[***]            Summary:            [***]

5 new Open, 27 new Pro (5 + 22).  Phoenix Keylogger, Android Shedun, FTCode, Various Phish.

Thanks @P3pperP0tts

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2028643 - ET TROJAN Win32/Phoenix Keylogger SMTP Exfil - Passwords (trojan.rules)
2028644 - ET TROJAN Win32/Phoenix Keylogger Exfil via SMTP - Generic (trojan.rules)
2028645 - ET TROJAN Win32/Phoenix Keylogger SMTP Exfil - Logs (trojan.rules)
2028646 - ET TROJAN Win32/Phoenix Keylogger SMTP Exfil - Clipboard (trojan.rules)
2028647 - ET TROJAN Win32/Phoenix Keylogger SMTP Exfil - Screenshot (trojan.rules)

Pro:

2838700 - ETPRO MOBILE_MALWARE Android Shedun CnC Beacon 2 (mobile_malware.rules)
2838701 - ETPRO MOBILE_MALWARE Android Shedun CnC Beacon 3 (mobile_malware.rules)
2838702 - ETPRO MOBILE_MALWARE Android Shedun CnC Beacon 4 (mobile_malware.rules)
2838703 - ETPRO TROJAN Win32/FTCode Ransomware CnC Checkin (trojan.rules)
2838704 - ETPRO TROJAN Win32/Almanahe.B Post-Infection Activity (trojan.rules)
2838705 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-10-02 (current_events.rules)
2838706 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-10-02 (current_events.rules)
2838707 - ETPRO CURRENT_EVENTS Successful Active Mail Phish 2019-10-02 (current_events.rules)
2838708 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-10-02 (current_events.rules)
2838709 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-10-02 (current_events.rules)
2838710 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-10-02 (current_events.rules)
2838711 - ETPRO CURRENT_EVENTS Successful Target Phish 2019-10-02 (current_events.rules)
2838712 - ETPRO CURRENT_EVENTS Successful Target Phish 2019-10-02 (current_events.rules)
2838713 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-10-02 (current_events.rules)
2838714 - ETPRO CURRENT_EVENTS Successful Generic Shared Document Phish 2019-10-02 (current_events.rules)
2838715 - ETPRO CURRENT_EVENTS Successful US Bank Phish 2019-10-02 (current_events.rules)
2838718 - ETPRO POLICY External IP Lookup Service Request Observed (policy.rules)
2838719 - ETPRO POLICY External IP Lookup Service Response Observed (policy.rules)
2838720 - ETPRO TROJAN Observed HTTP Request to High Volume Known Malicious Staging Domain (trojan.rules)
2838721 - ETPRO TROJAN W32.Sarwent Variant Checkin -- connect (trojan.rules)
2838722 - ETPRO TROJAN Observed Malicious SSL Cert (Ostap) (trojan.rules)

Date: 
Tuesday, October 1, 2019 - 22:00