[***] Summary: [***]
7 new Open, 33 new Pro (7 + 26). Card Skimmer/Form Stealer, Android MoqHao, Various SSL/TLS, Various Phish.
Thanks @James_inthe_box.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2011227 - ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla)) (user_agents.rules)
2027812 - ET TROJAN Nyanw0rm CnC Keep-Alive (Outbound) M1 (trojan.rules)
2027813 - ET TROJAN Nyanw0rm CnC Keep-Alive (Outbound) M2 (trojan.rules)
2027814 - ET CURRENT_EVENTS Possible FFSniff Inject Observed (current_events.rules)
2027815 - ET CURRENT_EVENTS Possible Injected JS Form Stealer Checking Page Contents M1 (current_events.rules)
2027816 - ET CURRENT_EVENTS Possible Injected JS Form Stealer Checking Page Contents M2 (current_events.rules)
2027817 - ET CURRENT_EVENTS Inbound JS with Possible 1px-1px Exfiltration Image (current_events.rules)
Pro:
2837900 - ETPRO MOBILE_MALWARE Android Spy MoqHao CnC Beacon (mobile_malware.rules)
2837901 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Plankton Reporting Location (mobile_malware.rules)
2837902 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2837904 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-07 1) (trojan.rules)
2837905 - ETPRO CURRENT_EVENTS Successful USAA Phish 2019-08-07 (current_events.rules)
2837906 - ETPRO CURRENT_EVENTS Successful Maersk Phish 2019-08-07 (current_events.rules)
2837907 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-08-07 (current_events.rules)
2837908 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-08-07 (current_events.rules)
2837909 - ETPRO CURRENT_EVENTS Successful Banco Bradesco Phish 2019-08-07 (current_events.rules)
2837910 - ETPRO CURRENT_EVENTS Successful BNP Paribas Phish 2019-08-07 (current_events.rules)
2837911 - ETPRO CURRENT_EVENTS Successful Abanca Phish 2019-08-07 (current_events.rules)
2837912 - ETPRO CURRENT_EVENTS Successful Allegro Phish 2019-08-07 (current_events.rules)
2837913 - ETPRO CURRENT_EVENTS Successful Spark Phish 2019-08-07 (current_events.rules)
2837914 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish 2019-08-07 (current_events.rules)
2837915 - ETPRO CURRENT_EVENTS Successful Indeed Phish 2019-08-07 (current_events.rules)
2837916 - ETPRO TROJAN MSIL.TScope Checkin 10 (trojan.rules)
2837917 - ETPRO TROJAN Possible APT Related CnC in DNS Query (trojan.rules)
2837918 - ETPRO TROJAN Possible APT Related CnC in DNS Query (trojan.rules)
2837919 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Card Skimmer CnC) (current_events.rules)
2837920 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Card Skimmer CnC) (current_events.rules)
2837921 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Card Skimmer CnC) (current_events.rules)
2837922 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Card Skimmer CnC) (current_events.rules)
2837923 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Card Skimmer CnC) (current_events.rules)
2837924 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Card Skimmer CnC) (current_events.rules)
2837925 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Card Skimmer CnC) (current_events.rules)
2837926 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Card Skimmer CnC) (current_events.rules)
[///] Modified active rules: [///]
2000026 - ET USER_AGENTS Gator Agent Traffic (user_agents.rules)
2003492 - ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) (info.rules)
2024969 - ET TROJAN OceanLotus System Profiling JavaScript HTTP Request (trojan.rules)
[---] Disabled and modified rules: [---]
2836860 - ETPRO TROJAN Win32/Unk.SEE_N02 CnC Keep-Alive (Outbound) (trojan.rules)
[---] Disabled rules: [---]
2834933 - ETPRO USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla)) (user_agents.rules)
[---] Removed rules: [---]
2011227 - ET POLICY User-Agent (NSIS_Inetc (Mozilla)) - Sometimes used by hostile installers (policy.rules)