[***]            Summary:            [***]

4 new Open, 23 new Pro (4 + 19). DonotGroup, IcedID, Keitaro TDS, KPOT, Remcos, Coinminers.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2028584 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC) (trojan.rules)
2028585 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC) (trojan.rules)
2028586 - ET TROJAN DonotGroup CnC Observed in DNS Query (trojan.rules)
2028587 - ET TROJAN DonotGroup CnC Observed in DNS Query (trojan.rules)

Pro:

2838464 - ETPRO TROJAN Win32/IcedID Style Request for Websocket (trojan.rules)
2838465 - ETPRO TROJAN Win32/IcedID CnC Activity (trojan.rules)
2838466 - ETPRO CURRENT_EVENTS Evil Keitaro Set-Cookie Inbound (d1a5f) (current_events.rules)
2838467 - ETPRO TROJAN Win32/KPOT Stealer Initial CnC Activity M1 (trojan.rules)
2838468 - ETPRO TROJAN Win32/KPOT Stealer Initial CnC Activity M2 (trojan.rules)
2838469 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2019-09-16 Domain (capoqeo .co .uk in TLS SNI) (current_events.rules)
2838470 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-09-16 1) (trojan.rules)
2838471 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-09-16 2) (trojan.rules)
2838472 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-09-16 3) (trojan.rules)
2838473 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-09-16 4) (trojan.rules)
2838474 - ETPRO TROJAN Observed Malicious SSL Cert (Various CnC) (trojan.rules)
2838475 - ETPRO CURRENT_EVENTS Evil Keitaro Set-Cookie Inbound (b91c7) (current_events.rules)
2838476 - ETPRO TROJAN MSIL/Kryptik.SBM CnC Checkin (trojan.rules)
2838477 - ETPRO TROJAN Win32/Remcos RAT Checkin 162 (trojan.rules)
2838478 - ETPRO TROJAN Win32/Remcos RAT Checkin 163 (trojan.rules)
2838479 - ETPRO TROJAN Win32/Remcos RAT Checkin 164 (trojan.rules)
2838480 - ETPRO TROJAN Win32/Remcos RAT Checkin 165 (trojan.rules)
2838481 - ETPRO TROJAN Observed MSIL/Spy.Agent.BXY Domain in TLS SNI (trojan.rules)
2838482 - ETPRO TROJAN Observed Win32/Saefko Domain in TLS SNI (trojan.rules)

[///]     Modified active rules:     [///]

2028569 - ET TROJAN TransparentTribe APT Maldoc CnC Checkin (trojan.rules)

Date: 
Sunday, September 15, 2019 - 22:00