Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/08/03

[***] Summary: [***]

11 new OPEN, 19 new PRO (11 + 8) SSV Agent, Microsoft Signed Rootkit, and
AndroSpy.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033647 - ET TROJAN Unknown Rootkit Download Activity (GET) (trojan.rules)
2033648 - ET TROJAN Unknown Rootkit Checkin Activity (getSystemInfo)
(trojan.rules)
2033649 - ET TROJAN W32/Quasar 1.3/Venom RAT Connectivity Check 3
(trojan.rules)
2033650 - ET TROJAN SSV Agent CnC Activity (trojan.rules)
2033651 - ET TROJAN Observed SSV Agent CnC Domain (edgecloudc .com in TLS
SNI) (trojan.rules)
2033652 - ET TROJAN Observed SSV Agent CnC Domain (be-government .com in
TLS SNI) (trojan.rules)
2033653 - ET TROJAN Observed SSV Agent CnC Domain (gitcloudcache .com in
TLS SNI) (trojan.rules)
2033654 - ET TROJAN Observed SSV Agent CnC Domain (hostupoeui .com in TLS
SNI) (trojan.rules)
2033655 - ET TROJAN Observed SSV Agent CnC Domain (drmtake .tk in TLS
SNI) (trojan.rules)
2033656 - ET TROJAN Observed SSV Agent CnC Domain (rsnet-devel .com in
TLS SNI) (trojan.rules)
2033657 - ET TROJAN Observed SSV Agent CnC Domain (flushcdn .com in TLS
SNI) (trojan.rules)

Pro:

2810796 - ETPRO TROJAN Win32/Bancos.AMF CnC Beacon 5 (trojan.rules)
2849542 - ETPRO MOBILE_MALWARE AndroSpy Checkin (mobile_malware.rules)
2849543 - ETPRO MOBILE_MALWARE AndroSpy Checkin 2 (mobile_malware.rules)
2849544 - ETPRO MOBILE_MALWARE AndroSpy Checkin 3 (mobile_malware.rules)
2849545 - ETPRO MOBILE_MALWARE AndroSpy Response 1 (mobile_malware.rules)
2849546 - ETPRO MOBILE_MALWARE AndroSpy Checkin 4 (mobile_malware.rules)
2849547 - ETPRO MOBILE_MALWARE AndroSpy Checkin 5 (mobile_malware.rules)
2849548 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-08-03
(current_events.rules)

[///] Modified active rules: [///]

2810792 - ETPRO TROJAN Win32/Bancos.AMF CnC Beacon 1 (trojan.rules)
2810793 - ETPRO TROJAN Win32/Bancos.AMF CnC Beacon 2 (trojan.rules)
2810794 - ETPRO TROJAN Win32/Bancos.AMF CnC Beacon 3 (trojan.rules)
2810795 - ETPRO TROJAN Win32/Bancos.AMF CnC Beacon 4 (trojan.rules)
2810797 - ETPRO TROJAN Win32/Bancos.AMF CnC Beacon 6 (trojan.rules)
2810798 - ETPRO TROJAN Win32/Bancos.AMF CnC Beacon 7 (trojan.rules)
2810799 - ETPRO TROJAN Win32/Bancos.AMF CnC Beacon 8 (trojan.rules)
2810800 - ETPRO TROJAN Win32/Bancos.AMF CnC Beacon 9 (trojan.rules)
2810801 - ETPRO TROJAN Win32/Bancos.AMF CnC Beacon 10 (trojan.rules)
2810802 - ETPRO TROJAN Win32/Bancos.AMF CnC Beacon 11 (trojan.rules)
2810803 - ETPRO TROJAN Win32/Bancos.AMF CnC Beacon 12 (trojan.rules)
2810804 - ETPRO TROJAN Win32/Bancos.AMF CnC Beacon 13 (trojan.rules)
2810805 - ETPRO TROJAN Win32/Bancos.AMF CnC Beacon 14 (trojan.rules)
2810806 - ETPRO TROJAN Win32/Bancos.AMF CnC Beacon 15 (trojan.rules)
2810807 - ETPRO TROJAN Win32/Bancos.AMF CnC Beacon 16 (trojan.rules)

[///] Modified inactive rules: [///]

2002354 - ET MALWARE 180solutions Spyware versionconfig POST
(malware.rules)

Date:
Summary title:
11 new OPEN, 19 new PRO (11 + 8) SSV Agent, Microsoft Signed Rootkit, and AndroSpy.