Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/06/22

[***] Summary: [***]

7 new OPEN, 27 new PRO (7 + 20). DarkRadiation Ransomware, Cobalt Strike,
Klingon RAT, AsyncRAT, Various Android/Agent.BQX, Unk Rootkit, Various
PHISH.

Thanks: @ThingzEye

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033155 - ET CURRENT_EVENTS Observed Possible Phishing Landing Page
2021-06-22 (current_events.rules)
2033156 - ET TROJAN Observed Malicious SSL Cert (Klingon RAT)
(trojan.rules)
2033158 - ET MALWARE Cobalt Strike Malleable C2 Profile wordpress_ Cookie
Test (malware.rules)
2033159 - ET TROJAN Linux DarkRadiation Ransomware Activity (wget)
(trojan.rules)
2033160 - ET TROJAN Linux DarkRadiation Ransomware Activity (curl)
(trojan.rules)
2033161 - ET TROJAN Linux DarkRadiation Ransomware Telegram Activity
(trojan.rules)
2033162 - ET TROJAN Linux DarkRadiation Ransomware Activity Attack Check
(trojan.rules)

Pro:

2849019 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 115
(mobile_malware.rules)
2849020 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 116
(mobile_malware.rules)
2849021 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 117
(mobile_malware.rules)
2849022 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 118
(mobile_malware.rules)
2849023 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 119
(mobile_malware.rules)
2849024 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 120
(mobile_malware.rules)
2849025 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 121
(mobile_malware.rules)
2849026 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 122
(mobile_malware.rules)
2849027 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 123
(mobile_malware.rules)
2849028 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 124
(mobile_malware.rules)
2849029 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2849030 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2849031 - ETPRO TROJAN Win32/Unk.Stealer CnC Exfil (trojan.rules)
2849032 - ETPRO TROJAN ELF/Mirai Variant CnC Checkin (trojan.rules)
2849033 - ETPRO TROJAN Unk Rootkit CnC Activity M1 (trojan.rules)
2849034 - ETPRO TROJAN Unk Rootkit CnC Activity M2 (trojan.rules)
2849035 - ETPRO TROJAN Possible Unk Rootkit CnC Activity M3 (trojan.rules)
2849036 - ETPRO ACTIVEX Successful Wells Fargo Phish 2021-06-22
(activex.rules)
2849037 - ETPRO ACTIVEX Successful Outlook Phish 2021-06-22
(activex.rules)
2849038 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-06-22
(current_events.rules)

[///] Modified active rules: [///]

2019091 - ET EXPLOIT Metasploit Random Base CharCode JS Encoded String
(exploit.rules)
2811429 - ETPRO TROJAN Downeks CnC Beacon (trojan.rules)

[---] Disabled rules: [---]

2828650 - ETPRO TROJAN MSIL/Agent.SFZ RAT CnC Response Beacon
(trojan.rules)

Date:
Summary title:
7 new OPEN, 27 new PRO (7 + 20). DarkRadiation Ransomware, Cobalt Strike, Klingon RAT, AsyncRAT, Various Android/Agent.BQX, Unk Rootkit, Various PHISH.