[***] Summary: [***]
27 new Open, 40 new Pro (27 + 13). APT33, SNEAKYFISH, ELF/Yakuza, Win32/PWSZbot.rc.
Please share issues, feedback, and requests at: https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2027622 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027623 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027624 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027625 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027626 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027627 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027628 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027629 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027630 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027631 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027632 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027633 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027634 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027635 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027636 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027637 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027638 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027639 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027640 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027641 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027642 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027643 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027644 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027645 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027646 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027647 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027648 - ET USER_AGENTS Suspicious UA Observed (Ave, Caesar!) (user_agents.rules)
Pro:
2837122 - ETPRO TROJAN SNEAKYFISH SSL Client Hello (trojan.rules)
2837123 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-06-28) (current_events.rules)
2837124 - ETPRO TROJAN ELF/Yakuza Botnet CnC Checkin (trojan.rules)
2837128 - ETPRO TROJAN Win32/Remcos RAT Checkin 101 (trojan.rules)
2837129 - ETPRO TROJAN Win32/Remcos RAT Checkin 102 (trojan.rules)
2837130 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Fallout EK CnC) (current_events.rules)
2837131 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Malvertising Related CnC) (current_events.rules)
2837132 - ETPRO CURRENT_EVENTS Malvertising Related CnC Domain in SNI (current_events.rules)
2837133 - ETPRO CURRENT_EVENTS Evil Keitaro Set-Cookie Inbound (59a23) (current_events.rules)
2837134 - ETPRO USER_AGENTS Suspicious UA Observed in Malvertising Campaigns (user_agents.rules)
2837135 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2837136 - ETPRO TROJAN Win32/PWSZbot.rc CnC Checkin (trojan.rules)
2837137 - ETPRO MALWARE Observed Malicious SSL Cert (Win32/PWSZbot.vh CnC) (malware.rules)