[***]            Summary:            [***]

4 new Open, 30 new Pro (4 + 26). Ursnif, More_eggs, Android/FakePlayer.AU, Win32/MrFireman Keylogger, Various Phishing.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:2

2028662 - ET TROJAN CASHY200 CnC Domain in DNS Lookup (trojan.rules)
2028663 - ET TROJAN CASHY200 CnC Domain in DNS Lookup (trojan.rules)
2028664 - ET TROJAN CASHY200 CnC Domain in DNS Lookup (trojan.rules)
2028665 - ET TROJAN CASHY200 CnC Domain in DNS Lookup (trojan.rules)

Pro:

2838855 - ETPRO MOBILE_MALWARE Android/FakePlayer.AU Checkin (mobile_malware.rules)
2838856 - ETPRO MOBILE_MALWARE Android/AdDisplay.Kuguo.H Reporting Location (mobile_malware.rules)
2838857 - ETPRO CURRENT_EVENTS MalDoc Requesting Payload 2019-10-09 (current_events.rules)
2838858 - ETPRO CURRENT_EVENTS MalDoc Requesting Payload 2019-10-10 (current_events.rules)
2838859 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2838860 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC) (trojan.rules)
2838861 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2838862 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2838863 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC) (trojan.rules)
2838864 - ETPRO TROJAN KrugBOT CnC Checkin (trojan.rules)
2838865 - ETPRO CURRENT_EVENTS Successful Davivienda Phish 2019-10-10 (current_events.rules)
2838866 - ETPRO CURRENT_EVENTS Successful Davivienda Phish 2019-10-10 (current_events.rules)
2838867 - ETPRO CURRENT_EVENTS Successful Generic XBALTI Phish (current_events.rules)
2838868 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish 2019-10-10 (current_events.rules)
2838869 - ETPRO CURRENT_EVENTS Successful ICS Phish 2019-10-10 (current_events.rules)
2838870 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2019-10-10 (current_events.rules)
2838871 - ETPRO CURRENT_EVENTS Successful Microsoft Excel Phish 2019-10-10 (current_events.rules)
2838872 - ETPRO CURRENT_EVENTS Successful Microsoft Excel Phish 2019-10-10 (current_events.rules)
2838873 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2019-10-10 (current_events.rules)
2838874 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-10-10 (current_events.rules)
2838875 - ETPRO CURRENT_EVENTS Successful Luno Cryptocurrency Phish 2019-10-10 (current_events.rules)
2838876 - ETPRO CURRENT_EVENTS Successful Google Account Phish 2019-10-10 (current_events.rules)
2838877 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-10-10 1) (trojan.rules)
2838878 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-10-10 2) (trojan.rules)
2838879 - ETPRO TROJAN Possible Quassar RAT Server Response via WebSocket (trojan.rules)
2838880 - ETPRO TROJAN Win32/MrFireman Keylogger SMTP Exfil (trojan.rules)

[///]     Modified active rules:     [///]

2014288 - ET TROJAN Java Archive sent when remote host claims to send an image (trojan.rules)
2018635 - ET TROJAN Common Upatre Header Structure 2 (trojan.rules)
2831962 - ETPRO TROJAN Ursnif Variant CnC Beacon 8 M1 (trojan.rules)
2831963 - ETPRO TROJAN Ursnif Variant CnC Beacon 8 M2 (trojan.rules)
2837233 - ETPRO TROJAN Possible Unk JSP WebShell Access M4 (trojan.rules)

[---]         Removed rules:         [---]

2022480 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gootkit CnC) (trojan.rules)

Date: 
Wednesday, October 9, 2019 - 22:00