Daily Ruleset Update Summary 2022/01/14

Daily Ruleset Update Summary

[***] Summary: [***]

7 new OPEN, 14 new PRO (7 + 7). Multiple SysJoker, Remcos RAT,
DCRAT, Win32/Androm and Various Phishing.

Thanks @IntezerLabs

There were metadata updates made today to a number of rules in an
effort to add more context around rules.

Due to the observance of Martin Luther King, Jr Day, there will not
be a rulle push on Monday, January 17, 2022.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034922 - ET TROJAN Possible Win32/SysJoker Retrieving CnC
Information (GET) (trojan.rules)
2034923 - ET TROJAN SysJoker Dropper Related Domain in DNS Lookup
(github .url-mini .com) (trojan.rules)
2034924 - ET TROJAN SysJoker Related Domain in DNS Lookup (bookitlab
.tech) (trojan.rules)
2034925 - ET TROJAN SysJoker Related Domain in DNS Lookup
(graphic-updater .com) (trojan.rules)
2034926 - ET TROJAN SysJoker Related Domain in DNS Lookup
(office360-update .com) (trojan.rules)
2034927 - ET TROJAN SysJoker Related Domain in DNS Lookup
(winaudio-tools .com) (trojan.rules)
2034928 - ET CURRENT_EVENTS Generic Phish Landing Page 2022-01-14
(current_events.rules)

Pro:

2850861 - ETPRO TROJAN Win32/Remcos RAT Checkin 766 (trojan.rules)
2850862 - ETPRO TROJAN DCRat Initial Checkin Server Response M4 (trojan.rules)
2850863 - ETPRO CURRENT_EVENTS Successful Mountain America Credit
Union Phish 2022-01-14 (current_events.rules)
2850864 - ETPRO CURRENT_EVENTS Successful Generic Phish 2022-01-14
(current_events.rules)
2850865 - ETPRO TROJAN VBS/CageyChameleon CnC Beacon (trojan.rules)
2850866 - ETPRO TROJAN Win32/Androm File Request M1 (trojan.rules)
2850867 - ETPRO TROJAN Win32/Androm File Request M2 (trojan.rules)

[///] Modified active rules: [///]

2015560 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
certificate detected (Likely Shylock/URLzone/Gootkit/Zeus Panda C2)
(trojan.rules)
2018768 - ET TROJAN Likely Malicious SSL Cert With Script Tags (trojan.rules)
2020372 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dyre CnC) (trojan.rules)
2021289 - ET TROJAN Malicious SSL certificate detected (FindPOS)
(trojan.rules)
2021513 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex CnC) (trojan.rules)
2021938 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
2022100 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Downloader CnC) (trojan.rules)

Date:

Friday, January 14, 2022

Summary title:

7 new OPEN, 14 new PRO (7 + 7). Multiple SysJoker, Remcos RAT, DCRAT, Win32/Androm and Various Phishing.