[***] Summary: [***]
3 new Open, 15 new Pro (3 + 12). Clipsa, More_eggs, Trojan-Banker.AndroidOS.Cerberus, MalDoc SSL Certs
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2027893 - ET TROJAN Clipsa Stealer - CnC Checkin (trojan.rules)
2027894 - ET TROJAN Clipsa Stealer - Coinminer Download (trojan.rules)
2027895 - ET TROJAN Clipsa Stealer - Exfiltration Activity (trojan.rules)
Pro:
2838050 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Cerberus Checkin (mobile_malware.rules)
2838051 - ETPRO TROJAN MalDoc Retrieving Ursnif Payload (trojan.rules)
2838052 - ETPRO TROJAN Win32/Origin Logger SMTP Account Exfil (trojan.rules)
2838053 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-08-16) (current_events.rules)
2838054 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-08-16 2) (current_events.rules)
2838055 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC) (trojan.rules)
2838056 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC) (trojan.rules)
2838057 - ETPRO TROJAN Unknown BR W32/Downloader CnC Host Checkin (trojan.rules)
2838059 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-15 1) (trojan.rules)
2838060 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-15 2) (trojan.rules)
2838061 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-16 1) (trojan.rules)
2838062 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish 2019-08-16 (current_events.rules)
[///] Modified active rules: [///]
2027693 - ET TROJAN Inter Skimmer CnC Domain in DNS Lookup (trojan.rules)
2025931 - ET TROJAN Aurora Ransomware CnC Checkin (trojan.rules)
[---] Disabled and modified rules: [---]
2027890 - ET SNMP Cisco Non-Trap PDU request on SNMPv1 trap port (snmp.rules)