Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/06/14

[***] Summary: [***]

0 new OPEN, 14 new PRO (0 + 14). Android/Spy.Agent.BRN,
Win32/Vigorf, Valyria, Various Phish.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Pro:

2848933 - ETPRO MOBILE_MALWARE Android/Spy.Agent.BRN Checkin 5
(mobile_malware.rules)
2848934 - ETPRO MOBILE_MALWARE Android/Spy.Agent.BRN Checkin 6
(mobile_malware.rules)
2848935 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-11 1) (trojan.rules)
2848936 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-11 2) (trojan.rules)
2848937 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-11 3) (trojan.rules)
2848938 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-11 4) (trojan.rules)
2848939 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-11 5) (trojan.rules)
2848940 - ETPRO POLICY Observed Atera Remote Access Application
Activity Domain in TLS SNI (policy.rules)
2848941 - ETPRO POLICY Observed Splashtop Application Activity
Domain in TLS SNI (policy.rules)
2848942 - ETPRO TROJAN Win32/Vigorf Variant Activity (POST) (trojan.rules)
2848943 - ETPRO CURRENT_EVENTS Successful Raiffeisen Bank Phish
2021-06-14 (current_events.rules)
2848944 - ETPRO CURRENT_EVENTS Successful Microsoft Phish 2021-06-14
(current_events.rules)
2848945 - ETPRO TROJAN Valyria Maldoc Activity (GET) (trojan.rules)
2848946 - ETPRO TROJAN Win32/DelfInject Variant Activity (trojan.rules)

[///] Modified active rules: [///]

2017135 - ET CURRENT_EVENTS Possible Generic Phishing Landing Jul 12
2013 (current_events.rules)
2021537 - ET CURRENT_EVENTS Possible Generic Phishing Landing Jul 28
2015 (current_events.rules)
2021538 - ET CURRENT_EVENTS Possible Generic Phishing Landing Jul 28
2015 (current_events.rules)
2021539 - ET CURRENT_EVENTS Possible Generic Phishing Landing Jul 28
2015 (current_events.rules)
2021540 - ET CURRENT_EVENTS Possible Generic Phishing Landing Jul 28
2015 (current_events.rules)
2025236 - ET CURRENT_EVENTS Possible Compromised Wordpress - Generic
Phishing Landing 2018-01-22 (current_events.rules)
2025622 - ET CURRENT_EVENTS Generic Phishing Kit Landing
(current_events.rules)
2025685 - ET CURRENT_EVENTS Generic Phishing Landing 2018-01-12
(current_events.rules)
2027392 - ET TROJAN Maze/ID Ransomware Activity (trojan.rules)
2030133 - ET TROJAN MAZE Ransomware Payment Domain in DNS Lookup
(trojan.rules)
2030134 - ET TROJAN MAZE Ransomware Payment Domain DNS Lookup (trojan.rules)
2030135 - ET POLICY MAZE Ransomware Victim Publishing Site DNS
Lookup (mazenews .top) (policy.rules)
2030136 - ET POLICY MAZE Ransomware Victim Publishing Site DNS
Lookup (newsmaze .top) (policy.rules)
2030209 - ET TROJAN Observed MAZE Ransomware CnC Domain
(checksoffice .me in TLS SNI) (trojan.rules)
2030210 - ET TROJAN Observed MAZE Ransomware CnC Domain
(plaintsotherest .net in TLS SNI) (trojan.rules)
2030211 - ET TROJAN Observed MAZE Ransomware CnC Domain
(thesawmeinrew .net in TLS SNI) (trojan.rules)
2030302 - ET INFO Common Form POST - Possible Generic Phishing
Landing 2020-06-11 (info.rules)
2030588 - ET CURRENT_EVENTS Generic Phishing Panel Accessed on
External Server (current_events.rules)
2030589 - ET CURRENT_EVENTS Generic Phishing Panel Accessed on
Internal Server (current_events.rules)
2030611 - ET CURRENT_EVENTS Generic Phishing Panel Accessed on
External Server (current_events.rules)
2030612 - ET CURRENT_EVENTS Generic Phishing Panel Accessed on
Internal Server (current_events.rules)
2030815 - ET CURRENT_EVENTS Generic Phishing Panel Accessed on
External Server (current_events.rules)
2030816 - ET CURRENT_EVENTS Generic Phishing Panel Accessed on
Internal Server (current_events.rules)
2030985 - ET CURRENT_EVENTS Generic Phishing Landing Hosted via
Weebly (current_events.rules)
2030986 - ET CURRENT_EVENTS Generic Phishing Landing Hosted via
Weebly (current_events.rules)
2030987 - ET CURRENT_EVENTS Generic Phishing Landing Hosted via
Weebly (current_events.rules)
2032324 - ET CURRENT_EVENTS Generic Phishing Panel Accessed on
External Server (current_events.rules)
2032325 - ET CURRENT_EVENTS Generic Phishing Panel Accessed on
Internal Server (current_events.rules)
2032476 - ET CURRENT_EVENTS Generic Phishing Panel Accessed on
External Server (current_events.rules)
2032477 - ET CURRENT_EVENTS Generic Phishing Panel Accessed on
Internal Server (current_events.rules)
2032478 - ET CURRENT_EVENTS Generic Phishing Panel Accessed on
External Server (current_events.rules)
2032479 - ET CURRENT_EVENTS Generic Phishing Panel Accessed on
Internal Server (current_events.rules)
2827673 - ETPRO WEB_CLIENT Generic Phishing Redirect Aug 25 2017
(web_client.rules)
2842536 - ETPRO TROJAN 404 / Snake Keylogger Style External IP Check
(trojan.rules)
2844669 - ETPRO CURRENT_EVENTS Possible Generic Phishing Redirect
(current_events.rules)

[///] Modified inactive rules: [///]

2022187 - ET CURRENT_EVENTS Generic Phishing Landing Uri Nov 25 2015
(current_events.rules)

Date:
Summary title:
0 new OPEN, 14 new PRO (0 + 14). Android/Spy.Agent.BRN, Win32/Vigorf, Valyria, Various Phish.