Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/06/17

[***] Summary: [***]

13 new OPEN, 19 new PRO (13 + 6). CopperStealer, Various APT, GCash,
Cobalt Strike and Phishing.

Thanks @h2jazi and @TrendMicro

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2037027 - ET MALWARE CopperStealer - Browser Stealer Exfil via
Telegram (malware.rules)
2037028 - ET MALWARE CopperStealer - Remote Desktop - CnC Server
Request via Pastebin (malware.rules)
2037029 - ET MALWARE CopperStealer - Remote Desktop - CnC Server
Response via Pastebin (malware.rules)
2037030 - ET MALWARE CopperStealer - Remote Desktop - Initial
Checkin (malware.rules)
2037031 - ET MALWARE CopperStealer - Remote Desktop - Task Request
(malware.rules)
2037032 - ET MALWARE Win32/TrojanDownloader.Agent.FLZ CnC Activity
(malware.rules)
2037033 - ET INFO Psiphon VPN Related Activity (POST) (info.rules)
2037034 - ET MALWARE Unknown CN Related APT Domain in DNS Lookup
(upportteam .lingrevelat .com) (malware.rules)
2037035 - ET MALWARE Unknown CN Related APT Activity (GET) (malware.rules)
2037036 - ET PHISHING GCash Credential Phish 2022-06-17 (phishing.rules)
2037037 - ET PHISHING GCash Credential Phish Landing Page 2022-06-17
(phishing.rules)
2037038 - ET MALWARE System Information Being Sent in User-Agent
(malware.rules)
2037039 - ET PHISHING Successful Generic Credential Phish 2022-06-17
(phishing.rules)

Pro:

2851792 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-06-17 1) (coinminer.rules)
2851799 - ETPRO MALWARE Cobalt Strike Related Domain in DNS Lookup
(malware.rules)
2851800 - ETPRO MALWARE MSIL/Agent.UCB Variant CnC Activity (malware.rules)
2851801 - ETPRO MALWARE PowerShell Script Fingerprinting Host System
CnC Exfil (malware.rules)
2851802 - ETPRO PHISHING Successful Generic Phish 2022-06-17 (phishing.rules)
2851803 - ETPRO PHISHING Successful Generic Phish 2022-06-17 (phishing.rules)

[///] Modified active rules: [///]

2036934 - ET MALWARE Win32/RecordBreaker CnC Checkin (malware.rules)
2036955 - ET MALWARE Win32/RecordBreaker CnC Checkin - Server
Response (malware.rules)
2837570 - ETPRO PHISHING Successful Generic Phish 2019-07-17 (phishing.rules)

[---] Disabled and modified rules: [---]

2014435 - ET MALWARE Infostealer.Banprox Proxy.pac Download (malware.rules)
2806983 - ETPRO WEB_CLIENT Possible FrontPage information disclosure
via XML (CVE-2013-3137) (web_client.rules)
2806984 - ETPRO DOS Active Directory DOS (CVE-2013-3868) (dos.rules)
2806985 - ETPRO DOS Active Directory DOS (CVE-2013-3868) (dos.rules)
2806986 - ETPRO DOS Active Directory DOS (CVE-2013-3868) (dos.rules)
2806987 - ETPRO DOS Active Directory DOS (CVE-2013-3868) (dos.rules)
2806988 - ETPRO DOS Active Directory DOS (CVE-2013-3868) (dos.rules)
2806989 - ETPRO DOS Active Directory DOS (CVE-2013-3868) (dos.rules)
2806990 - ETPRO DOS Active Directory DOS (CVE-2013-3868) (dos.rules)
2806991 - ETPRO DOS Active Directory DOS (CVE-2013-3868) (dos.rules)
2806992 - ETPRO DOS Active Directory DOS (CVE-2013-3868) (dos.rules)
2806993 - ETPRO DOS Active Directory DOS (CVE-2013-3868) (dos.rules)
2806994 - ETPRO DOS Active Directory DOS (CVE-2013-3868) (dos.rules)

[---] Removed rules: [---]

2036759 - ET MALWARE TA457 Related Activity M4 (POST) (malware.rules)

Date:
Summary title:
13 new OPEN, 19 new PRO (13 + 6). CopperStealer, Various APT, GCash, Cobalt Strike and Phishing.