Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/05/28

[***] Summary: [***]

9 new OPEN, 24 new PRO (9 + 15). NOBELIUM, Apricot
Scrub, Android/Agent.BQX, ELF/Mirai, Cobalt Strike, CoinMiners.

Due to the upcoming US Memorial Day holiday, we will not be publishing
rules on Monday, May 31st.

Thanks: @ThingzEye, @NCCGroupInfosec

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033044 - ET TROJAN Malicious Second Stage Payload Inbound 2021-02-19
(trojan.rules)
2033045 - ET INFO POST to Double Slash in URI (info.rules)
2033048 - ET CURRENT_EVENTS Possible Phishing Landing Page 2021-05-24
(current_events.rules)
2033050 - ET TROJAN NOBELIUM Cobalt Strike CnC Domain in DNS Lookup
(trojan.rules)
2033051 - ET TROJAN NOBELIUM Cobalt Strike CnC Domain in DNS Lookup
(trojan.rules)
2033052 - ET TROJAN NOBELIUM Fingerprint Checkin (trojan.rules)
2033054 - ET TROJAN Apricot Scrub Activity (GET) (trojan.rules)

Pro:

2848754 - ETPRO MOBILE_MALWARE Android/Spy.Agent.BRT (TLS SNI)
(mobile_malware.rules)
2848755 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 93
(mobile_malware.rules)
2848756 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 94
(mobile_malware.rules)
2848757 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 95
(mobile_malware.rules)
2848758 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2848759 - ETPRO TROJAN ELF/Mirai Variant CnC Checkin (trojan.rules)
2848760 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-27 1) (trojan.rules)
2848761 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-27 2) (trojan.rules)
2848762 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-27 3) (trojan.rules)
2848763 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-27 4) (trojan.rules)
2848764 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-27 5) (trojan.rules)
2848765 - ETPRO TROJAN Cobalt Strike Malleable JQuery Custom Profile M4
(trojan.rules)
2848766 - ETPRO TROJAN Win32/Remcos RAT Checkin 723 (trojan.rules)
2848767 - ETPRO CURRENT_EVENTS Successful Huntington Bank Phish
2021-05-28 (current_events.rules)
2848768 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-05-28
(current_events.rules)

[---] Removed rules: [---]

2847222 - ETPRO TROJAN Malicious Second Stage Payload Inbound 2021-02-19
(trojan.rules)

Date:
Summary title:
9 new OPEN, 24 new PRO (9 + 15). NOBELIUM, Apricot Scrub, Android/Agent.BQX, ELF/Mirai, Cobalt Strike, CoinMiners.