Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/05/11

[***] Summary: [***]

8 new OPEN, 24 new PRO (8 + 16). DarkSide, SombRAT, CobaltStrike, Others.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2032937 - ET TROJAN Unk.CoinMiner Loader Checkin (trojan.rules)
2032938 - ET USER_AGENTS Non-standard User-Agent (PATCHER) (user_agents.rules)
2032939 - ET TROJAN Observed DarkSide Ransomware Domain (catsdegree
.com in TLS SNI) (trojan.rules)
2032940 - ET TROJAN Observed DarkSide Ransomware Domain (temisleyes
.com in TLS SNI) (trojan.rules)
2032941 - ET TROJAN Observed DarkSide Ransomware Domain (rumahsia
.com in TLS SNI) (trojan.rules)
2032942 - ET TROJAN Suspected SombRAT DNS Activity (TXT) (trojan.rules)
2032943 - ET TROJAN Cobalt Strike Beacon Activity (UNC2447) (trojan.rules)
2032944 - ET TROJAN Cobalt Strike Beacon Activity (UNC2447) (trojan.rules)

Pro:

2848474 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 45
(mobile_malware.rules)
2848475 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 46
(mobile_malware.rules)
2848476 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI 47
(mobile_malware.rules)
2848477 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 48
(mobile_malware.rules)
2848478 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 49
(mobile_malware.rules)
2848479 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 50
(mobile_malware.rules)
2848480 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Agent.rv
(TLS SNI) (mobile_malware.rules)
2848481 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 51
(mobile_malware.rules)
2848482 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 52
(mobile_malware.rules)
2848483 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848484 - ETPRO EXPLOIT Microsoft SharePoint RCE Inbound
(CVE-2021-31181) (exploit.rules)
2848485 - ETPRO TROJAN Possible TA471 Malicious AutoIT File Upload
M2 (trojan.rules)
2848486 - ETPRO CURRENT_EVENTS Successful Citibank Phish 2021-05-11
(current_events.rules)
2848487 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2021-05-11
(current_events.rules)
2848488 - ETPRO CURRENT_EVENTS Successful Citibank Phis 2021-05-11
(current_events.rules)
2848489 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)

[///] Modified active rules: [///]

2032926 - ET INFO Possible Overflow Attempt - Abnormally Large SMTP
EHLO Inbound (info.rules)
2846284 - ETPRO TROJAN DarkSide Ransomware CnC Activity (trojan.rules)
2847827 - ETPRO TROJAN Bitter SpyTrojan CnC Activity (trojan.rules)

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:
Summary title:
8 new OPEN, 24 new PRO (8 + 16). DarkSide, SombRAT, CobaltStrike, Others.