Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/10/25

[***] Summary: [***]

15 new OPEN, 34 new PRO (15 + 19). Multiple Ousaban Banker, Various
Webshell, Discourse CVE, BazaLoader and Various Phish.

Thanks to @James_inthe_box, @c3rb3ru5d3d53c and twinwave

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034238 - ET TROJAN Ousaban Banker Checkin M1 (trojan.rules)
2034239 - ET TROJAN Ousaban Banker Server Response M1 (trojan.rules)
2034240 - ET TROJAN Ousaban Banker Checkin M2 (trojan.rules)
2034241 - ET TROJAN Ousaban Banker Server Response M2 (trojan.rules)
2034242 - ET TROJAN Ousaban Banker KeepAlive (trojan.rules)
2034243 - ET TROJAN Ousaban Banker KeepAlive Response (trojan.rules)
2034244 - ET USER_AGENTS Suspicious User-Agent (Embarcadero URI
Client/1.0) (user_agents.rules)
2034245 - ET CURRENT_EVENTS Successful Zoom.us Phish 2021-10-25
(current_events.rules)
2034246 - ET WEB_SERVER Generic Webshell Accessed on Internal
Compromised Server (web_server.rules)
2034247 - ET WEB_CLIENT Generic Webshell Accessed on External
Compromised Server (web_client.rules)
2034248 - ET WEB_SERVER Generic Webshell Accessed on Internal
Compromised Server (web_server.rules)
2034249 - ET WEB_CLIENT Generic Webshell Accessed on External
Compromised Server (web_client.rules)
2034250 - ET CURRENT_EVENTS TodayZoo Phishing Kit GET M1
(current_events.rules)
2034251 - ET CURRENT_EVENTS TodayZoo Phishing Kit GET M2
(current_events.rules)
2034252 - ET EXPLOIT Discourse SNS Webhook RCE Inbound
(CVE-2021-41163) (exploit.rules)

Pro:

2850267 - ETPRO TROJAN MSIL/PSW.Agent.RXP CnC Exfil (trojan.rules)
2850268 - ETPRO TROJAN MSIL/PSW.StormKitty Variant CnC Exfil (trojan.rules)
2850269 - ETPRO TROJAN Win32/Backdoor.Nethief.F Variant CnC Activity
(trojan.rules)
2850270 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-10-23 1) (trojan.rules)
2850271 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-10-23 2) (trojan.rules)
2850272 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-10-23 3) (trojan.rules)
2850273 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-10-23 4) (trojan.rules)
2850274 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-10-23 5) (trojan.rules)
2850275 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-10-23 7) (trojan.rules)
2850276 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-10-23 8) (trojan.rules)
2850277 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-10-23 9) (trojan.rules)
2850278 - ETPRO TROJAN Win32/Remcos RAT Checkin 760 (trojan.rules)
2850279 - ETPRO TROJAN Observed Malicious SSL Cert (BazaLoader CnC)
(trojan.rules)
2850280 - ETPRO TROJAN Observed Malicious SSL Cert (BazaLoader CnC)
(trojan.rules)
2850281 - ETPRO TROJAN BazaLoader Activity (GET) (trojan.rules)
2850282 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-10-25
(current_events.rules)
2850283 - ETPRO CURRENT_EVENTS Successful Swisscom Phish 2021-10-25
(current_events.rules)
2850284 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-10-25
(current_events.rules)
2850285 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-10-25
(current_events.rules)

[///] Modified active rules: [///]

2033960 - ET POLICY [@Silv0123] Possible Fake Microsoft Office
User-Agent Observed (policy.rules)
2809652 - ETPRO TROJAN Chthonic Bot CnC Beacon 1 (trojan.rules)

Date:
Summary title:
15 new OPEN, 34 new PRO (15 + 19). Multiple Ousaban Banker, Various Webshell, Discourse CVE, BazaLoader and Various Phish.