[***]            Summary:            [***]

7 new Open, 15 new Pro (7 + 8). Tflower Ransomware, Plead TScookie, Vistil Bot, Various mobile.

Thanks: Travis Green (@travisbgreen), GM CIRT

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2028597 - ET TROJAN Win32/Tflower Ransomware CnC Checkin (trojan.rules)
2028598 - ET TROJAN Observed Cobalt Strike User-Agent (trojan.rules)
2028599 - ET TROJAN Plead TSCookie CnC Checkin M1 (trojan.rules)
2028600 - ET TROJAN Plead TSCookie CnC Checkin M2 (trojan.rules)
2028601 - ET TROJAN Plead TSCookie CnC Checkin M3 (trojan.rules)
2028602 - ET TROJAN Plead TSCookie CnC Checkin M4 (trojan.rules)
2028603 - ET EXPLOIT DLink DNS 320 Remote Code Execution (CVE-2019-16057) (exploit.rules)

Pro:

2838493 - ETPRO MOBILE_MALWARE Trojan.Android.Rootnik.bqb Checkin (mobile_malware.rules)
2838494 - ETPRO MOBILE_MALWARE Android/Spy.Banker.AMA Reporting App List (mobile_malware.rules)
2838495 - ETPRO MOBILE_MALWARE Android/Spy.Banker.AMA CnC Beacon (mobile_malware.rules)
2838496 - ETPRO TROJAN Win32/Qbot CnC Activity (trojan.rules)
2838497 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Tflower Ransomware CnC) (trojan.rules)
2838498 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC) (trojan.rules)
2838499 - ETPRO TROJAN Win32/Vistil Bot - Telegram Exfiltration (trojan.rules)
2838500 - ETPRO TROJAN Win32/Remcos RAT Checkin 166 (trojan.rules)

[///]     Modified active rules:     [///]

2803778 - ETPRO MALWARE Numerical .pf Domain Likely Malware Related (malware.rules)
2829865 - ETPRO MOBILE_MALWARE Android/Arukas.A!tr Checkin (mobile_malware.rules)
2831963 - ETPRO TROJAN Ursnif Variant CnC Beacon 8 M2 (trojan.rules)

Date: 
Tuesday, September 17, 2019 - 22:00