[***]            Summary:            [***]

5 new Open, 13 new Pro (5 + 8).  Domen SocEng, Rig EK, TickGroup.

Thanks @jeromesegura.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2027934 - ET CURRENT_EVENTS RIG EK - Unexpected Victim Location Server Response (current_events.rules)
2027935 - ET CURRENT_EVENTS Domen SocEng Redirect - Landing Page Observed (current_events.rules)
2027936 - ET TROJAN Domen SocEng CnC Observed in DNS Query (trojan.rules)
2027937 - ET TROJAN Domen SocEng CnC Observed in DNS Query (trojan.rules)
2027938 - ET TROJAN Domen SocEng CnC Observed in DNS Query (trojan.rules)

Pro:

2838241 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (EvilVBS DL 2019-08-30) (current_events.rules)
2838242 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2838243 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-29 1) (trojan.rules)
2838244 - ETPRO TROJAN TickGroup Datper CnC Checkin M4 (trojan.rules)
2838245 - ETPRO TROJAN TickGroup Datper CnC Checkin M5 (trojan.rules)
2838246 - ETPRO TROJAN TickGroup Datper CnC Checkin M6 (trojan.rules)
2838247 - ETPRO TROJAN Win32/QULAB Telegram Checkin (trojan.rules)
2838248 - ETPRO TROJAN Win32/QULAB Telegram Exfiltration (trojan.rules)

Date: 
Thursday, August 29, 2019 - 22:00