Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/05/20

[***] Summary: [***]

9 new OPEN, 33 new PRO (9 + 24) SystemBC, Flubot,
AndroidOS.Jocker.de, Bandook and VARIOUS PHISHING.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2032978 - ET SCAN Google Webcrawler User-Agent
(Mediapartners-Google) (scan.rules)
2032979 - ET SCAN Yandex Webcrawler User-Agent (YandexBot) (scan.rules)
2032980 - ET SCAN DuckDuckGo Webcrawler User-Agent (DuckDuckBot) (scan.rules)
2032981 - ET SCAN Bing Webcrawler User-Agent (BingBot) (scan.rules)
2032982 - ET SCAN Naver Webcrawler User-Agent (Naver.me) (scan.rules)
2033002 - ET SCAN Baidu Spider Webcrawler User Agent - inbound (scan.rules)
2033003 - ET MOBILE_MALWARE Android Flubot / LIKEACHARM Stealer
Exfil (POST) 3 (mobile_malware.rules)
2033004 - ET TROJAN Win32/SystemBC CnC Checkin (null key) M1 (trojan.rules)
2033005 - ET TROJAN Win32/SystemBC CnC Checkin (null key) M2 (trojan.rules)

Pro:

2848614 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.bk
Checkin (mobile_malware.rules)
2848615 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Jocker.de Checkin
(mobile_malware.rules)
2848616 - ETPRO TROJAN Bandook TCP CnC Beacon Keep-Alive (Inbound)
(trojan.rules)
2848617 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848618 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-20 1) (trojan.rules)
2848619 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-20 2) (trojan.rules)
2848620 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-20 3) (trojan.rules)
2848621 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-20 4) (trojan.rules)
2848622 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-20 5) (trojan.rules)
2848623 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-20 6) (trojan.rules)
2848624 - ETPRO TROJAN Win32/Injector.EAHK Activity (trojan.rules)
2848625 - ETPRO TROJAN Win32/Remcos RAT Checkin 715 (trojan.rules)
2848626 - ETPRO TROJAN Win32/Remcos RAT Checkin 716 (trojan.rules)
2848627 - ETPRO TROJAN Win32/Remcos RAT Checkin 717 (trojan.rules)
2848628 - ETPRO TROJAN Win32/Remcos RAT Checkin 718 (trojan.rules)
2848629 - ETPRO TROJAN Win32/Remcos RAT Checkin 719 (trojan.rules)
2848630 - ETPRO TROJAN Win32/Remcos RAT Checkin 720 (trojan.rules)
2848631 - ETPRO TROJAN Ceta/LokiRAT Activity (POST) (trojan.rules)
2848632 - ETPRO CURRENT_EVENTS Successful Outlook Phish 2021-05-20
(current_events.rules)
2848633 - ETPRO CURRENT_EVENTS Successful Generic Credential Phish
2021-05-20 (current_events.rules)
2848634 - ETPRO CURRENT_EVENTS Successful Huntington Bank Phish
2021-05-20 (current_events.rules)
2848635 - ETPRO CURRENT_EVENTS Successful Zions Bank Phish
2021-05-20 (current_events.rules)
2848636 - ETPRO CURRENT_EVENTS Successful Generic Credential Phish
2021-05-20 (current_events.rules)
2848637 - ETPRO CURRENT_EVENTS Successful Banco Azteca Phish
2021-05-20 (current_events.rules)

[---] Disabled rules: [---]

2848473 - ETPRO TROJAN Ceta/LokiRAT Activity (POST) (trojan.rules)

[---] Removed rules: [---]

2032974 - ET TROJAN Possible Cobalt Strike Server Response (trojan.rules)
2032978 - ET POLICY Google Webcrawler User-Agent
(Mediapartners-Google) (policy.rules)
2032979 - ET POLICY Yandex Webcrawler User-Agent (YandexBot) (policy.rules)
2032980 - ET POLICY DuckDuckGo Webcrawler User-Agent (DuckDuckBot)
(policy.rules)
2032981 - ET POLICY Bing Webcrawler User-Agent (BingBot) (policy.rules)
2032982 - ET POLICY Naver Webcrawler User-Agent (Naver.me) (policy.rules)
2033002 - ET POLICY Baidu Spider Webcrawler User Agent - inbound
(policy.rules)

Date:
Summary title:
9 new OPEN, 33 new PRO (9 + 24) SystemBC, Flubot, AndroidOS.Jocker.de, Bandook and VARIOUS PHISHING.