[***]            Summary:            [***]

9 new Open, 20 new Pro (9 + 11). GhostMiner, Magecart, Remcos, Win32/Bobik.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2028604 - ET TROJAN Possible GhostMiner CCBOT Component - CnC Checkin (trojan.rules)
2028605 - ET TROJAN Magecart CnC Domain Observed in DNS Query (trojan.rules)
2028606 - ET TROJAN Magecart CnC Domain Observed in DNS Query (trojan.rules)
2028607 - ET TROJAN Magecart CnC Domain Observed in DNS Query (trojan.rules)
2028608 - ET TROJAN Magecart CnC Domain Observed in DNS Query (trojan.rules)
2028609 - ET TROJAN Magecart CnC Domain Observed in DNS Query (trojan.rules)
2028610 - ET TROJAN Magecart CnC Domain Observed in DNS Query (trojan.rules)
2028611 - ET TROJAN Magecart CnC Domain Observed in DNS Query (trojan.rules)
2028612 - ET MALWARE Win32/GameHack.DJC CnC Activity (malware.rules)

Pro:

2838501 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2838502 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-09-19) (current_events.rules)
2838503 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-09-19 2) (current_events.rules)
2838504 - ETPRO TROJAN Observed Malicious SSL Cert (GRIFFON CnC) (trojan.rules)
2838505 - ETPRO TROJAN Unknown - Data Exfiltration via DNS (trojan.rules)
2838506 - ETPRO INFO Suspicious X25 DNS Request Outbound (info.rules)
2838507 - ETPRO TROJAN Win32/Agent.XQV Config Request (trojan.rules)
2838508 - ETPRO TROJAN Win32/Agent.XQV Config Inbound from CnC (trojan.rules)
2838509 - ETPRO TROJAN Win32/Remcos RAT Checkin 167 (trojan.rules)
2838510 - ETPRO TROJAN Win32/Remcos RAT Checkin 168 (trojan.rules)
2838511 - ETPRO TROJAN Win32/Bobik CnC Activity (trojan.rules)

Date: 
Wednesday, September 18, 2019 - 22:00