[***]            Summary:            [***]

10 new Open, 29 new Pro (10 + 19).  Glupteba, Various Android, Predator the Thief, Trickbot, Various Phishing.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2027945 - ET INFO McAfee AV Download - Set (info.rules)
2027946 - ET TROJAN Observed Glupteba CnC Domain (venoxcontrol .com in TLS SNI) (trojan.rules)
2027947 - ET TROJAN Glupteba CnC Domain in DNS Lookup (trojan.rules)
2027948 - ET TROJAN Glupteba CnC Domain in DNS Lookup (trojan.rules)
2027949 - ET TROJAN Glupteba CnC Domain in DNS Lookup (trojan.rules)
2027950 - ET TROJAN Glupteba CnC Domain in DNS Lookup (trojan.rules)
2027951 - ET TROJAN Glupteba CnC Domain in DNS Lookup (trojan.rules)
2027952 - ET TROJAN Glupteba CnC Domain in DNS Lookup (trojan.rules)
2027953 - ET TROJAN Glupteba CnC Domain in DNS Lookup (trojan.rules)
2027954 - ET TROJAN Glupteba CnC Domain in DNS Lookup (trojan.rules)

Pro:

2838304 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 467 (mobile_malware.rules)
2838305 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 468 (mobile_malware.rules)
2838306 - ETPRO MOBILE_MALWARE Android Baoshu Location/Device Info Exfil (mobile_malware.rules)
2838307 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.Nidb.a Checkin (mobile_malware.rules)
2838308 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.acxv Checkin (mobile_malware.rules)
2838309 - ETPRO TROJAN Observed Malicious SSL Cert (PsiXBot CnC) (trojan.rules)
2838311 - ETPRO TROJAN Win32/Predator The Thief Initial CnC Checkin Request (trojan.rules)
2838312 - ETPRO TROJAN Win32/Predator The Thief Initial CnC Checkin Response (trojan.rules)
2838313 - ETPRO TROJAN Win32/Predator The Thief CnC Activity (trojan.rules)
2838314 - ETPRO TROJAN Trickbot CnC Activity - Account (trojan.rules)
2838315 - ETPRO TROJAN Trickbot CnC Activity - Executable Path (trojan.rules)
2838316 - ETPRO TROJAN Trickbot CnC Activity - NAT Status (trojan.rules)
2838317 - ETPRO CURRENT_EVENTS Successful TU Delft Phish 2019-09-05 (current_events.rules)
2838318 - ETPRO CURRENT_EVENTS Successful Christian Mingle Phish 2019-09-05 (current_events.rules)
2838319 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-09-05 (current_events.rules)
2838320 - ETPRO CURRENT_EVENTS Successful Generic Webmail Verification Phish 2019-09-05 (current_events.rules)
2838321 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-09-05 (current_events.rules)
2838322 - ETPRO CURRENT_EVENTS Successful BMO Phish 2019-09-05 (current_events.rules)
2838323 - ETPRO TROJAN Win32/Remcos RAT Checkin 152 (trojan.rules)

[///]     Modified active rules:     [///]

2008438 - ET TROJAN Possible Windows executable sent when remote host claims to send a Text File (trojan.rules)
2027671 - ET POLICY Cloudflare DNS Over HTTPS Certificate Inbound (policy.rules)
2838259 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-09-03 (current_events.rules)

[---]         Removed rules:         [---]

2826593 - ETPRO INFO TCP DNS Query Domain .bit (Namecoin) (info.rules)
2828639 - ETPRO INFO TCP DNS Query Domain .bit M2 (Namecoin) (info.rules)
2831995 - ETPRO TROJAN Win32/Predator The Thief Sending Data to CnC (trojan.rules)

Date: 
Wednesday, September 4, 2019 - 22:00