Daily Ruleset Update Summary 2021/06/11

Daily Ruleset Update Summary

[***] Summary: [***]

4 new OPEN, 26 new PRO (4 + 22). CVE-2020-36289, FIN7, Valyria
Maldoc, Others.

Thanks @ShadowChasing1.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033136 - ET EXPLOIT Atlassian Jira Unauth User Enumeration Attempt
(CVE-2020-36289) (exploit.rules)
2033137 - ET POLICY Observed Filesharing Domain (privatlab .com in
TLS SNI) (policy.rules)
2033138 - ET TROJAN Observed FIN7 CnC Domain (injuryless .com in TLS
SNI) (trojan.rules)
2033140 - ET TROJAN Observed APT41 Malicious SSL Cert (ColunmTK
Campaign) (trojan.rules)

Pro:

2848911 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Banbra.o (DNS
Lookup) (mobile_malware.rules)
2848912 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Banbra.o (DNS
Lookup) 2 (mobile_malware.rules)
2848913 - ETPRO MOBILE_MALWARE Android/Spy.Agent.BRN Checkin
(mobile_malware.rules)
2848914 - ETPRO MOBILE_MALWARE Android/Spy.Agent.BRN Checkin 2
(mobile_malware.rules)
2848915 - ETPRO MOBILE_MALWARE Android/Spy.Agent.BRN Checkin 3
(mobile_malware.rules)
2848916 - ETPRO MOBILE_MALWARE Android/Spy.Agent.BRN Checkin 4
(mobile_malware.rules)
2848917 - ETPRO TROJAN Win32/Mofksys.RND!MTB Retrieving Config (trojan.rules)
2848918 - ETPRO TROJAN Win32/Mofksys.RND!MTB Config Inbound (trojan.rules)
2848919 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-11 1) (trojan.rules)
2848920 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-11 2) (trojan.rules)
2848921 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-11 3) (trojan.rules)
2848922 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-11 4) (trojan.rules)
2848923 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-11 5) (trojan.rules)
2848924 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-11 6) (trojan.rules)
2848925 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-11 7) (trojan.rules)
2848926 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-11 8) (trojan.rules)
2848927 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-11 9) (trojan.rules)
2848928 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2848929 - ETPRO TROJAN Valyria Maldoc Activity (GET) (trojan.rules)
2848930 - ETPRO TROJAN Valyria Maldoc Activity (GET) (trojan.rules)
2848931 - ETPRO TROJAN Valyria Maldoc Activity (GET) (trojan.rules)
2848932 - ETPRO CURRENT_EVENTS Successful American Express Phish
2021-06-11 (current_events.rules)

[///] Modified active rules: [///]

2025565 - ET CURRENT_EVENTS Successful Generic Phish 2018-05-08
(set) (current_events.rules)
2025566 - ET CURRENT_EVENTS Successful Generic Phish 2018-05-08
(set) (current_events.rules)
2025579 - ET CURRENT_EVENTS Successful Generic Phish 2018-05-16
(set) (current_events.rules)
2025628 - ET CURRENT_EVENTS [eSentire] Successful Generic Phish
2018-06-15 (current_events.rules)
2025630 - ET CURRENT_EVENTS Successful Generic Phish 2018-06-27
(set) (current_events.rules)
2027294 - ET CURRENT_EVENTS Successful Generic Phish 2019-04-30
(set) (current_events.rules)
2031756 - ET CURRENT_EVENTS Possible Successful Generic Phish
2015-07-31 (current_events.rules)
2031866 - ET CURRENT_EVENTS Successful Generic Phish 2018-02-26
(set) (current_events.rules)
2032407 - ET CURRENT_EVENTS Successful Generic Phish 2016-10-27
(current_events.rules)
2032503 - ET CURRENT_EVENTS Successful Generic Phish 2016-09-08
(current_events.rules)
2032681 - ET CURRENT_EVENTS Possible Successful Generic Phish
2016-05-26 (current_events.rules)
2032684 - ET CURRENT_EVENTS Possible Successful Generic Phish
2016-06-22 (current_events.rules)
2032689 - ET CURRENT_EVENTS Possible Successful Generic Phish
2016-08-19 (current_events.rules)
2032706 - ET CURRENT_EVENTS Possible Successful Generic Phish
2016-10-07 (current_events.rules)
2033096 - ET TROJAN APT28/SkinnyBoy Checkin (trojan.rules)
2829005 - ETPRO CURRENT_EVENTS Successful Generic Phish 2017-12-20
(current_events.rules)
2830404 - ETPRO CURRENT_EVENTS Successful Generic Phish 2018-04-16
(current_events.rules)
2832118 - ETPRO CURRENT_EVENTS Successful Generic Phish 2018-08-08
(current_events.rules)
2832690 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
2018-09-19 (current_events.rules)
2832692 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
2018-09-19 (current_events.rules)
2833054 - ETPRO CURRENT_EVENTS Successful Generic Phish 2018-10-01
(current_events.rules)
2833409 - ETPRO CURRENT_EVENTS Successful Generic Phish 2018-11-01
(current_events.rules)
2833429 - ETPRO CURRENT_EVENTS Successful Generic Phish 2018-11-02
(current_events.rules)
2833717 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
2018-11-29 (current_events.rules)
2834180 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-01-02
(current_events.rules)
2834338 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-01-11
(current_events.rules)
2834356 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-01-14
(current_events.rules)
2834520 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
2019-01-23 (current_events.rules)
2834833 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-02-11
(current_events.rules)
2835038 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-02-25
(current_events.rules)
2835100 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-02-28
(current_events.rules)
2835312 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-03-12
(current_events.rules)
2836055 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-04-25
(current_events.rules)
2836057 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-04-25
(current_events.rules)
2836305 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-05-14
(current_events.rules)
2836310 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-05-14
(current_events.rules)
2837025 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-06-25
(current_events.rules)
2837176 - ETPRO CURRENT_EVENTS Successful Visa Phish 2019-07-02
(current_events.rules)
2837435 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-07-10
(current_events.rules)
2837467 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-07-11
(current_events.rules)
2837559 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-07-17
(current_events.rules)
2837562 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-07-17
(current_events.rules)
2837742 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-07-29
(current_events.rules)
2837814 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-08-01
(current_events.rules)
2838144 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-08-23
(current_events.rules)
2838706 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-10-02
(current_events.rules)
2838708 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-10-02
(current_events.rules)
2838776 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-10-07
(current_events.rules)
2839006 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-10-18
(current_events.rules)
2839231 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-11-05
(current_events.rules)
2839966 - ETPRO CURRENT_EVENTS Successful Visa Phish 2019-12-17
(current_events.rules)
2839967 - ETPRO CURRENT_EVENTS Successful Visa Phish 2019-12-17
(current_events.rules)
2840093 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-12-26
(current_events.rules)
2840157 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
2019-12-30 (current_events.rules)
2841012 - ETPRO CURRENT_EVENTS Successful Visa Phish 2020-02-12
(current_events.rules)

[---] Removed rules: [---]

2848909 - ETPRO POLICY Observed Filesharing Domain (privatlab .com
in TLS SNI) (policy.rules)

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:

Friday, June 11, 2021

Summary title:

4 new OPEN, 26 new PRO (4 + 22). CVE-2020-36289, FIN7, Valyria Maldoc, Others.