Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/02/11

[***] Summary: [***]

7 new OPEN, 19 new PRO (7 + 12). Win32.Raccoon Stealer, Bitter APT,
Various CVE, Win32/Remcos RAT and Various Phish.

Thanks @h2jazi and @Unit42_Intel

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2035177 - ET TROJAN Win32.Raccoon Stealer Checkin M6 (trojan.rules)
2035178 - ET TROJAN Win32.Raccoon Stealer Checkin Response M4 (trojan.rules)
2035179 - ET TROJAN Win32.Raccoon Stealer Checkin Response M5 (trojan.rules)
2035180 - ET TROJAN Bitter APT Activity (GET) (trojan.rules)
2035181 - ET TROJAN Cobalt Strike Related Domain in DNS Lookup
(ledikexive .com) (trojan.rules)
2035182 - ET EXPLOIT Possible SAP ICM MPI Desynchronization Scanning
Activity (CVE-2022-22536) M1 (exploit.rules)
2035183 - ET EXPLOIT Possible SAP ICM MPI Desynchronization Scanning
Activity (CVE-2022-22536) M2 (exploit.rules)

Pro:

2851098 - ETPRO TROJAN Win32/Remcos RAT Checkin 772 (trojan.rules)
2851099 - ETPRO TROJAN Win32/Remcos RAT Checkin 773 (trojan.rules)
2851100 - ETPRO TROJAN Win32/Remcos RAT Checkin 774 (trojan.rules)
2851101 - ETPRO TROJAN Win32/Remcos RAT Checkin 775 (trojan.rules)
2851102 - ETPRO CURRENT_EVENTS US Government Bid Credential Phish
Landing Page 2022-02-11 (current_events.rules)
2851103 - ETPRO CURRENT_EVENTS Successful US Goverment Bid
Credential Phish 2022-02-11 (current_events.rules)
2851104 - ETPRO CURRENT_EVENTS Successful Generic Credential Phish
2022-02-11 (current_events.rules)
2851105 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-11 1) (trojan.rules)
2851106 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-11 2) (trojan.rules)
2851107 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-11 3) (trojan.rules)
2851108 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-11 4) (trojan.rules)
2851109 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-11 5) (trojan.rules)

[///] Modified active rules: [///]

2034960 - ET TROJAN Win32.Raccoon Stealer - Telegram Mirror Checkin
(generic) (trojan.rules)
2845556 - ETPRO TROJAN Win32.Raccoon Stealer Checkin Response M2
(trojan.rules)
2850191 - ETPRO TROJAN Win32.Raccoon Stealer Checkin Response M3
(trojan.rules)
2850387 - ETPRO TROJAN Win32.Raccoon Stealer Checkin M5 (trojan.rules)

Date:
Summary title:
7 new OPEN, 19 new PRO (7 + 12). Win32.Raccoon Stealer, Bitter APT, Various CVE, Win32/Remcos RAT and Various Phish.