[***]            Summary:            [***]

5 new Open, 25 new Pro (5 + 20). LordEK, Fallout EK, Wexw Backdoor, Various Phish.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2027787 - ET CURRENT_EVENTS Obfuscated LordEK Landing M1 (current_events.rules)
2027788 - ET CURRENT_EVENTS Observed LordEK HTTP POST Request (current_events.rules)
2027789 - ET EXPLOIT Possible Inbound Flash Exploit (CVE-2018-15982) (exploit.rules)
2027790 - ET EXPLOIT Possible Inbound Flash Exploit with Stack-Based wininet (exploit.rules)
2027791 - ET CURRENT_EVENTS Obfuscated LordEK Landing M2 (current_events.rules)

Pro:

2837822 - ETPRO MALWARE Win32/SoftFire PUP/PUA Downloader Checkin (malware.rules)
2837823 - ETPRO TROJAN Win32/Wexw Backdoor Checkin (trojan.rules)
2837825 - ETPRO MALWARE Observed Malicious SSL Cert (PUP/PUA Toolbar Helper) (malware.rules)
2837826 - ETPRO USER_AGENTS Observed Suspicious UA (QueryServiceConfigA) (user_agents.rules)
2837827 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-08-02 (current_events.rules)
2837828 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-02 1) (trojan.rules)
2837829 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-02 2) (trojan.rules)
2837830 - ETPRO CURRENT_EVENTS Successful OTP Group Bank Phish 2019-08-02 (current_events.rules)
2837831 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-08-02 (current_events.rules)
2837832 - ETPRO CURRENT_EVENTS Successful Geneneric Credit Card Information Phish 2019-08-02 (current_events.rules)
2837833 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-08-02 (current_events.rules)
2837834 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-08-02 (current_events.rules)
2837835 - ETPRO CURRENT_EVENTS Successful Keybank Phish 2019-08-02 (current_events.rules)
2837836 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Fallout EK CnC) (current_events.rules)
2837837 - ETPRO CURRENT_EVENTS Fallout EK HTTP GET Request Observed (current_events.rules)
2837838 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC) (trojan.rules)
2837839 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC) (trojan.rules)
2837840 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC) (trojan.rules)
2837841 - ETPRO POLICY Observed KonturVNC Domain (help kontur .ru in TLS SNI) (policy.rules)
2837842 - ETPRO POLICY KonturVNC Version Check Activity (policy.rules)

Date: 
Thursday, August 1, 2019 - 22:00