[***] Summary: [***]
2 new Open, 22 new Pro (2 + 20). Phorpiex, Origin Logger, Ursnif, Remcos, Various Phish.
Thanks @James_inthe_box, Duane Howard
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2027766 - ET POLICY Windows Update P2P Activity (policy.rules)
2027769 - ET TROJAN Win32/Phorpiex Template 5 Active - Outbound Malicious Email Spam (trojan.rules)
Pro:
2837781 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.dr Checkin (mobile_malware.rules)
2837782 - ETPRO TROJAN Win32/Origin Logger SMTP Exfil (trojan.rules)
2837784 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.typ Checkin (mobile_malware.rules)
2837785 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-31 1) (trojan.rules)
2837786 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-31 2) (trojan.rules)
2837787 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-31 3) (trojan.rules)
2837788 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-31 4) (trojan.rules)
2837789 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2019-07-31 (current_events.rules)
2837790 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-07-31 (current_events.rules)
2837791 - ETPRO CURRENT_EVENTS Successful Facebook Messenger Phish 2019-07-31 (current_events.rules)
2837792 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC) (trojan.rules)
2837793 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC) (trojan.rules)
2837794 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC) (trojan.rules)
2837795 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Worker CnC) (trojan.rules)
2837796 - ETPRO TROJAN Win32/Remcos RAT Checkin 116 (trojan.rules)
2837797 - ETPRO TROJAN Win32/Remcos RAT Checkin 117 (trojan.rules)
2837798 - ETPRO TROJAN Win32/Remcos RAT Checkin 118 (trojan.rules)
2837799 - ETPRO TROJAN Win32/Remcos RAT Checkin 119 (trojan.rules)
2837800 - ETPRO TROJAN Win32/Phorpiex CnC Checkin (trojan.rules)
2837801 - ETPRO TROJAN Observed Malicious SSL Cert (SONE CnC) (trojan.rules)
[///] Modified active rules: [///]
2008038 - ET MALWARE Suspicious User-Agent (Mozilla/4.0 (compatible ICS)) (malware.rules)
2013220 - ET INFO DYNAMIC_DNS HTTP Request to a 3322.net Domain *.8866.org (info.rules)
2020029 - ET TROJAN Win32/Spy.Agent.OHT - AnunakAPT HTTP Checkin 2 (trojan.rules)
2823335 - ETPRO TROJAN Nanocore Checkin Pattern (set) 2 (trojan.rules)
2823336 - ETPRO TROJAN Nanocore Checkin Pattern (set) 4 (trojan.rules)
2823338 - ETPRO TROJAN Nanocore Checkin Pattern (set) 3 (trojan.rules)
2833617 - ETPRO TROJAN Win32/Phorpiex Template 2 Active - Outbound Malicious Email Spam (trojan.rules)
2836270 - ETPRO TROJAN QuasarRAT C2 Init (trojan.rules)