[***]            Summary:            [***]

7 new Open, 31 new Pro (7 + 24). BlackRAT, BlackTech, DonotGroup, Android/Banker-JK, and Various Phishing.

Thanks @travisbgreen

[+++]          Added rules:          [+++]

Open:

2028564 - ET TROJAN [TGI] BlackRAT Checkin (trojan.rules)
2028565 - ET TROJAN [TGI] BlackRAT Checkin Response (trojan.rules)
2028566 - ET TROJAN Observed Malicious SSL Cert (Sidewinder CnC) (trojan.rules)
2028567 - ET TROJAN Observed Malicious SSL Cert (Sidewinder CnC) (trojan.rules)
2028568 - ET TROJAN Observed Malicious SSL Cert (Sidewinder CnC) (trojan.rules)
2028569 - ET TROJAN TransparentTribe APT Maldoc CnC Checkin (trojan.rules)
2028570 - ET MALWARE Possible TransparentTribe APT CnC Activity (malware.rules)

Pro:

2838386 - ETPRO TROJAN Win32/BlackTech Plead Downloader Activity (trojan.rules)
2838387 - ETPRO TROJAN Win32/Zegost Variant CnC Checkin (trojan.rules)
2838388 - ETPRO CURRENT_EVENTS Successful Facebook Phish2019-09-10 (current_events.rules)
2838389 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish2019-09-10 (current_events.rules)
2838390 - ETPRO CURRENT_EVENTS Successful Landesbank Berlin Phish2019-09-10 (current_events.rules)
2838391 - ETPRO CURRENT_EVENTS Successful Landesbank Berlin Phish2019-09-10 (current_events.rules)
2838392 - ETPRO CURRENT_EVENTS Successful Amazon JP Phish2019-09-10 (current_events.rules)
2838393 - ETPRO CURRENT_EVENTS Successful Desjardins Phish2019-09-10 (current_events.rules)
2838394 - ETPRO CURRENT_EVENTS Successful Manulife Bank Phish2019-09-10 (current_events.rules)
2838395 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish2019-09-10 (current_events.rules)
2838396 - ETPRO CURRENT_EVENTS Successful BMO Phish2019-09-10 (current_events.rules)
2838397 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish2019-09-10 (current_events.rules)
2838398 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish2019-09-10 (current_events.rules)
2838399 - ETPRO CURRENT_EVENTS Successful Apple Phish2019-09-10 (current_events.rules)
2838400 - ETPRO CURRENT_EVENTS Successful Caixa Phish2019-09-10 (current_events.rules)
2838401 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish2019-09-10 (current_events.rules)
2838402 - ETPRO CURRENT_EVENTS Successful FNB First National Bank Phish2019-09-10 (current_events.rules)
2838403 - ETPRO MOBILE_MALWARE Android/Banker-JK Registering Bot with CnC (mobile_malware.rules)
2838404 - ETPRO INFO Possible Hidden Window JS Manipulation Observed (info.rules)
2838405 - ETPRO MOBILE_MALWARE DonotGroup/APT-C-35 StealJob CnC Response (mobile_malware.rules)
2838406 - ETPRO MOBILE_MALWARE DonotGroup/APT-C-35 StealJob CnC Checkin (mobile_malware.rules)
2838407 - ETPRO MOBILE_MALWARE DonotGroup/APT-C-35 StealJob CnC Finish Command M1 (mobile_malware.rules)
2838408 - ETPRO MOBILE_MALWARE DonotGroup/APT-C-35 StealJob CnC Finish Command M2 (mobile_malware.rules)
2838409 - ETPRO POLICY External IP Lookup (ip .chinaz .com) (policy.rules)

[///]     Modified active rules:     [///]

2027959 - ET EXPLOIT Possible EXIM RCE Inbound (CVE-2019-15846) (exploit.rules)
2838208 - ETPRO TROJAN JAR/Qealler Stealer - CnC Activity M1 (trojan.rules)
2838209 - ETPRO TROJAN JAR/Qealler Stealer - CnC Activity M2 (set) (trojan.rules)
2838210 - ETPRO TROJAN JAR/Qealler Stealer - CnC Activity M2 (trojan.rules)
2838314 - ETPRO TROJAN Trickbot CnC Activity - Account (trojan.rules)

[---]         Removed rules:         [---]

2015559 - ET CURRENT_EVENTS Cridex Self Signed SSL Certificate (TR Some-State Internet Widgits) (current_events.rules)
2016192 - ET CURRENT_EVENTS DRIVEBY Unknown - Please wait... (current_events.rules)
2016654 - ET CURRENT_EVENTS Postal Reciept EXE in Zip (current_events.rules)
2016663 - ET CURRENT_EVENTS Karagany encrypted binary (1) (current_events.rules)
2017977 - ET CURRENT_EVENTS Possible Updatre SSL Certificate cardiffpower (current_events.rules)
2017978 - ET CURRENT_EVENTS Possible Updatre Compromised SSL Certificate marchsf (current_events.rules)
2017979 - ET CURRENT_EVENTS Possible Updatre Compromised SSL Certificate california89 (current_events.rules)
2017981 - ET CURRENT_EVENTS Possible Updatre Compromised SSL Certificate thebostonshaker (current_events.rules)
2018322 - ET CURRENT_EVENTS Captcha Malware C2 SSL Certificate (current_events.rules)
2018329 - ET CURRENT_EVENTS Payload Filename Used in Various2014-0322 Attacks (current_events.rules)
2018418 - ET CURRENT_EVENTS Possible W32/Zbot.InfoStealer SSL Cert Parallels.com (current_events.rules)
2019196 - ET CURRENT_EVENTS Androm SSL Cert Sept 182014 (current_events.rules)
2019227 - ET CURRENT_EVENTS Win32/Spy.Zbot.ACB SSL Cert Sept 242014 (current_events.rules)
2019282 - ET CURRENT_EVENTS BlackEnergy Possible SSL Cert Sept 262014 (current_events.rules)
2019376 - ET CURRENT_EVENTS Napolar / Shifu SSL Cert Oct 92014 (current_events.rules)
2019382 - ET CURRENT_EVENTS Win32/Zbot SSL Cert Oct 92014 (current_events.rules)
2019470 - ET CURRENT_EVENTS Win32/Zbot SSL Cert Oct 172014 (current_events.rules)
2019485 - ET CURRENT_EVENTS Win32/Zbot SSL Cert Oct 212014 (current_events.rules)
2019496 - ET CURRENT_EVENTS Possible Dyre SSL Cert Oct 222014 (current_events.rules)
2019605 - ET CURRENT_EVENTS Win32/Trustezeb.J SSL Cert Oct 302014 (current_events.rules)
2019639 - ET CURRENT_EVENTS Win32.Zbot.umpz SSL Cert Nov 42014 (current_events.rules)
2019652 - ET CURRENT_EVENTS Win32/Trustezeb.E SSL Cert Nov 052014 (current_events.rules)
2019698 - ET CURRENT_EVENTS Win32/Zbot SSL Cert Nov 112014 (current_events.rules)
2019907 - ET CURRENT_EVENTS Gootkit SSL Cert Dec 102014 (current_events.rules)
2019936 - ET CURRENT_EVENTS Win32/Spy.Zbot.ACB SSL Cert Dec 152014 (current_events.rules)
2019955 - ET CURRENT_EVENTS Possible Zbot SSL Cert Dec 162014 (current_events.rules)
2021146 - ET CURRENT_EVENTS Likely Malicious Redirect SSL Cert (current_events.rules)
2021415 - ET CURRENT_EVENTS Likely Malicious Redirect SSL Cert (current_events.rules)
2021755 - ET CURRENT_EVENTS possible Sofacy encrypted binary (1) (current_events.rules)
2024720 - ET CURRENT_EVENTS Lets Encrypt Free SSL Cert Observed in Possible Coinhive Javascript Cryptocurrency Mining (current_events.rules)
2024907 - ET CURRENT_EVENTS Qtloader encrypted payload Oct 19 (1) (current_events.rules)
2024909 - ET CURRENT_EVENTS Qtloader encrypted check-in response Oct 19 (1) (current_events.rules)
2807971 - ETPRO CURRENT_EVENTS Possible Upatre SSL Compromised site bellabeachwear (current_events.rules)
2809347 - ETPRO CURRENT_EVENTS Ropest Download Request Dec 162014 (current_events.rules)
2809934 - ETPRO CURRENT_EVENTS Possible CryptoWall Redirect Campaign March 42015 (current_events.rules)
2811218 - ETPRO CURRENT_EVENTS Likely Malicious Redirect SSL Cert (miradasystems.com) (current_events.rules)
2811219 - ETPRO CURRENT_EVENTS Likely Malicious Redirect SSL Cert (ivorylabelmedia.com) (current_events.rules)
2811387 - ETPRO CURRENT_EVENTS Likely Malicious Redirect SSL Cert (toxicads.com) (current_events.rules)
2811388 - ETPRO CURRENT_EVENTS Likely Malicious Redirect SSL Cert (nvtel.net) (current_events.rules)
2814944 - ETPRO CURRENT_EVENTS Scareware Adware/PUA Landing Nov 16 (current_events.rules)
2822035 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules)
2825000 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules)
2827466 - ETPRO CURRENT_EVENTS Observed Malicious Malvertising SSL Cert2018-08-09 (Storfin Redirect to EK) (current_events.rules)
2827601 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert2017-08-21 (MalDoc DL) (current_events.rules)
2828825 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert2017-12-07 (MalDoc DL) (current_events.rules)

Date: 
Monday, September 9, 2019 - 22:00