[***]            Summary:            [***]

29 new Open, 54 new Pro (29 + 25).  ELF/Emptiness, Kodiac, Remcos, Various SSL/TLS, Various Phish.

Thanks @james_inthe_box.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2027831 - ET TROJAN HVNC USR Init Detected (trojan.rules)
2027832 - ET TROJAN HVNC BOT Detected (trojan.rules)
2027833 - ET USER_AGENTS Suspicious Generic Style UA Observed (My_App) (user_agents.rules)
2027834 - ET TROJAN ELF/Emptiness v1 CnC Checkin (trojan.rules)
2027835 - ET TROJAN ELF/Emptiness v1.1 CnC Checkin (trojan.rules)
2027836 - ET TROJAN ELF/Emptiness v2 XOR (b2bb01039307baa2) CnC Checkin (trojan.rules)
2027837 - ET TROJAN ELF/Emptiness v1 UDP Flood Command Inbound (trojan.rules)
2027838 - ET TROJAN ELF/Emptiness v1 DNS Flood Command Inbound (trojan.rules)
2027839 - ET TROJAN ELF/Emptiness v1 HTTP Flood Command Inbound (trojan.rules)
2027840 - ET TROJAN ELF/Emptiness v1.1 UDP Flood Command Inbound (trojan.rules)
2027841 - ET TROJAN ELF/Emptiness v1.1 DNS Flood Command Inbound (trojan.rules)
2027842 - ET TROJAN ELF/Emptiness v1.1 HTTP Flood Command Inbound (trojan.rules)
2027843 - ET TROJAN ELF/Emptiness v2 XOR UDP Flood Command Inbound (trojan.rules)
2027844 - ET TROJAN ELF/Emptiness v2 XOR DNS Flood Command Inbound (trojan.rules)
2027845 - ET TROJAN ELF/Emptiness v2 XOR HTTP Flood Command Inbound (trojan.rules)
2027846 - ET TROJAN ELF/Emptiness v2 XOR Exec Command Inbound (trojan.rules)
2027847 - ET TROJAN ELF/Emptiness v2 XOR Update Command Inbound (trojan.rules)
2027848 - ET TROJAN ELF/Mirai.shiina v3 CnC Checkin (trojan.rules)
2027849 - ET TROJAN ELF/Emptiness CnC Domain in DNS Query (trojan.rules)
2027850 - ET TROJAN ELF/Emptiness CnC Domain in DNS Query (trojan.rules)
2027851 - ET TROJAN ELF/Emptiness CnC Domain in DNS Query (trojan.rules)
2027852 - ET TROJAN ELF/Emptiness CnC Domain in DNS Query (trojan.rules)
2027853 - ET TROJAN ELF/Emptiness CnC Domain in DNS Query (trojan.rules)
2027854 - ET TROJAN ELF/Emptiness CnC Domain in DNS Query (trojan.rules)
2027855 - ET TROJAN ELF/Emptiness CnC Domain in DNS Query (trojan.rules)
2027856 - ET TROJAN ELF/Emptiness CnC Domain in DNS Query (trojan.rules)
2027857 - ET TROJAN ELF/Mirai.shiina CnC Domain in DNS Query (trojan.rules)
2027858 - ET TROJAN APT Related - BLACKCOFFEE Command Delimiters in HTTP Response M1 (trojan.rules)
2027859 - ET TROJAN APT Related - BLACKCOFFEE Command Delimiters in HTTP Response M2 (trojan.rules)

Pro:

2837945 - ETPRO TROJAN SSL/TLS Certificate Observed (Koadic) (trojan.rules)
2837946 - ETPRO TROJAN SSL/TLS Certificate Observed (More_eggs / SONE) (trojan.rules)
2837947 - ETPRO TROJAN Kodiac CnC Activity (trojan.rules)
2837948 - ETPRO TROJAN Win32/Remcos RAT Checkin 120 (trojan.rules)
2837949 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-09 1) (trojan.rules)
2837950 - ETPRO CURRENT_EVENTS Successful Godaddy Phish 2019-08-09 (current_events.rules)
2837951 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-08-09 (current_events.rules)
2837952 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-08-09 (current_events.rules)
2837953 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-08-09 (current_events.rules)
2837954 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2019-08-09 (current_events.rules)
2837955 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2019-08-09 (current_events.rules)
2837956 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-08-09 (current_events.rules)
2837957 - ETPRO CURRENT_EVENTS Successful BT Phish 2019-08-09 (current_events.rules)
2837958 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-08-09 (current_events.rules)
2837959 - ETPRO MALWARE Possible Win32/Adware.Downloader Requesting Installs (malware.rules)
2837960 - ETPRO INFO Suspicious Outbound Dotted Quad .tmp POST Request (info.rules)
2837961 - ETPRO POLICY ScreenConnect Successful Connection Response Inbound (policy.rules)
2837962 - ETPRO POLICY ScreenConnect - Establish Connection Attempt (policy.rules)
2837963 - ETPRO TROJAN Win32/Downloader.Agent.ABTQH CnC Checkin (trojan.rules)
2837964 - ETPRO TROJAN Win32/Downloader.Agent.ABTQH Receiving Config from CnC (trojan.rules)
2837966 - ETPRO CURRENT_EVENTS Inbound Batch Script Creating Kernel-mode Driver Service (current_events.rules)
2837967 - ETPRO MALWARE Win32/Adware.RunBooster CnC Checkin (malware.rules)
2837968 - ETPRO TROJAN Observed Malicious SSL Cert (PowerShell/Kryptik.V CnC) (trojan.rules)

Date: 
Thursday, August 8, 2019 - 22:00