Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/07/21

[***] Summary: [***]

17 new OPEN, 31 new PRO (17 + 14). ELF/Miner, Various
Android/FakeAdBlocker CnC, BlackTech FlagPro Checkin, SpyGateRAT CnC,
Remcos RAT, BazaLoader, Various Phish, Coinminers.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033366 - ET TROJAN ELF/Miner Activity (GET) (trojan.rules)
2033367 - ET TROJAN ELF/Miner Loader Activity M1 (GET) (trojan.rules)
2033368 - ET TROJAN ELF/Miner Loader Activity M2 (GET) (trojan.rules)
2033369 - ET MOBILE_MALWARE Observed Malicious SSL Cert
(Android/FakeAdBlocker CnC) (mobile_malware.rules)
2033370 - ET MOBILE_MALWARE Observed Malicious SSL Cert
(Android/FakeAdBlocker CnC) (mobile_malware.rules)
2033371 - ET MOBILE_MALWARE Observed Malicious SSL Cert
(Android/FakeAdBlocker CnC) (mobile_malware.rules)
2033372 - ET MOBILE_MALWARE Observed Malicious SSL Cert
(Android/FakeAdBlocker CnC) (mobile_malware.rules)
2033373 - ET MOBILE_MALWARE Observed Malicious SSL Cert
(Android/FakeAdBlocker CnC) (mobile_malware.rules)
2033374 - ET MOBILE_MALWARE Observed Malicious SSL Cert
(Android/FakeAdBlocker CnC) (mobile_malware.rules)
2033375 - ET MOBILE_MALWARE Observed Malicious SSL Cert
(Android/FakeAdBlocker CnC) (mobile_malware.rules)
2033376 - ET MOBILE_MALWARE Observed Malicious SSL Cert
(Android/FakeAdBlocker CnC) (mobile_malware.rules)
2033377 - ET MOBILE_MALWARE Observed Malicious SSL Cert
(Android/FakeAdBlocker CnC) (mobile_malware.rules)
2033378 - ET TROJAN Observed Win32.Raccoon Stealer Domain
(cheapfacechange .top in TLS SNI) (trojan.rules)
2033379 - ET INFO Suspicious Windows Commands in POST Body (nltest)
(info.rules)
2033380 - ET INFO Suspicious Windows Commands in POST Body (ipconfig)
(info.rules)
2033381 - ET INFO Suspicious Windows Commands in POST Body (net view)
(info.rules)
2033382 - ET INFO Suspicious Windows Commands in POST Body (net config)
(info.rules)

Pro:

2849355 - ETPRO CURRENT_EVENTS Successful Capitec Bank Phish 2021-07-21
(current_events.rules)
2849356 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2021-07-21
(current_events.rules)
2849357 - ETPRO CURRENT_EVENTS Successful Generic Credential Phish
2021-07-20 (current_events.rules)
2849358 - ETPRO CURRENT_EVENTS Successful Generic Credential Phish
2021-07-21 (current_events.rules)
2849359 - ETPRO TROJAN Suspected BlackTech FlagPro Checkin (trojan.rules)
2849360 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-21 1) (trojan.rules)
2849361 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-21 2) (trojan.rules)
2849362 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-21 3) (trojan.rules)
2849363 - ETPRO TROJAN SpyGateRAT CnC Activity M1 (Outbound)
(trojan.rules)
2849364 - ETPRO TROJAN SpyGateRAT CnC Activity M1 (Inbound) (trojan.rules)
2849365 - ETPRO TROJAN SpyGateRAT CnC Activity M2 (trojan.rules)
2849366 - ETPRO TROJAN Win32/Remcos RAT Checkin 734 (trojan.rules)
2849367 - ETPRO POLICY PCNetSoftware Remote-RAC Admin Tool Activity -
Outbound (policy.rules)
2849368 - ETPRO TROJAN Possible BazaLoader CnC Server Response
(trojan.rules)

[///] Modified active rules: [///]

2026718 - ET POLICY External IP Lookup Domain (ifconfig .me)
(policy.rules)
2026738 - ET TROJAN [PTsecurity] Trickbot Data Exfiltration (trojan.rules)
2033221 - ET MALWARE Nivesro Cheat CnC Activity M1 (malware.rules)
2033222 - ET MALWARE NivesroCheat CnC Activity M2 (malware.rules)
2846147 - ETPRO MOBILE_MALWARE Observed Malicious SNI
(Android/FakeAdBlocker CnC) (mobile_malware.rules)
2848234 - ETPRO MOBILE_MALWARE Observed Malicious SNI
(Android/FakeAdBlocker CnC) (mobile_malware.rules)
2848755 - ETPRO MOBILE_MALWARE Observed Malicious SNI
(Android/FakeAdBlocker CnC) (mobile_malware.rules)

Date:
Summary title:
17 new OPEN, 31 new PRO (17 + 14). ELF/Miner, Various Android/FakeAdBlocker CnC, BlackTech FlagPro Checkin, SpyGateRAT CnC, Remcos RAT, BazaLoader, Various Phish, Coinminers.