Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/06/01

[***] Summary: [***]

9 new OPEN, 25 new PRO (9 + 16) VaporRage, JSSLoader, Kimsuky
Appleseed, PerSwaysion, MSIL/FakeSupport and other VARIOUS Phishing

Thanks @ThingzEye

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033057 - ET MALWARE NOBELIUM Win32/VaporRage Loader CnC Checkin
(malware.rules)
2033058 - ET TROJAN Observed JSSLoader Domain (deprivationant .com
in TLS SNI) (trojan.rules)
2033059 - ET MOBILE_MALWARE Kimsuky AppleSeed CnC Checkin
(mobile_malware.rules)
2033060 - ET TROJAN Observed CobaltStrike Loader Domain
(cybersecyrity .com in TLS SNI) (trojan.rules)
2033061 - ET TROJAN Observed CobaltStrike CnC Domain
(defendersecyrity .com in TLS SNI) (trojan.rules)
2033062 - ET CURRENT_EVENTS Observed UK Gov Support Landing
2021-06-01 (current_events.rules)
2033063 - ET CURRENT_EVENTS PerSwaysion Landing Page M3 (current_events.rules)
2033064 - ET CURRENT_EVENTS Secure Email Portal Lure Landing Page
(current_events.rules)
2033065 - ET TROJAN Cobalt Strike C2 Profile (news_indexedimages)
(trojan.rules)

Pro:

2848769 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848770 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848771 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848772 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-29 1) (trojan.rules)
2848773 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-29 2) (trojan.rules)
2848774 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-29 3) (trojan.rules)
2848775 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-29 4) (trojan.rules)
2848776 - ETPRO TROJAN Sliver Framework HTTP C2 sessionInit (trojan.rules)
2848777 - ETPRO TROJAN Maldoc Requesting Fake PNG (set) (trojan.rules)
2848778 - ETPRO TROJAN Maldoc Requesting Fake PNG (trojan.rules)
2848779 - ETPRO MALWARE MSIL/FakeSupport Variant Activity (checkin)
(malware.rules)
2848780 - ETPRO MALWARE MSIL/FakeSupport Variant Activity (admin)
(malware.rules)
2848781 - ETPRO MALWARE MSIL/FakeSupport Variant Activity (refund)
(malware.rules)
2848782 - ETPRO MALWARE MSIL/FakeSupport Variant Activity (malware.rules)
2848783 - ETPRO TROJAN Maldoc Retrieving Malicious Payload (trojan.rules)
2848784 - ETPRO CURRENT_EVENTS Successfil Citibank Phish 2021-06-01
(current_events.rules)

[///] Modified active rules: [///]

2016888 - ET TROJAN TrojanSpy.KeyLogger Hangover Campaign
User-Agent(sendFile) (trojan.rules)

Date:
Summary title:
9 new OPEN, 25 new PRO (9 + 16) VaporRage, JSSLoader, Kimsuky Appleseed, PerSwaysion, MSIL/FakeSupport and other VARIOUS Phishing