Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/03/08

[***] Summary: [***]

9 new OPEN, 20 new PRO (9 + 11). TA450, FancyBear/APT28, TA445,
Remcos RAT and Win32/PennyWise Stealer.

Thanks @h2jazi, @Mandiant, @GossiTheDog, @0xrb and Google Threat
Analysis Group

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034200 - ET EXPLOIT Interactsh CnC Activity (exploit.rules)
2035404 - ET TROJAN TA445/Ghostwrite APT Related Domain in DNS
Lookup (xbeta .online) (trojan.rules)
2035405 - ET CURRENT_EVENTS FancyBear/APT28 Related Phish Landing
Page 2022-03-08 (current_events.rules)
2035406 - ET CURRENT_EVENTS FancyBear/APT28 Related Phish Landing
Page 2022-03-08 (current_events.rules)
2035407 - ET TROJAN TA450 Nagual/STARWHALE Beacon Activity (POST)
(trojan.rules)
2035408 - ET TROJAN TA450 Nagual/STARWHALE GoLang Beacon Activity
(POST) (trojan.rules)
2035409 - ET TROJAN TA450 GRAMDOOR Telegram CnC Activity (POST) (trojan.rules)
2035410 - ET TROJAN TransparentTribe CnC Domain in DNS Lookup (trojan.rules)
2035411 - ET TROJAN TransparentTribe CnC Domain in DNS Lookup (trojan.rules)

Pro:

2851207 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-03-08 1) (trojan.rules)
2851208 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-03-08 2) (trojan.rules)
2851209 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-03-08 3) (trojan.rules)
2851210 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-03-08 4) (trojan.rules)
2851211 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-03-08 5) (trojan.rules)
2851212 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-03-08 6) (trojan.rules)
2851213 - ETPRO TROJAN Win32/Remcos RAT Checkin 778 (trojan.rules)
2851214 - ETPRO TROJAN Win32/Remcos RAT Checkin 779 (trojan.rules)
2851215 - ETPRO TROJAN Win32/Remcos RAT Checkin 780 (trojan.rules)
2851216 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2851217 - ETPRO TROJAN Win32/PennyWise Stealer Exfil Via Telegram
(trojan.rules)

[///] Modified active rules: [///]

2035397 - ET TROJAN MSIL/BlackGuard Stealer Variant Exfil via
Telegram (trojan.rules)

[---] Removed rules: [---]

2034200 - ET TROJAN Interactsh CnC Activity (trojan.rules)

Date:
Summary title:
9 new OPEN, 20 new PRO (9 + 11). TA450, FancyBear/APT28, TA445, Remcos RAT and Win32/PennyWise Stealer.