[***] Summary: [***]
5 new Open, 13 new Pro (5 + 8). Domen SocEng, Rig EK, TickGroup.
Thanks @jeromesegura.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2027934 - ET CURRENT_EVENTS RIG EK - Unexpected Victim Location Server Response (current_events.rules)
2027935 - ET CURRENT_EVENTS Domen SocEng Redirect - Landing Page Observed (current_events.rules)
2027936 - ET TROJAN Domen SocEng CnC Observed in DNS Query (trojan.rules)
2027937 - ET TROJAN Domen SocEng CnC Observed in DNS Query (trojan.rules)
2027938 - ET TROJAN Domen SocEng CnC Observed in DNS Query (trojan.rules)
Pro:
2838241 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (EvilVBS DL 2019-08-30) (current_events.rules)
2838242 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2838243 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-29 1) (trojan.rules)
2838244 - ETPRO TROJAN TickGroup Datper CnC Checkin M4 (trojan.rules)
2838245 - ETPRO TROJAN TickGroup Datper CnC Checkin M5 (trojan.rules)
2838246 - ETPRO TROJAN TickGroup Datper CnC Checkin M6 (trojan.rules)
2838247 - ETPRO TROJAN Win32/QULAB Telegram Checkin (trojan.rules)
2838248 - ETPRO TROJAN Win32/QULAB Telegram Exfiltration (trojan.rules)