[***]            Summary:            [***]

1 new Open, 25 new Pro (1 + 24).  Amadey, PlugX, Various Coinminers, DonotGroup, Remcos.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2027897 - ET TROJAN BalkanDoor CnC Checkin (trojan.rules)

Pro:

2838063 - ETPRO TROJAN Amadey CnC Server Payload Response (exe) (trojan.rules)
2838064 - ETPRO TROJAN Amadey CnC Server Payload Response (dll) (trojan.rules)
2838065 - ETPRO TROJAN Observed DNS Query for PlugX CnC Domain (trojan.rules)
2838067 - ETPRO TROJAN Observed DNS Query for PlugX CnC Domain (trojan.rules)
2838068 - ETPRO TROJAN Observed DNS Query for PlugX CnC Domain (trojan.rules)
2838069 - ETPRO TROJAN Observed DNS Query for PlugX CnC Domain (trojan.rules)
2838070 - ETPRO TROJAN Observed DNS Query for PlugX CnC Domain (trojan.rules)
2838071 - ETPRO POLICY Observed DNS Query to Canary Token Service (policy.rules)
2838072 - ETPRO TROJAN Possible DarkHotel Related DNS Lookup (trojan.rules)
2838073 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-19 1) (trojan.rules)
2838074 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-19 2) (trojan.rules)
2838075 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-19 3) (trojan.rules)
2838076 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-19 4) (trojan.rules)
2838077 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-19 5) (trojan.rules)
2838078 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-19 6) (trojan.rules)
2838079 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-19 7) (trojan.rules)
2838080 - ETPRO TROJAN Possible DarkHotel VBS CnC Activity M1 (trojan.rules)
2838081 - ETPRO TROJAN Possible DarkHotel VBS CnC Activity M2 (trojan.rules)
2838082 - ETPRO TROJAN Possible DarkHotel VBS CnC Activity M3 (trojan.rules)
2838083 - ETPRO TROJAN Win32/Remcos RAT Checkin 121 (trojan.rules)
2838084 - ETPRO TROJAN DonotGroup Maldoc/Stage 1 CnC Domain in DNS Query (trojan.rules)
2838085 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup CnC) (trojan.rules)
2838086 - ETPRO TROJAN DonotGroup Maldoc Stage 1 CnC Checkin M1 (trojan.rules)
2838087 - ETPRO TROJAN DonotGroup Maldoc Stage 1 CnC Checkin M2 (trojan.rules)

[///]     Modified active rules:     [///]

2027349 - ET WEB_SPECIFIC_APPS Jenkins Chained Exploits CVE-2018-1000861 and CVE-2019-1003000 M1 (web_specific_apps.rules)
2027700 - ET TROJAN Amadey CnC Check-In (trojan.rules)
2027892 - ET TROJAN Win32/Dostre CnC Activity (trojan.rules)
2836790 - ETPRO POLICY Observed SSL Cert (Canarytokens) (policy.rules)
2836791 - ETPRO POLICY Observed HTTP Request to Canary Token Service (policy.rules)

Date: 
Sunday, August 18, 2019 - 22:00