Daily Ruleset Update Summary 2021/07/01

Daily Ruleset Update Summary

[***] Summary: [***]

6 new OPEN, 12 new PRO (6 + 6). MageCart, AsyncRAT, NightFury RAT,
Various Phish.

Thanks @Thingzeye, @rootprivilege, @sisoma2

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033213 - ET TROJAN Observed MageCart Group 12 Domain (toolser .pw
in TLS SNI) (trojan.rules)
2033214 - ET INFO Observed External IP Lookup Domain (api .2ip .ua
in TLS SNI) (info.rules)
2033215 - ET CURRENT_EVENTS Observed Possible Phishing Landing Page
2021-06-25 (current_events.rules)
2033216 - ET CURRENT_EVENTS Observed Possible Phishing Landing Page
2021-06-29 (current_events.rules)
2033217 - ET CURRENT_EVENTS Observed Possible Phishing Landing Page
2021-06-29 (current_events.rules)
2033218 - ET CURRENT_EVENTS Observed Possible Phishing 2021-06-29
(current_events.rules)

Pro:

2849156 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2849157 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-30 1) (trojan.rules)
2849158 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-30 2) (trojan.rules)
2849159 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-30 3) (trojan.rules)
2849160 - ETPRO TROJAN NightFury/DUser RAT CnC Checkin (trojan.rules)
2849161 - ETPRO CURRENT_EVENTS Successful Chase Phish 2021-07-01
(current_events.rules)

[///] Modified active rules: [///]

2025264 - ET CURRENT_EVENTS Microsoft Onedrive Phishing Landing
2018-01-29 (current_events.rules)
2025327 - ET CURRENT_EVENTS Dropbox/OneDrive Phishing Landing
2018-02-07 (current_events.rules)
2025342 - ET CURRENT_EVENTS OneDrive Phishing Landing 2018-02-12
(current_events.rules)
2025410 - ET CURRENT_EVENTS OneDrive Phishing Landing 2018-03-08
(current_events.rules)
2025480 - ET CURRENT_EVENTS OneDrive Phishing Landing 2018-04-09
(current_events.rules)
2025550 - ET CURRENT_EVENTS OneDrive Phishing Landing 2018-05-01
(current_events.rules)
2025625 - ET CURRENT_EVENTS [eSentire] OneDrive Phishing Landing
2018-06-15 (current_events.rules)
2027026 - ET POLICY External IP Address Lookup DNS Query (2ip .ua)
(policy.rules)
2029858 - ET CURRENT_EVENTS OneDrive Phishing Landing 2020-04-10
(current_events.rules)
2029877 - ET CURRENT_EVENTS OneDrive Phishing Landing 2020-04-10
(current_events.rules)
2030715 - ET CURRENT_EVENTS OneDrive Phishing Landing on Appspot
Hosting (current_events.rules)
2032007 - ET CURRENT_EVENTS OneDrive Phishing Landing 2021-03-15
(current_events.rules)
2032680 - ET CURRENT_EVENTS Successful Onedrive Phish 2016-05-16
(current_events.rules)
2032894 - ET TROJAN Observed DarkSide Ransomware Domain (baroquetees
.com in TLS SNI) (trojan.rules)
2827637 - ETPRO CURRENT_EVENTS Successful Onedrive Phish Aug 23 2017
(current_events.rules)
2828237 - ETPRO CURRENT_EVENTS Microsoft OneDrive Phishing Landing
Oct 11 2017 (current_events.rules)
2828785 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2017-12-04
(current_events.rules)
2829645 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2018-02-13
(current_events.rules)
2830194 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2018-03-29
(current_events.rules)
2830781 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2018-05-09
(current_events.rules)
2831700 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2018-07-11
(current_events.rules)
2832192 - ETPRO CURRENT_EVENTS Successful Personalized Onedrive
Phish 2018-08-15 (current_events.rules)
2833134 - ETPRO CURRENT_EVENTS Successful Onedrive Phish 2018-10-16
(current_events.rules)
2833923 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2018-12-13
(current_events.rules)
2833928 - ETPRO CURRENT_EVENTS Successful Onedrive Phish 2018-12-13
(current_events.rules)
2833930 - ETPRO CURRENT_EVENTS Successful Onedrive Phish 2018-12-13
(current_events.rules)
2834359 - ETPRO CURRENT_EVENTS Successful Onedrive Phish 2019-01-14
(current_events.rules)
2834365 - ETPRO CURRENT_EVENTS Successful Onedrive Phish 2019-01-14
(current_events.rules)
2834651 - ETPRO CURRENT_EVENTS Successful Onedrive Phish 2019-01-30
(current_events.rules)
2834652 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-01-30
(current_events.rules)
2834831 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-02-11
(current_events.rules)
2835054 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-02-26
(current_events.rules)
2835238 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-03-07
(current_events.rules)
2835276 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-03-11
(current_events.rules)
2835706 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-04-02
(current_events.rules)
2835707 - ETPRO CURRENT_EVENTS Successful Personalized OneDrive
Phish 2019-04-02 (current_events.rules)
2835764 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-04-07
(current_events.rules)
2835867 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-04-15
(current_events.rules)
2835868 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-04-15
(current_events.rules)
2836170 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-04-30
(current_events.rules)
2836649 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-06-04
(current_events.rules)
2836685 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-06-05
(current_events.rules)
2836727 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-06-07
(current_events.rules)
2836798 - ETPRO CURRENT_EVENTS Successful Microsoft OneDrive Phish
2019-06-12 (current_events.rules)
2836867 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-06-17
(current_events.rules)
2837436 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-07-10
(current_events.rules)
2837538 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-07-16
(current_events.rules)
2837704 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-07-25
(current_events.rules)
2837935 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-08-08
(current_events.rules)
2838143 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-08-23
(current_events.rules)
2838637 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-09-30
(current_events.rules)
2838699 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-10-01
(current_events.rules)
2839024 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-10-21
(current_events.rules)
2839095 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-10-23
(current_events.rules)
2839118 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-10-24
(current_events.rules)
2839463 - ETPRO CURRENT_EVENTS Successful Onedrive Phish 2019-11-15
(current_events.rules)
2839505 - ETPRO CURRENT_EVENTS Successful Microsoft Onedrive Phish
2019-11-19 (current_events.rules)
2840395 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2020-01-13
(current_events.rules)
2841147 - ETPRO CURRENT_EVENTS Possible Successful Microsoft
OneDrive Phish 2020-02-21 (current_events.rules)
2841515 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2020-03-16
(current_events.rules)
2841979 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2020-04-10
(current_events.rules)
2843118 - ETPRO CURRENT_EVENTS Successful Microsoft OneDrive Phish
2020-06-19 (current_events.rules)
2843368 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2020-07-07
(current_events.rules)
2843486 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2020-07-13
(current_events.rules)
2843756 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2020-07-30
(current_events.rules)
2844114 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (OneDrive
Phish) (current_events.rules)
2845455 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2020-11-11
(current_events.rules)
2845643 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2020-11-24
(current_events.rules)
2845993 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2020-12-11
(current_events.rules)
2846303 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2020-12-30
(current_events.rules)
2847137 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2021-02-15
(current_events.rules)
2847265 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2021-02-23
(current_events.rules)
2847815 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2021-03-25
(current_events.rules)
2847882 - ETPRO CURRENT_EVENTS OneDrive Phishing Landing 2021-03-29
(current_events.rules)
2847899 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2021-03-30
(current_events.rules)

[///] Modified inactive rules: [///]

2823699 - ETPRO CURRENT_EVENTS Successful OneDrive Phish Dec 07 2016
(current_events.rules)

Date:

Thursday, July 1, 2021

Summary title:

6 new OPEN, 12 new PRO (6 + 6). MageCart, AsyncRAT, NightFury RAT, Various Phish.