Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/07/23

[***] Summary: [***]

7 new OPEN, 10 new PRO (7 + 3). Bazar, Cobalt Strike, KPOT Stealer,
and Magecart.

Thank you @MBThreatIntel @AffableKraut and @James_inthe_box for your
contributions.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033391 - ET TROJAN Observed Malicious SSL Cert (Bazar Backdoor)
(trojan.rules)
2033392 - ET TROJAN Observed CobaltStrike CnC Domain (krinsop .com
in TLS SNI) (trojan.rules)
2033393 - ET TROJAN Observed CobaltStrike CnC Domain (charity-wallet
.com in TLS SNI) (trojan.rules)
2033394 - ET TROJAN Observed CobaltStrike CnC Domain (gmbfrom .com
in TLS SNI) (trojan.rules)
2033397 - ET TROJAN KPOT Stealer Initial CnC Activity M5 (trojan.rules)
2033398 - ET TROJAN Observed Magecart Skimmer Domain
(cloudflare-cdnjs .com in TLS SNI) (trojan.rules)
2033399 - ET TROJAN Observed Magecart Skimmer Domain
(static-zdassets .com in TLS SNI) (trojan.rules)

Pro:

2849378 - ETPRO TROJAN Suspected DonotGroup Pult Downloader Activity
M2 (trojan.rules)
2849379 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 170
(mobile_malware.rules)
2849380 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 171
(mobile_malware.rules)

[///] Modified active rules: [///]

2003486 - ET MALWARE Drivecleaner.com Spyware User-Agent
(DriveCleaner Updater) (malware.rules)
2018789 - ET POLICY TLS possible TOR SSL traffic (policy.rules)
2025589 - ET MALWARE WiseCleaner Installed (PUA) (malware.rules)
2809804 - ETPRO MALWARE FakeAdwareCleaner.A Checkin (malware.rules)
2811429 - ETPRO TROJAN Downeks CnC Beacon (trojan.rules)
2813003 - ETPRO MALWARE ToolbarCleaner PUP Downloading (malware.rules)
2815906 - ETPRO MALWARE Win32/PCCleanerPro PUP Install Checkin (malware.rules)
2823092 - ETPRO MALWARE Win32/CainCleaner.D CnC 1 (malware.rules)
2823093 - ETPRO MALWARE Win32/CainCleaner.D CnC 2 (malware.rules)
2826068 - ETPRO MALWARE Win32/PUP User-Agent (USTechsupportStub)
(malware.rules)
2826995 - ETPRO MALWARE PUA Win32/SlimCleaner Checkin (malware.rules)
2827790 - ETPRO MALWARE Observed Malicious SSL Cert (TechSupport
Scam) (malware.rules)
2830301 - ETPRO MALWARE DriverUpdate PUA User-Agent (SupportNumber)
(malware.rules)
2831970 - ETPRO MALWARE MSIL.SysCleaner.PUP Sending System Info
(malware.rules)
2839340 - ETPRO MALWARE SlimCleaner Plus Installer User-Agent
Observed (malware.rules)
2845457 - ETPRO MALWARE FCleaner Activity (malware.rules)
2846523 - ETPRO MALWARE Win32/RegCleaner Pro Style External IP
Address Lookup (malware.rules)
2846524 - ETPRO MALWARE Win32/RegCleaner Pro Checkin via FTP (malware.rules)
2848779 - ETPRO MALWARE MSIL/FakeSupport Variant Activity (checkin)
(malware.rules)
2848780 - ETPRO MALWARE MSIL/FakeSupport Variant Activity (admin)
(malware.rules)
2848781 - ETPRO MALWARE MSIL/FakeSupport Variant Activity (refund)
(malware.rules)
2848782 - ETPRO MALWARE MSIL/FakeSupport Variant Activity (malware.rules)
2849201 - ETPRO MALWARE SafeCleaner Activity (POST) (malware.rules)

[///] Modified inactive rules: [///]

2006419 - ET MALWARE Vaccineprogram.co.kr Related Spyware User-Agent
(anycleaner) (malware.rules)
2008456 - ET MALWARE EMO/PCPrivacyCleaner Rougue Secuirty App GET
Checkin (malware.rules)
2803310 - ETPRO MALWARE SmartCleaner Related FakeAV User-Agent (malware.rules)
2807150 - ETPRO MALWARE Security Cleaner Pro FakeAV Checkin (malware.rules)

Date:
Summary title:
7 new OPEN, 10 new PRO (7 + 3). Bazar, Cobalt Strike, KPOT Stealer, and Magecart.