[***]            Summary:            [***]

7 new Open, 40 new Pro (7 + 33).  Various Router DNS Changer Exploits, GlitchPOS, ProkLoader, Cob(?:alt|int), Remcos, Various Phish.

Tks: @james_inthe_box

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2027906 - ET EXPLOIT D-Link Router DNS Changer Exploit Attempt (exploit.rules)
2027907 - ET EXPLOIT ARG-W4 ASDL Router DNS Changer Exploit Attempt (exploit.rules)
2027908 - ET EXPLOIT DSLink 260E Router DNS Changer Exploit Attempt (exploit.rules)
2027909 - ET EXPLOIT Secutech Router DNS Changer Exploit Attempt (exploit.rules)
2027910 - ET EXPLOIT TOTOLINK Router DNS Changer Exploit Attempt (exploit.rules)
2027911 - ET CURRENT_EVENTS Successful Generic Phish (set) 2019-08-23 (current_events.rules)
2027912 - ET TROJAN GlitchPOS CnC Checkin (trojan.rules) 

Pro:

2838140 - ETPRO TROJAN ProkLoader CnC Activity (trojan.rules)
2838143 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-08-23 (current_events.rules)
2838144 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-08-23 (current_events.rules)
2838145 - ETPRO CURRENT_EVENTS Successful SunTrust Phish 2019-08-23 (current_events.rules)
2838146 - ETPRO CURRENT_EVENTS Successful Daum Phish 2019-08-23 (current_events.rules)
2838147 - ETPRO CURRENT_EVENTS Successful Spotify Phish 2019-08-23 (current_events.rules)
2838148 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2019-08-23 (current_events.rules)
2838149 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2019-08-23 (current_events.rules)
2838150 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2019-08-23 (current_events.rules)
2838151 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2019-08-23 (current_events.rules)
2838152 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-23 1) (trojan.rules)
2838153 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-23 2) (trojan.rules)
2838154 - ETPRO TROJAN SSL/TLS Certificate Observed (CobInt) (trojan.rules)
2838155 - ETPRO TROJAN SSL/TLS Certificate Observed (Cobalt Group Downloader) (trojan.rules)
2838156 - ETPRO TROJAN Win32/Socks.NAL CnC Checkin (trojan.rules)
2838157 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup CnC) (trojan.rules)
2838158 - ETPRO TROJAN Win32/Remcos RAT Checkin 122 (trojan.rules)
2838159 - ETPRO TROJAN Win32/Remcos RAT Checkin 123 (trojan.rules)
2838160 - ETPRO TROJAN Win32/Remcos RAT Checkin 124 (trojan.rules)
2838161 - ETPRO TROJAN Win32/Remcos RAT Checkin 125 (trojan.rules)
2838162 - ETPRO TROJAN Win32/Remcos RAT Checkin 126 (trojan.rules)
2838163 - ETPRO TROJAN Win32/Remcos RAT Checkin 127 (trojan.rules)
2838164 - ETPRO TROJAN Win32/Remcos RAT Checkin 128 (trojan.rules)
2838165 - ETPRO TROJAN Win32/Remcos RAT Checkin 129 (trojan.rules)
2838166 - ETPRO TROJAN Win32/Remcos RAT Checkin 130 (trojan.rules)
2838167 - ETPRO TROJAN Win32/Remcos RAT Checkin 131 (trojan.rules)
2838168 - ETPRO TROJAN Win32/Remcos RAT Checkin 132 (trojan.rules)
2838169 - ETPRO TROJAN Win32/Remcos RAT Checkin 133 (trojan.rules)
2838170 - ETPRO TROJAN Win32/Remcos RAT Checkin 134 (trojan.rules)
2838171 - ETPRO TROJAN Win32/Remcos RAT Checkin 135 (trojan.rules)
2838172 - ETPRO TROJAN Win32/Remcos RAT Checkin 136 (trojan.rules)

[///]     Modified active rules:     [///]

2002402 - ET MALWARE Spyware Related User-Agent (UtilMind HTTPGet) (malware.rules)
2027771 - ET TROJAN Win32/ArtraDownloader Checkin (trojan.rules)
2836280 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-05-10 (current_events.rules)
2838109 - ETPRO POLICY Google DNS Over HTTPS Certificate Inbound (policy.rules)

Date: 
Thursday, August 22, 2019 - 22:00