[***]            Summary:            [***]

7 new Open, 33 new Pro (7 + 26).  Card Skimmer/Form Stealer, Android MoqHao, Various SSL/TLS, Various Phish.

Thanks @James_inthe_box.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2011227 - ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla)) (user_agents.rules)
2027812 - ET TROJAN Nyanw0rm CnC Keep-Alive (Outbound) M1 (trojan.rules)
2027813 - ET TROJAN Nyanw0rm CnC Keep-Alive (Outbound) M2 (trojan.rules)
2027814 - ET CURRENT_EVENTS Possible FFSniff Inject Observed (current_events.rules)
2027815 - ET CURRENT_EVENTS Possible Injected JS Form Stealer Checking Page Contents M1 (current_events.rules)
2027816 - ET CURRENT_EVENTS Possible Injected JS Form Stealer Checking Page Contents M2 (current_events.rules)
2027817 - ET CURRENT_EVENTS Inbound JS with Possible 1px-1px Exfiltration Image (current_events.rules)

Pro:

2837900 - ETPRO MOBILE_MALWARE Android Spy MoqHao CnC Beacon (mobile_malware.rules)
2837901 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Plankton Reporting Location (mobile_malware.rules)
2837902 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2837904 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-07 1) (trojan.rules)
2837905 - ETPRO CURRENT_EVENTS Successful USAA Phish 2019-08-07 (current_events.rules)
2837906 - ETPRO CURRENT_EVENTS Successful Maersk Phish 2019-08-07 (current_events.rules)
2837907 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-08-07 (current_events.rules)
2837908 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-08-07 (current_events.rules)
2837909 - ETPRO CURRENT_EVENTS Successful Banco Bradesco Phish 2019-08-07 (current_events.rules)
2837910 - ETPRO CURRENT_EVENTS Successful BNP Paribas Phish 2019-08-07 (current_events.rules)
2837911 - ETPRO CURRENT_EVENTS Successful Abanca Phish 2019-08-07 (current_events.rules)
2837912 - ETPRO CURRENT_EVENTS Successful Allegro Phish 2019-08-07 (current_events.rules)
2837913 - ETPRO CURRENT_EVENTS Successful Spark Phish 2019-08-07 (current_events.rules)
2837914 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish 2019-08-07 (current_events.rules)
2837915 - ETPRO CURRENT_EVENTS Successful Indeed Phish 2019-08-07 (current_events.rules)
2837916 - ETPRO TROJAN MSIL.TScope Checkin 10 (trojan.rules)
2837917 - ETPRO TROJAN Possible APT Related CnC in DNS Query (trojan.rules)
2837918 - ETPRO TROJAN Possible APT Related CnC in DNS Query (trojan.rules)
2837919 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Card Skimmer CnC) (current_events.rules)
2837920 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Card Skimmer CnC) (current_events.rules)
2837921 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Card Skimmer CnC) (current_events.rules)
2837922 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Card Skimmer CnC) (current_events.rules)
2837923 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Card Skimmer CnC) (current_events.rules)
2837924 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Card Skimmer CnC) (current_events.rules)
2837925 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Card Skimmer CnC) (current_events.rules)
2837926 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Card Skimmer CnC) (current_events.rules)

[///]     Modified active rules:     [///]

2000026 - ET USER_AGENTS Gator Agent Traffic (user_agents.rules)
2003492 - ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) (info.rules)
2024969 - ET TROJAN OceanLotus System Profiling JavaScript HTTP Request (trojan.rules)

[---]  Disabled and modified rules:  [---]

2836860 - ETPRO TROJAN Win32/Unk.SEE_N02 CnC Keep-Alive (Outbound) (trojan.rules)

[---]         Disabled rules:        [---]

2834933 - ETPRO USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla)) (user_agents.rules)

[---]         Removed rules:         [---]

2011227 - ET POLICY User-Agent (NSIS_Inetc (Mozilla)) - Sometimes used by hostile installers (policy.rules)

Date: 
Tuesday, August 6, 2019 - 22:00