Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/06/24

[***] Summary: [***]

15 new OPEN, 30 new PRO (15 + 15). ReverseRAT, AllaKore, lu0bot, ChaChi
RAT, MSIL/Agent.DDT, Various PHISH, Coinminers.

Thanks: @fumik0_, @BlackLotusLabs

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033171 - ET TROJAN ReverseRAT Activity (POST) M3 (trojan.rules)
2033172 - ET TROJAN ReverseRAT Activity (POST) M4 (trojan.rules)
2033173 - ET MALWARE AllaKore CnC Activity (malware.rules)
2033174 - ET TROJAN ReverseRAT Activity (POST) M1 (trojan.rules)
2033175 - ET TROJAN ReverseRAT Activity (POST) M2 (trojan.rules)
2033176 - ET TROJAN lu0bot Loader HTTP Request (trojan.rules)
2033177 - ET TROJAN lu0bot CnC Domain in DNS Lookup (trojan.rules)
2033178 - ET TROJAN lu0bot CnC Domain in DNS Lookup (trojan.rules)
2033179 - ET TROJAN lu0bot CnC Domain in DNS Lookup (trojan.rules)
2033180 - ET TROJAN lu0bot CnC Domain in DNS Lookup (trojan.rules)
2033181 - ET TROJAN lu0bot Loader HTTP Response (trojan.rules)
2033182 - ET TROJAN ChaChi RAT Client CnC (POST) (trojan.rules)
2033183 - ET TROJAN ChaChi RAT Server Response (trojan.rules)
2033184 - ET TROJAN ChaChi RAT Client CnC (POST) (trojan.rules)
2033185 - ET INFO Suspected DNS CnC via TXT queries (info.rules)

Pro:

2849062 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 125
(mobile_malware.rules)
2849063 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 126
(mobile_malware.rules)
2849064 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 127
(mobile_malware.rules)
2849065 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 128
(mobile_malware.rules)
2849066 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 129
(mobile_malware.rules)
2849067 - ETPRO TROJAN Observed Malicious SSL Cert (DCRAT Variant)
(trojan.rules)
2849068 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2849069 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-24 1) (trojan.rules)
2849070 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-24 2) (trojan.rules)
2849071 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-24 3) (trojan.rules)
2849072 - ETPRO TROJAN MSIL/Agent.DDT Initial Checkin (trojan.rules)
2849073 - ETPRO TROJAN MSIL/Agent.DDT KeepAlive (trojan.rules)
2849074 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-06-24
(current_events.rules)
2849075 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-06-24
(current_events.rules)
2849076 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2021-06-24
(current_events.rules)

[---] Removed rules: [---]

2848473 - ETPRO TROJAN Ceta/LokiRAT Activity (POST) (trojan.rules)
2848631 - ETPRO TROJAN Ceta/LokiRAT Activity (POST) (trojan.rules)

Date:
Summary title:
15 new OPEN, 30 new PRO (15 + 15). ReverseRAT, AllaKore, lu0bot, ChaChi RAT, MSIL/Agent.DDT, Various PHISH, Coinminers.