Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/05/14

[***] Summary: [***]

1 new OPEN, 14 new PRO (1 + 13). Meterpreter, AsyncRAT, TeaBot, Others.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2032961 - ET TROJAN Remote Desktop Spy Install Checkin (trojan.rules)

Pro:

2848535 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848536 - ETPRO TROJAN Win32/Sh1zo1der CnC Exfil (trojan.rules)
2848537 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-13 1) (trojan.rules)
2848538 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-13 2) (trojan.rules)
2848539 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-13 3) (trojan.rules)
2848540 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-13 4) (trojan.rules)
2848541 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-13 5) (trojan.rules)
2848542 - ETPRO MOBILE_MALWARE Android TeaBot/Cerberus Communicating
with CnC (mobile_malware.rules)
2848543 - ETPRO MALWARE Win32/LoadMoney Submitting System Info to
CnC (malware.rules)
2848544 - ETPRO TROJAN Meterpreter Payload Communicating with CnC
(trojan.rules)
2848545 - ETPRO USER_AGENTS Suspicious UA Observed (AsyncInet)
(user_agents.rules)
2848546 - ETPRO CURRENT_EVENTS Successful Credit Union West Phish
2021-05-14 (current_events.rules)
2848547 - ETPRO CURRENT_EVENTS Successful First Security Bank Phish
2021-05-14 (current_events.rules)

[///] Modified active rules: [///]

2032953 - ET TROJAN Cobalt Strike Malleable C2 (Unknown Profile)
(trojan.rules)
2846385 - ETPRO MOBILE_MALWARE Android TeaBot/Cerberus Checkin
(mobile_malware.rules)
2846386 - ETPRO MOBILE_MALWARE Android TeaBot/Cerberus Reporting
Installed Apps (mobile_malware.rules)

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:
Summary title:
1 new OPEN, 14 new PRO (1 + 13). Meterpreter, AsyncRAT, TeaBot, Others.