) (trojan.rules)
2826162 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-04-28 3) (trojan.rules)
2826163 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-04-28 4) (trojan.rules)
2826763 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-06-14 1) (trojan.rules)
2827236 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-07-19 5) (trojan.rules)
2827874 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-09-08 8) (trojan.rules)
2827879 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-09-08 13) (trojan.rules)
2828294 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-10-13 8) (trojan.rules)
2828437 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-10-26 7) (trojan.rules)
2828439 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-10-26 9) (trojan.rules)
2828596 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-09 4) (trojan.rules)
2828597 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-09 5) (trojan.rules)
2828619 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-10 2) (trojan.rules)
2828729 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-30 1) (trojan.rules)
2828738 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-01 3) (trojan.rules)
2828739 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-01 3) (trojan.rules)
2828832 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-08 4) (trojan.rules)
2828834 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-08 6) (trojan.rules)
2828899 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-13 4) (trojan.rules)
2828909 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-15 2) (trojan.rules)
2828976 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-18 5) (trojan.rules)
2828977 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-18 6) (trojan.rules)
2829139 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-02 9) (trojan.rules)
2829154 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-02 11) (trojan.rules)
2829162 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-02 17) (trojan.rules)
2829175 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-04 6) (trojan.rules)
2829185 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-05 3) (trojan.rules)
2829207 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-08 5) (trojan.rules)
2829211 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-08 9) (trojan.rules)
2829227 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-09 4) (trojan.rules)
2829256 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-11 2) (trojan.rules)
2829361 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-19 4) (trojan.rules)
2829373 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-22 7) (trojan.rules)
2829390 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-23 3) (trojan.rules)
2829465 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-29 2) (trojan.rules)
2829559 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-05 10) (trojan.rules)
2829674 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-14 2) (trojan.rules)
2829904 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-03-06 2) (trojan.rules)
2829982 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-03-12 4) (trojan.rules)
2830075 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-03-20 4) (trojan.rules)
2830104 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-03-23 2) (trojan.rules)
2830170 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-03-28 3) (trojan.rules)
2830240 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-03 2) (trojan.rules)
2830241 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-03 3) (trojan.rules)
2830298 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-06 3) (trojan.rules)
2830320 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-09 3) (trojan.rules)
2830385 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-13 2) (trojan.rules)
2830416 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-16 6) (trojan.rules)
2830480 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-19 3) (trojan.rules)
2830525 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-23 4) (trojan.rules)
2830564 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-25 6) (trojan.rules)
2830583 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-25 5) (trojan.rules)
2830605 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-27 4) (trojan.rules)
2830617 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-30 4) (trojan.rules)
2830621 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-30 8) (trojan.rules)
2830622 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-30 9) (trojan.rules)
2830663 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-03 1) (trojan.rules)
2830665 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-03 3) (trojan.rules)
2830675 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-03 13) (trojan.rules)
2830715 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-07 5) (trojan.rules)
2830718 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-07 8) (trojan.rules)
2830719 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-07 9) (trojan.rules)
2830725 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-07 15) (trojan.rules)
2830748 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-08 1) (trojan.rules)
2830749 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-08 2) (trojan.rules)
2830751 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-08 4) (trojan.rules)
2830769 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-09 1) (trojan.rules)
2830770 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-09 2) (trojan.rules)
2830774 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-09 6) (trojan.rules)
2830776 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-09 8) (trojan.rules)
2830796 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-10 3) (trojan.rules)
2830798 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-10 5) (trojan.rules)
2830832 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-14 3) (trojan.rules)
2830833 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-14 4) (trojan.rules)
2830834 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-14 5) (trojan.rules)
2830840 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-14 11) (trojan.rules)
2830841 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-14 12) (trojan.rules)
2830843 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-14 14) (trojan.rules)
2830856 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-15 4) (trojan.rules)
2830857 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-15 5) (trojan.rules)
2830862 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-15 9) (trojan.rules)
2830878 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-16 4) (trojan.rules)
2830881 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-16 7) (trojan.rules)
2830916 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-18 2) (trojan.rules)
2830921 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-18 7) (trojan.rules)
2831020 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-24 2) (trojan.rules)
2831066 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-29 3) (trojan.rules)
2831067 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-29 4) (trojan.rules)
2831105 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-31 3) (trojan.rules)
2831126 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-01 5) (trojan.rules)
2831149 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-04 7) (trojan.rules)
2831173 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-06 5) (trojan.rules)
2831186 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-07 2) (trojan.rules)
2831198 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-08 2) (trojan.rules)
2831213 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-11 9) (trojan.rules)
2831214 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-11 10) (trojan.rules)
2831263 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-13 3) (trojan.rules)
2831290 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-15 4) (trojan.rules)
2831313 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-18 10) (trojan.rules)
2831366 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-20 6) (trojan.rules)
2831514 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-02 7) (trojan.rules)
2831570 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-05 5) (trojan.rules)
2831578 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-05 13) (trojan.rules)
2831598 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-06 4) (trojan.rules)
2831633 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-09 1) (trojan.rules)
2831640 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-09 8) (trojan.rules)
2831762 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-12 5) (trojan.rules)
2831812 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-16 8) (trojan.rules)
2831852 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-17 2) (trojan.rules)
2831857 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-17 7) (trojan.rules)
2831858 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-17 8) (trojan.rules)
2832068 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-08-02 2) (trojan.rules)
2832158 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-08-13 2) (trojan.rules)
2832172 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-08-14 1) (trojan.rules)
2832173 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-08-14 2) (trojan.rules)
2832278 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-08-22 2) (trojan.rules)
2832509 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-09-10 5) (trojan.rules)
2832510 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-09-10 6) (trojan.rules)
2832511 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-09-10 7) (trojan.rules)
2832869 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-10-01 4) (trojan.rules)
2832911 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-10-02 2) (trojan.rules)
2833104 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-10-15 8) (trojan.rules)
2833282 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-10-25 3) (trojan.rules)
2833374 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-10-31 6) (trojan.rules)
2833480 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-06 1) (trojan.rules)
2833629 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-26 6) (trojan.rules)
2833634 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-26 11) (trojan.rules)
2833638 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-26 15) (trojan.rules)
2833658 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-27 4) (trojan.rules)
2833688 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-28 2) (trojan.rules)
2833869 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-12-10 4) (trojan.rules)
2834139 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-12-31 2) (trojan.rules)
2834597 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-01-28 2) (trojan.rules)
2834967 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-02-21 9) (trojan.rules)
2834968 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-02-21 10) (trojan.rules)
2835947 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-04-19 2) (trojan.rules)
2836259 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-05-08 2) (trojan.rules)
2836560 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-05-29 1) (trojan.rules)
2836736 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-06-07 2) (trojan.rules)
2836930 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-06-19 1) (trojan.rules)
2837185 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-07-02 4) (trojan.rules)
2840728 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-29 2) (trojan.rules)
2841702 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-25 1) (trojan.rules)
2842483 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-05-11 1) (trojan.rules)
2847322 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-24 6) (trojan.rules)
2847378 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-01 6) (trojan.rules)
2847460 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-05 2) (trojan.rules)
2847714 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-20 1) (trojan.rules)

[///] Modified inactive rules: [///]

2828996 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-15 2) (trojan.rules)
2829160 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-02 15) (trojan.rules)

Date:

Thursday, May 6, 2021

Summary title:

4 new OPEN, 32 new PRO (4 + 28). Kimsuky, Multiple Android, Remcos, Phish.