Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/05/17

[***] Summary: [***]

9 new OPEN, 24 new PRO (9 + 15) Win32/FileThief, Cobalt Strike,
MageCart, VenusLocker, AsyncRAT

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2032962 - ET EXPLOIT Windows HTTP Protocol Stack UAF/RCE Inbound
(CVE-2021-31166) (exploit.rules)
2032963 - ET TROJAN Observed Cobalt Strike CnC Domain (dimentos .com
in TLS SNI) (trojan.rules)
2032964 - ET TROJAN Cobalt Strike Malleable C2 Profile (btn_bg) (trojan.rules)
2032965 - ET TROJAN Cobalt Strike Malleable C2 Profile
(__session__id Cookie) (malware.rules)
2032966 - ET TROJAN Cobalt Strike Malleable C2 Profile (bg) (trojan.rules)
2032967 - ET TROJAN VenusLocker Associated User-Agent Activity (trojan.rules)
2032968 - ET TROJAN VenusLocker Activity (trojan.rules)
2032969 - ET TROJAN Observed MageCart Group 12 Domain (zolo .pw in
TLS SNI) (trojan.rules)
2032970 - ET TROJAN Observed MageCart Group 12 Domain (pathc .space
in TLS SNI) (trojan.rules)

Pro:

2848548 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848549 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848550 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848551 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848552 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848553 - ETPRO TROJAN Win32/FileThief CnC Exfil (trojan.rules)
2848554 - ETPRO TROJAN ELF/Mirai Variant CnC Checkin (trojan.rules)
2848555 - ETPRO TROJAN Cobalt Strike CnC Beacon (trojan.rules)
2848556 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-15 1) (trojan.rules)
2848557 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-15 2) (trojan.rules)
2848558 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-15 3) (trojan.rules)
2848559 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-15 4) (trojan.rules)
2848560 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-15 5) (trojan.rules)
2848561 - ETPRO TROJAN Win32/Refinka.vho CnC Checkin (trojan.rules)
2848562 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2021-05-17
(current_events.rules)

[///] Modified active rules: [///]

2838023 - ETPRO TROJAN Win32/SafeNewTab Activity (trojan.rules)

[---] Removed rules: [---]

2848543 - ETPRO MALWARE Win32/LoadMoney Submitting System Info to
CnC (malware.rules)

Date:
Summary title:
9 new OPEN, 24 new PRO (9 + 15) Win32/FileThief, Cobalt Strike, MageCart, VenusLocker, AsyncRAT