Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/12/15

[***] Summary: [***]

15 new OPEN, 25 new PRO (15 + 10). FunnyDream, DCRat, Cobalt Strike,
Trojan.AndroidOS.Jocker.ou and Miners.

Thanks @james_inthe_box and @benkow_

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

Please welcome to our ET Open community Cobalt Strike c2 block rules
generated from the wonderful research by the http://Threatview.io Team
(@Malwar3Ninja)! https://rules.emergingthreatspro.com/blockrules/
threatview_CS_c2

[+++] Added rules: [+++]

Open:

2017319 - ET INFO SUSPICIOUS IRC - NICK and 3 Letter Country Code (info.rules)
2034730 - ET POLICY GIOP/IIOP Request Outbound (policy.rules)
2034731 - ET POLICY Successful GIOP/IIOP Request Outbound (policy.rules)
2034732 - ET INFO Interactsh Domain in DNS Lookup (.interactsh .com)
(info.rules)
2034733 - ET TROJAN Win32/FunnyDream Backdoor Related Domain in DNS
Lookup (www .carelessnessing .com) (trojan.rules)
2034734 - ET TROJAN Win32/FunnyDream Backdoor Related Domain in DNS
Lookup (www .weekendorg .com) (trojan.rules)
2034735 - ET TROJAN Win32/FunnyDream Backdoor Related Domain in DNS
Lookup (www .aexhausts .com) (trojan.rules)
2034736 - ET TROJAN Cobalt Strike Related Domain in DNS Lookup (news
.networkslaoupdate .com) (trojan.rules)
2034737 - ET TROJAN Cobalt Strike Related Domain in DNS Lookup
(koltary .com) (trojan.rules)
2034738 - ET TROJAN lu0bot Loader HTTP Request M3 (trojan.rules)
2034739 - ET TROJAN DCRat CnC Activity M11 (trojan.rules)
2034740 - ET TROJAN DCRat CnC Activity M12 (trojan.rules)
2034741 - ET TROJAN DCRat CnC Activity M13 (trojan.rules)
2034742 - ET INFO urlz .fr DNS Lookup (info.rules)

Pro:

2850687 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Jocker.ou Checkin
(mobile_malware.rules)
2850688 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-12-14 1) (trojan.rules)
2850689 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-12-14 2) (trojan.rules)
2850690 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-12-14 3) (trojan.rules)
2850691 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-12-14 4) (trojan.rules)
2850692 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-12-14 5) (trojan.rules)
2850693 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-12-14 6) (trojan.rules)
2850694 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-12-14 7) (trojan.rules)
2850695 - ETPRO MALWARE MSIL/WINCRYPTO Ransomware Key Retrieval
Request (malware.rules)
2850696 - ETPRO TROJAN MSIL/WINCRYPTO Ransomware CnC Activity (trojan.rules)

[///] Modified active rules: [///]

2024658 - ET TROJAN KHRAT DNS Lookup (upload-dropbox .com) (trojan.rules)
2034719 - ET POLICY LDAPSv3 LDAPS_START_TLS Request Outbound (policy.rules)
2034720 - ET POLICY Successful LDAPSv3 LDAPS_START_TLS Request
Outbound (policy.rules)
2034721 - ET POLICY Successful LDAPSv3 LDAPS_START_TLS Request
Outbound (policy.rules)
2850685 - ETPRO TROJAN Generic Trojan Activity M1 (trojan.rules)

Date:
Summary title:
15 new OPEN, 25 new PRO (15 + 10). FunnyDream, DCRat, Cobalt Strike, Trojan.AndroidOS.Jocker.ou and Miners.