[***] Summary: [***]
7 new Open, 18 new Pro (7 + 11). Py.Machete, Python/PBot.M, Win32.Ransom.Birele, Win32/Dostre
Thanks @James_inthe_box and @travisbgreen
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2027886 - ET TROJAN Win32/DarkRAT CnC Activity (trojan.rules)
2027887 - ET TROJAN [TGI] Py.Machete HTTP CnC Exfil (trojan.rules)
2027888 - ET TROJAN [TGI] Py.Machete FTP Exfil 1 (trojan.rules)
2027889 - ET TROJAN [TGI] Py.Machete FTP Exfil 2 (trojan.rules)
2027890 - ET SNMP Cisco Non-Trap PDU request on SNMPv1 trap port (snmp.rules)
2027891 - ET EXPLOIT FortiOS SSL VPN - Remote Code Execution (CVE-2018-13383) (exploit.rules)
2027892 - ET TROJAN Win32/Dostre CnC Activity (trojan.rules)
Pro:
2838038 - ETPRO CURRENT_EVENTS Generic 302 Redirect to Phishing Landing (current_events.rules)
2838039 - ETPRO MALWARE Python/PBot.M CnC Domain in DNS Query (malware.rules)
2838040 - ETPRO MALWARE Python/PBot.M Redirector Domain in DNS Query (malware.rules)
2838041 - ETPRO TROJAN Win32/Tofsee Template 2 Active - Outbound Malicious Email Spam (trojan.rules)
2838042 - ETPRO POLICY High Volume Outbound SMTP Observed (policy.rules)
2838043 - ETPRO MALWARE Python/PBot.M CnC Response (malware.rules)
2838044 - ETPRO MALWARE Python/PBot.M JS Injects Inbound (malware.rules)
2838045 - ETPRO MALWARE Python/PBot.M Redirect Config Inbound (malware.rules)
2838047 - ETPRO TROJAN Win32/PSW.Agent.OGR CnC Checkin (trojan.rules)
2838048 - ETPRO TROJAN Win32.Ransom.Birele UDP Checkin (trojan.rules)
2838049 - ETPRO MALWARE Python/PBot.M CnC Checkin (malware.rules)
[///] Modified active rules: [///]
2027249 - ET POLICY Request for Possible Adobe Phishing Hosted on Github.io (policy.rules)
2812742 - ETPRO TROJAN APT WinHTTPHelper/Tabuvys CnC Beacon (trojan.rules)
2837550 - ETPRO TROJAN Observed Trickbot Style SSL Cert (Internet Widgets Pty Ltd) (trojan.rules)
2837750 - ETPRO TROJAN Win32/Azden.A CnC Checkin (trojan.rules)
[---] Disabled and modified rules: [---]
2016851 - ET CURRENT_EVENTS Winwebsec/Zbot/Luder Checkin Response (current_events.rules)
2017671 - ET CURRENT_EVENTS Possible CVE-2013-3906 CnC Checkin (current_events.rules)
2018344 - ET CURRENT_EVENTS Hikvision DVR Synology Recon Scan Checkin (current_events.rules)
2018973 - ET CURRENT_EVENTS Possible Dyre SSL Cert Aug 20 2014 D1 (current_events.rules)
2018974 - ET CURRENT_EVENTS Possible Dyre SSL Cert Aug 20 2014 D2 (current_events.rules)
2019104 - ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 3 2014 (current_events.rules)
2019173 - ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 15 2014 (current_events.rules)
2019178 - ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 16 2014 (current_events.rules)
2019186 - ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 16 2014 (current_events.rules)
2019200 - ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 19 2014 (current_events.rules)
2019213 - ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 22 2014 (current_events.rules)
2019275 - ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 26 2014 (current_events.rules)
2019276 - ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 26 2014 (current_events.rules)
2019319 - ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 30 2014 (current_events.rules)
2019320 - ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 30 2014 (current_events.rules)
2019342 - ET CURRENT_EVENTS Possible Dyre SSL Cert Oct 3 2014 (current_events.rules)
2019413 - ET CURRENT_EVENTS Possible Dyre SSL Cert Oct 15 2014 (current_events.rules)
2019419 - ET CURRENT_EVENTS Possible Dyre SSL Cert Oct 15 2014 (current_events.rules)
2019493 - ET CURRENT_EVENTS Possible Dyre SSL Cert Oct 22 2014 (current_events.rules)
2019494 - ET CURRENT_EVENTS Possible Dyre SSL Cert Oct 22 2014 (current_events.rules)
2019495 - ET CURRENT_EVENTS Possible Dyre SSL Cert Oct 22 2014 (current_events.rules)
2019520 - ET CURRENT_EVENTS Possible Dyre SSL Cert Oct 27 2014 (current_events.rules)
2019521 - ET CURRENT_EVENTS Possible Dyre SSL Cert Oct 27 2014 (current_events.rules)
2019522 - ET CURRENT_EVENTS Possible Dyre SSL Cert Oct 27 2014 (current_events.rules)
2019523 - ET CURRENT_EVENTS Possible Dyre SSL Cert Oct 27 2014 (current_events.rules)
2019651 - ET CURRENT_EVENTS Possible Dyre SSL Cert Nov 05 2014 (current_events.rules)
2019699 - ET CURRENT_EVENTS Possible Dyre SSL Cert Nov 11 2014 (current_events.rules)
2019700 - ET CURRENT_EVENTS Possible Dyre SSL Cert Nov 11 2014 (current_events.rules)
2019701 - ET CURRENT_EVENTS Possible Dyre SSL Cert Nov 11 2014 (current_events.rules)
2019702 - ET CURRENT_EVENTS Possible Dyre SSL Cert Nov 11 2014 (current_events.rules)
2019703 - ET CURRENT_EVENTS Possible Dyre SSL Cert Nov 11 2014 (current_events.rules)
2019705 - ET CURRENT_EVENTS Possible Dyre SSL Cert Nov 12 2014 (current_events.rules)
2019719 - ET CURRENT_EVENTS Possible Dyre SSL Cert Nov 17 2014 (current_events.rules)
2019875 - ET CURRENT_EVENTS Possible Dyre SSL Cert Dec 4 2014 (current_events.rules)
2020288 - ET CURRENT_EVENTS Possible Dyre SSL Cert Jan 22 2015 (current_events.rules)
2020328 - ET CURRENT_EVENTS Possible Dridex Campaign Download Jan 28 2015 (current_events.rules)
2020351 - ET CURRENT_EVENTS Possible Dridex e-mail inbound (current_events.rules)
2020758 - ET CURRENT_EVENTS VBA Office Document Dridex Binary Download User-Agent (current_events.rules)
2020806 - ET CURRENT_EVENTS VBA Office Document Dridex Binary Download User-Agent 2 (current_events.rules)
2020866 - ET CURRENT_EVENTS Possible Dridex downloader SSL Certificate srv1.mainsftdomain.com (current_events.rules)
2020943 - ET CURRENT_EVENTS Possible Dridex downloader SSL Certificate (current_events.rules)
2020986 - ET CURRENT_EVENTS Possible Dridex Downloader SSL Certificate (current_events.rules)
2021093 - ET CURRENT_EVENTS Possible Dridex Remote Macro Download (current_events.rules)
2021586 - ET CURRENT_EVENTS Possible Dyre SSL Cert (non-ASCII) Jul 21 2015 (current_events.rules)
2021615 - ET CURRENT_EVENTS Dridex Downloader SSL Certificate (current_events.rules)
2021735 - ET CURRENT_EVENTS Possible Dyre SSL Cert Aug 31 2015 (current_events.rules)
2021736 - ET CURRENT_EVENTS Possible Dyre SSL Cert Aug 31 2015 (current_events.rules)
2021948 - ET CURRENT_EVENTS Possible Upatre/Dyre/Kegotip SSL Cert Oct 12 2015 (current_events.rules)
2022339 - ET CURRENT_EVENTS Dridex Download 6th Jan 2016 Flowbit (current_events.rules)
2022340 - ET CURRENT_EVENTS W32/Dridex Binary Download 6th Jan 2016 (current_events.rules)
2023315 - ET CURRENT_EVENTS Possible Locky AlphaNum Downloader Oct 3 2016 (current_events.rules)
2023316 - ET CURRENT_EVENTS Possible Locky AlphaNum Downloader Oct 3 2016 (current_events.rules)
2027414 - ET CURRENT_EVENTS Observed Malicious SSL Cert (BrushaLoader CnC) 2019-05-30 (current_events.rules)
2837970 - ETPRO TROJAN Win32/DarkRAT CnC Activity (trojan.rules)
[---] Disabled rules: [---]
2024767 - ET CURRENT_EVENTS Possible Locky Payload DL Sept 26 2017 M1 (current_events.rules)
2024768 - ET CURRENT_EVENTS Possible Locky Payload DL Sept 26 2017 M2 (current_events.rules)
2026461 - ET CURRENT_EVENTS Possible Locky Payload DL Sept 26 2017 M3 (current_events.rules)
2026462 - ET CURRENT_EVENTS Possible Locky Payload DL Sept 26 2017 M4 (current_events.rules)
2026644 - ET CURRENT_EVENTS Observed Malicious SSL Cert (BrushaLoader Domain) (current_events.rules)
2026659 - ET CURRENT_EVENTS Observed Malicious SSL Cert (BrushaLoader Domain) (current_events.rules)
2027415 - ET CURRENT_EVENTS Brushaloader Domain in DNS Lookup 2019-05-30 (current_events.rules)
2827505 - ETPRO CURRENT_EVENTS Locky Payload DL 2017-08-11 (current_events.rules)
2828343 - ETPRO CURRENT_EVENTS Unknown MalDoc Checkin Oct 2017 (current_events.rules)
2828426 - ETPRO CURRENT_EVENTS JS/Locky Downloader Checkin (current_events.rules)
2833864 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (BrushaLoader CnC) (current_events.rules)
2834920 - ETPRO CURRENT_EVENTS Brushaloader Domain in DNS Lookup (current_events.rules)
2834921 - ETPRO CURRENT_EVENTS Brushaloader Domain in TLS SNI (current_events.rules)
2835110 - ETPRO CURRENT_EVENTS MalDoc Requesting Dridex Payload 2018-03-01 (current_events.rules)