Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/08/09

[***] Summary: [***]

13 new OPEN, 26 new PRO (13 + 13). APT33, AsyncRAT, SSV Agent, others.

Thanks @MichalKoczwara, @ThingzEye

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033685 - ET TROJAN Observed SSL/TLS Cert (Splashtop Remote Support)
(trojan.rules)
2033686 - ET MOBILE_MALWARE APT33/Charming Kitten Android/LittleLooter
Activity (POST) (mobile_malware.rules)
2033687 - ET MOBILE_MALWARE APT33/Charming Kitten Android/LittleLooter
Activity (POST) M2 (mobile_malware.rules)
2033688 - ET MOBILE_MALWARE APT33/Charming Kitten Android/LittleLooter
Activity (POST) M3 (mobile_malware.rules)
2033689 - ET MOBILE_MALWARE APT33/Charming Kitten Android/LittleLooter
Activity (POST) M4 (mobile_malware.rules)
2033690 - ET TROJAN Cobalt Strike Infrastructure CnC Domain in DNS Lookup
(trojan.rules)
2033691 - ET TROJAN Cobalt Strike Infrastructure CnC Domain in DNS Lookup
(trojan.rules)
2033692 - ET TROJAN Cobalt Strike Infrastructure CnC Domain in DNS Lookup
(trojan.rules)
2033693 - ET TROJAN Cobalt Strike Infrastructure CnC Domain in DNS Lookup
(trojan.rules)
2033694 - ET TROJAN Cobalt Strike Infrastructure CnC Domain in DNS Lookup
(trojan.rules)
2033695 - ET TROJAN Cobalt Strike Infrastructure CnC Domain in DNS Lookup
(trojan.rules)
2033696 - ET CURRENT_EVENTS Observed OneDrive Phishing Landing Page
2021-08-09 (current_events.rules)
2033697 - ET CURRENT_EVENTS Observed Zimbra Phishing Landing Page
2021-08-09 (current_events.rules)

Pro:

2849554 - ETPRO TROJAN Possible SSV Agent Dropper Payload Request
(trojan.rules)
2849555 - ETPRO TROJAN SweetyStealer CnC Exfil via Discord (trojan.rules)
2849556 - ETPRO TROJAN Powershell VJworm Variant Checkin (trojan.rules)
2849557 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2849558 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-08-09
(current_events.rules)
2849559 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-02 1) (trojan.rules)
2849560 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-02 2) (trojan.rules)
2849561 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-04 1) (trojan.rules)
2849562 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-04 2) (trojan.rules)
2849563 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-04 3) (trojan.rules)
2849564 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-08 1) (trojan.rules)
2849565 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-08 2) (trojan.rules)
2849566 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2021-08-09
(current_events.rules)

[///] Modified active rules: [///]

2027274 - ET POLICY Request for Possible Microsoft Phishing Hosted on
Github.io (policy.rules)
2029040 - ET TROJAN ELF/Roboto - Possible Encrypted Roboto P2P Payload
Requested M1 (trojan.rules)
2844679 - ETPRO TROJAN ELF/SystemDMiner.C CnC Checkin (trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:
Summary title:
13 new OPEN, 26 new PRO (13 + 13). APT33, AsyncRAT, SSV Agent, others.