Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/11/05

[***] Summary: [***]

12 new OPEN, 21 new PRO (12 + 9). Multiple Cobalt Strike,
Gamaredon/Armageddon and W32/Startun.

Thanks @BlackLotusLabs, @malwrhunterteam, @MBThreatIntel and @ServiceSsu

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034343 - ET TROJAN W32/Pterodo.CL CnC Checkin (trojan.rules)
2034344 - ET TROJAN Win32/Pterodo.NG Checkin 2 (trojan.rules)
2034345 - ET TROJAN W32/Pterodo CnC Checkin (trojan.rules)
2034346 - ET TROJAN Cobalt STrike Activity (GET) (trojan.rules)
2034347 - ET TROJAN Cobalt Strike Activity (GET) (trojan.rules)
2034348 - ET TROJAN SolarMarker Backdoor Related Domain in DNS
Lookup (noelfpar .com) (trojan.rules)
2034349 - ET MOBILE_MALWARE Gamaredon/Armageddon Related Domain in
DNS Lookup (google-play .serveftp .com) (mobile_malware.rules)
2034350 - ET TROJAN Gamaredon/Armageddon Related Domain in DNS
Lookup (bitsadmin .ddns .net) (trojan.rules)
2034351 - ET TROJAN Gamaredon/Armageddon Related Domain in DNS
Lookup (list-sert .ddns .net) (trojan.rules)
2034352 - ET TROJAN Gamaredon/Armageddon CnC Activity (Sending
Windows System Information) (trojan.rules)
2034353 - ET TROJAN Gamaredon/Armageddon Activity (Retrieving Remote
.dot) (trojan.rules)
2034354 - ET EXPLOIT Vanguard v2.1 (Search) POST Inject Web
Vulnerability (exploit.rules)

Pro:

2850369 - ETPRO TROJAN Observed Cobalt Strike Domain in TLS SNI (trojan.rules)
2850372 - ETPRO TROJAN Cobalt Strike Activity (GET) (trojan.rules)
2850373 - ETPRO TROJAN W32/Startun CnC Activity Insert Command (trojan.rules)
2850374 - ETPRO TROJAN W32/Startun CnC Activity General Set Command
(trojan.rules)
2850375 - ETPRO TROJAN W32/Startun CnC Activity (trojan.rules)
2850376 - ETPRO TROJAN W32/Startun CnC Activity Set Online Status
and Get Date Commands (trojan.rules)
2850377 - ETPRO TROJAN Cobalt Strike Activity (GET) (trojan.rules)
2850378 - ETPRO TROJAN Cobalt Strike Activity (GET) (trojan.rules)
2850379 - ETPRO TROJAN Observed Cobalt Strike Domain in TLS SNI (trojan.rules)

[///] Modified active rules: [///]

2849219 - ETPRO TROJAN PCShare RAT Heartbeat from CnC (trojan.rules)
2850316 - ETPRO MALWARE Observed SmokeLoader CnC Activity (malware.rules)

[---] Removed rules: [---]

2830574 - ETPRO TROJAN W32/Pterodo.CL CnC Checkin (trojan.rules)
2835637 - ETPRO TROJAN Win32/Pterodo.NG Checkin 2 (trojan.rules)
2838292 - ETPRO TROJAN W32/Pterodo CnC Checkin (trojan.rules)

Date:
Summary title:
12 new OPEN, 21 new PRO (12 + 9). Multiple Cobalt Strike, Gamaredon/Armageddon and W32/Startun.