Daily Ruleset Update Summary 2021/09/14

Daily Ruleset Update Summary

[***] Summary: [***]

10 new OPEN, 30 new PRO (10 + 20). Android/SOVA, Win32/Eyoorun.D, Cobalt
Strike, StrikedC2, Various Phish, CoinMiners.

Thanks: @ThreatFabric, @malwrhunterteam, @Unit42_Intel, @ffforward

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033939 - ET TROJAN SQUIRRELWAFFLE Loader Activity (POST) (trojan.rules)
2033940 - ET MOBILE_MALWARE Android/SOVA Banking Trojan Activity (bot
update) (mobile_malware.rules)
2033941 - ET MOBILE_MALWARE Android/SOVA Banking Trojan Activity (number
update) (mobile_malware.rules)
2033942 - ET MOBILE_MALWARE Android/SOVA Banking Trojan Activity (session
cookie delete) (mobile_malware.rules)
2033943 - ET MOBILE_MALWARE Android/SOVA Banking Trojan Activity (bot
registration) (mobile_malware.rules)
2033944 - ET MOBILE_MALWARE Android/SOVA Banking Trojan Activity (log
post) (mobile_malware.rules)
2033945 - ET MALWARE Win32/Eyoorun.D Variant Checkin (malware.rules)
2033946 - ET MOBILE_MALWARE Android/Spy.Agent.BEH Variant Activity (POST)
(mobile_malware.rules)
2033947 - ET CURRENT_EVENTS Client Cloaking Javascript Observed
(current_events.rules)
2033948 - ET TROJAN Cobalt Strike Beacon Activity (GET) (trojan.rules)

Pro:

2849574 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2849958 - ETPRO INFO Suspicious PowerShell String Inbound (DownloadFile)
(info.rules)
2849959 - ETPRO INFO Suspicious PowerShell String Inbound (WScript.Shell)
(info.rules)
2849960 - ETPRO INFO Suspicious PowerShell String Inbound (mshta.exe)
(info.rules)
2849961 - ETPRO INFO Suspicious PowerShell String Inbound (Start-Process)
(info.rules)
2849962 - ETPRO MOBILE_MALWARE Android.SmsSpy.GEN41873 Checkin
(mobile_malware.rules)
2849963 - ETPRO POLICY Claymore Etherium Miner Config Inbound
(policy.rules)
2849964 - ETPRO MOBILE_MALWARE Android.SmsSpy.GEN41873 Checkin 2
(mobile_malware.rules)
2849965 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-14 1) (trojan.rules)
2849966 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-14 2) (trojan.rules)
2849967 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-14 3) (trojan.rules)
2849968 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-14 4) (trojan.rules)
2849969 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-14 5) (trojan.rules)
2849970 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-14 6) (trojan.rules)
2849971 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-09-14
(current_events.rules)
2849972 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-09-14
(current_events.rules)
2849973 - ETPRO CURRENT_EVENTS Successful HSBC Phish 2021-09-14
(current_events.rules)
2849974 - ETPRO TROJAN Win32/Remcos RAT Checkin 748 (trojan.rules)
2849975 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Agent.ak Checkin
(mobile_malware.rules)
2849976 - ETPRO TROJAN StrikedC2 CnC Activity (trojan.rules)

[///] Modified active rules: [///]

2013386 - ET TROJAN W32/FakeAlert Fake Security Tool Checkin
(trojan.rules)
2032417 - ET TROJAN Win32/NitroStealer/exoStub CnC Exfil (trojan.rules)
2803382 - ETPRO USER_AGENTS Suspicious user agent(vTask)
(user_agents.rules)
2803390 - ETPRO USER_AGENTS Suspicious user agent (TEN)
(user_agents.rules)

[///] Modified inactive rules: [///]

2803379 - ETPRO TROJAN Sus/VB-CHMB Checkin (trojan.rules)
2803389 - ETPRO TROJAN Backdoor.Agent.AAXM Checkin (trojan.rules)

[---] Removed rules: [---]

2847994 - ETPRO TROJAN MSIL/PSW.Agent.RXP Variant Exfil CnC Activity
(trojan.rules)
2849574 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound)
(trojan.rules)
2849955 - ETPRO TROJAN SQUIRRELWAFFLE Loader Activity (POST)
(trojan.rules)

Date:

Tuesday, September 14, 2021

Summary title:

10 new OPEN, 30 new PRO (10 + 20). Android/SOVA, Win32/Eyoorun.D, Cobalt Strike, StrikedC2, Various Phish, CoinMiners.