Daily Ruleset Update Summary 2021/06/02

Daily Ruleset Update Summary

[***] Summary: [***]

9 new OPEN, 31 new PRO (9 + 22) Vdiar, Magecart Domains, JSSLoader,
and VARIOUS PHISHING

Thanks to @AffableKraut @ShadowChasing1 and @z0ul_

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033066 - ET TROJAN Vidar Stealer - FaceIt Checkin Response (trojan.rules)
2033067 - ET TROJAN Observed Magecart Skimmer Domain
(googie-analitycs .site in TLS SNI) (trojan.rules)
2033068 - ET TROJAN Observed Magecart Skimmer Domain
(googie-analytics .online in TLS SNI) (trojan.rules)
2033069 - ET TROJAN Observed Magecart Skimmer Domain
(googie-analytics .website in TLS SNI) (trojan.rules)
2033070 - ET TROJAN Observed Magecart Skimmer Domain
(googletagsmanager .website in TLS SNI) (trojan.rules)
2033071 - ET TROJAN Evilnum Activity (GET) (trojan.rules)
2033072 - ET TROJAN FIN7 JSSLoader Variant Activity (POST) (trojan.rules)
2033073 - ET TROJAN Observed JSSLoader Variant Domain
(legislationient .com in TLS SNI) (trojan.rules)
2033074 - ET TROJAN FIN7 JSSLoader Variant Activity (GET) (trojan.rules)

Pro:

2848785 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848786 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-02 1) (trojan.rules)
2848787 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-02 2) (trojan.rules)
2848788 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-02 3) (trojan.rules)
2848789 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-02 4) (trojan.rules)
2848790 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-02 5) (trojan.rules)
2848791 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-02 6) (trojan.rules)
2848792 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-02 7) (trojan.rules)
2848793 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-02 8) (trojan.rules)
2848794 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-02 9) (trojan.rules)
2848795 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-02 10) (trojan.rules)
2848796 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-02 11) (trojan.rules)
2848797 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-02 12) (trojan.rules)
2848798 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-02 13) (trojan.rules)
2848799 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-02 14) (trojan.rules)
2848800 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-02 15) (trojan.rules)
2848801 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-02 16) (trojan.rules)
2848802 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-02 17) (trojan.rules)
2848803 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-02 18) (trojan.rules)
2848804 - ETPRO CURRENT_EVENTS Successful Facebook (PL) Phish
2021-06-01 (current_events.rules)
2848805 - ETPRO CURRENT_EVENTS Successful Credit Union West Phish
2021-06-02 (current_events.rules)
2848806 - ETPRO CURRENT_EVENTS Successful Rakuten Bank Phish
2021-06-02 (current_events.rules)

[///] Modified active rules: [///]

2033064 - ET CURRENT_EVENTS Secure Email Portal Lure Landing Page
(current_events.rules)
2848784 - ETPRO CURRENT_EVENTS Successful Citibank Phish 2021-06-01
(current_events.rules)

Date:

Wednesday, June 2, 2021

Summary title:

9 new OPEN, 31 new PRO (9 + 22) Vdiar, Magecart Domains, JSSLoader, and VARIOUS PHISHING