Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/05/12

[***] Summary: [***]

6 new OPEN, 25 new PRO (6 + 19). CobaltStrike, Android/Agent.BQX,
CoinMiners, Others.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2032945 - ET TROJAN Cobalt Strike Beacon Observed (MASB UA) (trojan.rules)
2032946 - ET POLICY PCHunter CnC activity (policy.rules)
2032947 - ET TROJAN Ares Activity (POST) (trojan.rules)
2032948 - ET USER_AGENTS Observed Suspicious User-Agent (altera
forma) (user_agents.rules)
2032949 - ET TROJAN Win32/Tnega Activity (GET) (trojan.rules)
2032950 - ET TROJAN Suspected Ares Loader Activity (GET) (trojan.rules)

Pro:

2848490 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 53
(mobile_malware.rules)
2848491 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 54
(mobile_malware.rules)
2848492 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 55
(mobile_malware.rules)
2848493 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 56
(mobile_malware.rules)
2848494 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 57
(mobile_malware.rules)
2848495 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 58
(mobile_malware.rules)
2848496 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 59
(mobile_malware.rules)
2848497 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 60
(mobile_malware.rules)
2848498 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 61
(mobile_malware.rules)
2848499 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 62
(mobile_malware.rules)
2848500 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-12 1) (trojan.rules)
2848501 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-12 2) (trojan.rules)
2848502 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-12 3) (trojan.rules)
2848503 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-12 4) (trojan.rules)
2848504 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-12 5) (trojan.rules)
2848505 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-12 6) (trojan.rules)
2848506 - ETPRO CURRENT_EVENTS Successful Expressbank Phish
2021-05-12 (current_events.rules)
2848507 - ETPRO CURRENT_EVENTS Successful Generic Credential Phish
2021-05-12 (current_events.rules)
2848508 - ETPRO CURRENT_EVENTS Successful Generic Credential Phish
(current_events.rules)

[///] Modified active rules: [///]

2836270 - ETPRO TROJAN QuasarRAT/zgRAT C2 Activity (trojan.rules)
2847831 - ETPRO TROJAN Campo Loader CnC Checkin (trojan.rules)
2847834 - ETPRO USER_AGENTS Observed Suspicious User-Agent (user_agents.rules)

[---] Removed rules: [---]

2847298 - ETPRO TROJAN Ares Activity (POST) (trojan.rules)

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:
Summary title:
6 new OPEN, 25 new PRO (6 + 19). CobaltStrike, Android/Agent.BQX, CoinMiners, Others.