Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/05/25

[***] Summary: [***]

5 new OPEN, 42 new PRO (5 +
37). OSX/Adware.Pirrit, OSX/MapperState, Android/Agent.BQX,
AsyncRAT, CVE-2021-29447, CoinMiners, Various Phish.

Thanks: @ConfiantIntel

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033028 - ET MALWARE OSX/Adware.Pirrit CnC Activity 3 (malware.rules)
2033029 - ET MALWARE OSX/Adware.Pirrit CnC Activity 4 (malware.rules)
2033030 - ET TROJAN OSX/MapperState CnC Domain in DNS Lookup
(trojan.rules)
2033031 - ET MALWARE OSX/MapperState CnC Activity (malware.rules)
2033032 - ET TROJAN Suspected Sidewinder Activity (GET) (trojan.rules)

Pro:

2848685 - ETPRO MOBILE_MALWARE Android/Spy.Agent.BRT (TLS SNI) 2
(mobile_malware.rules)
2848686 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.DUI Checkin
(mobile_malware.rules)
2848687 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 84
(mobile_malware.rules)
2848688 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 85
(mobile_malware.rules)
2848689 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 86
(mobile_malware.rules)
2848690 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 87
(mobile_malware.rules)
2848691 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 88
(mobile_malware.rules)
2848692 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 89
(mobile_malware.rules)
2848693 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 90
(mobile_malware.rules)
2848694 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 91
(mobile_malware.rules)
2848695 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 92
(mobile_malware.rules)
2848696 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2848697 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2848698 - ETPRO EXPLOIT Wordpress Media Library XXE Upload
(CVE-2021-29447) (exploit.rules)
2848699 - ETPRO TROJAN ELF/Mirai Variant CnC Checkin (trojan.rules)
2848700 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-24 1) (trojan.rules)
2848701 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-24 2) (trojan.rules)
2848702 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-24 4) (trojan.rules)
2848703 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-24 3) (trojan.rules)
2848704 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-24 5) (trojan.rules)
2848705 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-24 6) (trojan.rules)
2848706 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-24 7) (trojan.rules)
2848707 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-24 8) (trojan.rules)
2848708 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-24 9) (trojan.rules)
2848709 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-24 10) (trojan.rules)
2848710 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-24 11) (trojan.rules)
2848711 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-24 12) (trojan.rules)
2848712 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-24 13) (trojan.rules)
2848713 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-24 14) (trojan.rules)
2848714 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-24 15) (trojan.rules)
2848715 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-24 16) (trojan.rules)
2848716 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-24 17) (trojan.rules)
2848717 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-24 18) (trojan.rules)
2848718 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-24 19) (trojan.rules)
2848719 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-24 20) (trojan.rules)
2848720 - ETPRO CURRENT_EVENTS Successful SMBC Phish 2021-05-25
(current_events.rules)
2848721 - ETPRO CURRENT_EVENTS Successful HSBC (UK) Phish 2021-05-25
(current_events.rules)

[///] Modified active rules: [///]

2028588 - ET TROJAN [TGI] Cobalt Strike Malleable C2 Request (O365
Profile) (trojan.rules)
2028591 - ET TROJAN [TGI] Cobalt Strike Malleable C2 Request (YouTube
Profile) (trojan.rules)
2029381 - ET TROJAN Cobalt Strike Malleable C2 Request (Stackoverflow
Profile) (trojan.rules)
2029742 - ET TROJAN Cobalt Strike Malleable C2 (Meterpreter)
(trojan.rules)
2029743 - ET TROJAN Cobalt Strike Malleable C2 (OneDrive) (trojan.rules)
2029744 - ET TROJAN Cobalt Strike Malleable C2 (Adobe RTMP) (trojan.rules)
2029977 - ET TROJAN Cobalt Strike Malleable C2 (Custom) (trojan.rules)
2029978 - ET TROJAN Cobalt Strike Malleable C2 (Custom) (trojan.rules)
2032751 - ET TROJAN Cobalt Strike Malleable C2 (jquery Profile)
(trojan.rules)
2032752 - ET TROJAN Cobalt Strike Malleable C2 (Microsoft Update GET)
(trojan.rules)
2032754 - ET TROJAN Cobalt Strike Malleable C2 (TrevorForget Profile)
(trojan.rules)
2032755 - ET TROJAN Cobalt Strike Malleable C2 (Wordpress Profile)
(trojan.rules)
2032756 - ET TROJAN Cobalt Strike Malleable C2 (WooCommerce Profile)
(trojan.rules)
2032757 - ET TROJAN Cobalt Strike Malleable C2 (WooCommerce Profile)
(trojan.rules)
2032953 - ET TROJAN Cobalt Strike Malleable C2 (Unknown Profile)
(trojan.rules)
2032956 - ET TROJAN Cobalt Strike Malleable C2 (Unknown Profile)
(trojan.rules)
2032957 - ET TROJAN Cobalt Strike Malleable C2 (Unknown Profile)
(trojan.rules)
2032964 - ET TROJAN Cobalt Strike Malleable C2 Profile (btn_bg)
(trojan.rules)
2032965 - ET TROJAN Cobalt Strike Malleable C2 Profile (__session__id
Cookie) (trojan.rules)
2032966 - ET TROJAN Cobalt Strike Malleable C2 Profile (bg) (trojan.rules)
2032975 - ET TROJAN Cobalt Strike Malleable C2 Profile (Teams) M1
(trojan.rules)
2032976 - ET TROJAN Cobalt Strike Malleable C2 Profile (Teams) M2
(trojan.rules)
2033008 - ET TROJAN Cobalt Strike Malleable C2 JQuery Custom Profile M3
(trojan.rules)
2033009 - ET TROJAN Cobalt Strike Malleable C2 JQuery Custom Profile
Response (trojan.rules)
2823825 - ETPRO TROJAN MSIL/Revenge-RAT CnC Checkin (trojan.rules)
2841113 - ETPRO TROJAN MSIL/Revenge-RAT CnC Checkin M4 (trojan.rules)
2844605 - ETPRO TROJAN Cobalt Strike Malleable C2 (Sohu Custom)
(trojan.rules)
2847201 - ETPRO TROJAN Cobalt Strike Malleable C2 Activity (trojan.rules)

Date:
Summary title:
5 new OPEN, 42 new PRO (5 + 37). OSX/Adware.Pirrit, OSX/MapperState, Android/Agent.BQX, AsyncRAT, CVE-2021-29447, CoinMiners, Various Phish.