Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/05/19

[***] Summary: [***]

7 new OPEN, 32 new PRO (7 + 25) Bizarro Banker, Silber Implant,
NightfallGT Discord Malwares, Android/Agent.BQX, and DarkNexus.

Thanks @thingzeye

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2032996 - ET TROJAN Observed Silver Implant Domain (raspoly .biz in
TLS SNI) (trojan.rules)
2032997 - ET TROJAN Observed Malicious SSL Cert (Silver Implant)
(trojan.rules)
2032998 - ET TROJAN Suspected Bizarro Banker Activity (POST) (trojan.rules)
2032999 - ET TROJAN NightfallGT Discord Token Grabber (trojan.rules)
2033000 - ET TROJAN NightfallGT Discord Nitro Ransomware (trojan.rules)
2033001 - ET CURRENT_EVENTS Possible Phishing Landing Page
2021-05-18 (current_events.rules)
2033002 - ET POLICY Baidu Spider Webcrawler User Agent - inbound
(policy.rules)

Pro:

2848589 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 70
(mobile_malware.rules)
2848590 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 71
(mobile_malware.rules)
2848591 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 72
(mobile_malware.rules)
2848592 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 73
(mobile_malware.rules)
2848593 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 74
(mobile_malware.rules)
2848594 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 75
(mobile_malware.rules)
2848595 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 76
(mobile_malware.rules)
2848596 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 77
(mobile_malware.rules)
2848597 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 78
(mobile_malware.rules)
2848598 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 79
(mobile_malware.rules)
2848599 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 80
(mobile_malware.rules)
2848600 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 81
(mobile_malware.rules)
2848601 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 82
(mobile_malware.rules)
2848602 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 83
(mobile_malware.rules)
2848603 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848604 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848605 - ETPRO TROJAN Bandook TCP CnC Beacon Keep-Alive (Inbound)
(trojan.rules)
2848606 - ETPRO TROJAN ELF/DarkNexus CnC Beacon Keep-Alive
(Outbound) (trojan.rules)
2848607 - ETPRO TROJAN ELF/DarkNexus CnC Beacon Keep-Alive (Inbound)
(trojan.rules)
2848608 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-18 1) (trojan.rules)
2848609 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-18 2) (trojan.rules)
2848610 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-18 3) (trojan.rules)
2848611 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-18 4) (trojan.rules)
2848612 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-18 5) (trojan.rules)
2848613 - ETPRO CURRENT_EVENTS Successful CIBC Bank Phish 2021-05-19
(current_events.rules)

[///] Modified active rules: [///]

2013254 - ET TROJAN Yandexbot Request Outbound (trojan.rules)
2032936 - ET TROJAN Suspected Sliver DNS CnC (trojan.rules)

[///] Modified inactive rules: [///]

2013253 - ET POLICY Yandexbot Request Inbound (policy.rules)

Date:
Summary title:
7 new OPEN, 32 new PRO (7 + 25) Bizarro Banker, Silber Implant, NightfallGT Discord Malwares, Android/Agent.BQX, and DarkNexus.