[***]            Summary:            [***]

89 new Open, 114 new Pro (89 + 25).  NOIP DynDNS, Pegasus, Mustang Panda, JasperLoader, Remcos, Various Mobile.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2028675 - ET POLICY DNS Query to DynDNS Domain *.ddns .net (policy.rules)
2028676 - ET POLICY DNS Query to DynDNS Domain *.ddnsking .com (policy.rules)
2028677 - ET POLICY DNS Query to DynDNS Domain *.3utilities .com (policy.rules)
2028678 - ET POLICY DNS Query to DynDNS Domain *.bounceme .net (policy.rules)
2028679 - ET POLICY DNS Query to DynDNS Domain *.freedynamicdns .net (policy.rules)
2028680 - ET POLICY DNS Query to DynDNS Domain *.freedynamicdns .org (policy.rules)
2028681 - ET POLICY DNS Query to DynDNS Domain *.hopto .org (policy.rules)
2028684 - ET POLICY DNS Query to DynDNS Domain *.myftp .org (policy.rules)
2028685 - ET POLICY DNS Query to DynDNS Domain *.myvnc .com (policy.rules)
2028686 - ET POLICY DNS Query to DynDNS Domain *.onthewifi .com (policy.rules)
2028687 - ET POLICY DNS Query to DynDNS Domain *.redirectme .net (policy.rules)
2028688 - ET POLICY DNS Query to DynDNS Domain *.servebeer .com (policy.rules)
2028689 - ET POLICY DNS Query to DynDNS Domain *.serveblog .net (policy.rules)
2028690 - ET POLICY DNS Query to DynDNS Domain *.servecounterstrike .com (policy.rules)
2028691 - ET POLICY DNS Query to DynDNS Domain *.serveftp .com (policy.rules)
2028692 - ET POLICY DNS Query to DynDNS Domain *.servegame .com (policy.rules)
2028693 - ET POLICY DNS Query to DynDNS Domain *.servehalflife .com (policy.rules)
2028694 - ET POLICY DNS Query to DynDNS Domain *.servehttp .com (policy.rules)
2028695 - ET POLICY DNS Query to DynDNS Domain *.serveirc .com (policy.rules)
2028696 - ET POLICY DNS Query to DynDNS Domain *.serveminecraft .net (policy.rules)
2028697 - ET POLICY DNS Query to DynDNS Domain *.servemp3 .com (policy.rules)
2028698 - ET POLICY DNS Query to DynDNS Domain *.servepics .com (policy.rules)
2028699 - ET POLICY DNS Query to DynDNS Domain *.servequake .com (policy.rules)
2028701 - ET POLICY DNS Query to DynDNS Domain *.viewdns .net (policy.rules)
2028702 - ET POLICY DNS Query to DynDNS Domain *.webhop .me (policy.rules)
2028703 - ET POLICY DNS Query to DynDNS Domain *.zapto .org (policy.rules)
2028704 - ET POLICY DNS Query to DynDNS Domain *.access .ly (policy.rules)
2028705 - ET POLICY DNS Query to DynDNS Domain *.blogsyte .com (policy.rules)
2028706 - ET POLICY DNS Query to DynDNS Domain *.brasilia .me (policy.rules)
2028707 - ET POLICY DNS Query to DynDNS Domain *.cable-modem .org (policy.rules)
2028708 - ET POLICY DNS Query to DynDNS Domain *.ciscofreak .com (policy.rules)
2028709 - ET POLICY DNS Query to DynDNS Domain *.collegefan .org (policy.rules)
2028710 - ET POLICY DNS Query to DynDNS Domain *.couchpotatofries .org (policy.rules)
2028711 - ET POLICY DNS Query to DynDNS Domain *.damnserver .com (policy.rules)
2028712 - ET POLICY DNS Query to DynDNS Domain *.ddns .me (policy.rules)
2028713 - ET POLICY DNS Query to DynDNS Domain *.ditchyourip .com (policy.rules)
2028714 - ET POLICY DNS Query to DynDNS Domain *.dnsfor .me (policy.rules)
2028715 - ET POLICY DNS Query to DynDNS Domain *.dnsiskinky .com (policy.rules)
2028716 - ET POLICY DNS Query to DynDNS Domain *.dvrcam .info (policy.rules)
2028717 - ET POLICY DNS Query to DynDNS Domain *.dynns .com (policy.rules)
2028718 - ET POLICY DNS Query to DynDNS Domain *.eating-organic .net (policy.rules)
2028719 - ET POLICY DNS Query to DynDNS Domain *.fantasyleague .cc (policy.rules)
2028720 - ET POLICY DNS Query to DynDNS Domain *.geekgalaxy .com (policy.rules)
2028721 - ET POLICY DNS Query to DynDNS Domain *.golffan .us (policy.rules)
2028722 - ET POLICY DNS Query to DynDNS Domain *.health-carereform .com (policy.rules)
2028723 - ET POLICY DNS Query to DynDNS Domain *.homesecuritymac .com (policy.rules)
2028724 - ET POLICY DNS Query to DynDNS Domain *.homesecuritypc .com (policy.rules)
2028725 - ET POLICY DNS Query to DynDNS Domain *.hosthampster .com (policy.rules)
2028726 - ET POLICY DNS Query to DynDNS Domain *.hopto .me (policy.rules)
2028727 - ET POLICY DNS Query to DynDNS Domain *.ilovecollege .info (policy.rules)
2028728 - ET POLICY DNS Query to DynDNS Domain *.loginto .me (policy.rules)
2028729 - ET POLICY DNS Query to DynDNS Domain *.mlbfan .org (policy.rules)
2028730 - ET POLICY DNS Query to DynDNS Domain *.mmafan .biz (policy.rules)
2028731 - ET POLICY DNS Query to DynDNS Domain *.myactivedirectory .com (policy.rules)
2028732 - ET POLICY DNS Query to DynDNS Domain *.mydissent .net (policy.rules)
2028733 - ET POLICY DNS Query to DynDNS Domain *.myeffect .net (policy.rules)
2028734 - ET POLICY DNS Query to DynDNS Domain *.mymediapc .net (policy.rules)
2028735 - ET POLICY DNS Query to DynDNS Domain *.mypsx .net (policy.rules)
2028736 - ET POLICY DNS Query to DynDNS Domain *.mysecuritycamera .com (policy.rules)
2028737 - ET POLICY DNS Query to DynDNS Domain *.mysecuritycamera .net (policy.rules)
2028738 - ET POLICY DNS Query to DynDNS Domain *.mysecuritycamera .org (policy.rules)
2028739 - ET POLICY DNS Query to DynDNS Domain *.net-freaks .com (policy.rules)
2028740 - ET POLICY DNS Query to DynDNS Domain *.nflfan .org (policy.rules)
2028741 - ET POLICY DNS Query to DynDNS Domain *.nhlfan .net (policy.rules)
2028742 - ET POLICY DNS Query to DynDNS Domain *.pgafan .net (policy.rules)
2028743 - ET POLICY DNS Query to DynDNS Domain *.point2this .com (policy.rules)
2028744 - ET POLICY DNS Query to DynDNS Domain *.pointto .us (policy.rules)
2028745 - ET POLICY DNS Query to DynDNS Domain *.privatizehealthinsurance .net (policy.rules)
2028746 - ET POLICY DNS Query to DynDNS Domain *.quicksytes .com (policy.rules)
2028747 - ET POLICY DNS Query to DynDNS Domain *.read-books .org (policy.rules)
2028748 - ET POLICY DNS Query to DynDNS Domain *.securitytactics .com (policy.rules)
2028749 - ET POLICY DNS Query to DynDNS Domain *.serveexchange .com (policy.rules)
2028750 - ET POLICY DNS Query to DynDNS Domain *.servehumour .com (policy.rules)
2028751 - ET POLICY DNS Query to DynDNS Domain *.servep2p .com (policy.rules)
2028752 - ET POLICY DNS Query to DynDNS Domain *.servesarcasm .com (policy.rules)
2028753 - ET POLICY DNS Query to DynDNS Domain *.stufftoread .com (policy.rules)
2028754 - ET POLICY DNS Query to DynDNS Domain *.ufcfan .org (policy.rules)
2028755 - ET POLICY DNS Query to DynDNS Domain *.unusualperson .com (policy.rules)
2028756 - ET POLICY DNS Query to DynDNS Domain *.workisboring .com (policy.rules)
2028817 - ET TROJAN NSO Group Pegasus CnC Domain Observed in DNS Query (trojan.rules)
2028818 - ET TROJAN NSO Group Pegasus CnC Domain Observed in DNS Query (trojan.rules)
2028819 - ET TROJAN NSO Group Pegasus CnC Domain Observed in DNS Query (trojan.rules)
2028820 - ET TROJAN NSO Group Pegasus CnC Domain Observed in DNS Query (trojan.rules)
2028821 - ET TROJAN NSO Group Pegasus CnC Domain Observed in DNS Query (trojan.rules)
2028822 - ET TROJAN NSO Group Pegasus CnC Domain Observed in DNS Query (trojan.rules)
2028823 - ET TROJAN APT Mustang Panda Payload - CnC Checkin (trojan.rules)
2028824 - ET TROJAN Observed Malicious SSL Cert (APT MustangPanda CnC) (trojan.rules)
2028825 - ET EXPLOIT vBulletin 5.x Unauthenticated Remote Code Execution (CVE-2019-16759) M2 (exploit.rules)
2028826 - ET EXPLOIT vBulletin 5.x Unauthenticated Remote Code Execution (CVE-2019-16759) M3 (exploit.rules)

Pro:

2838901 - ETPRO MOBILE_MALWARE Android.Hiddad.GEN23632 CnC Beacon (mobile_malware.rules)
2838903 - ETPRO MOBILE_MALWARE Android/HiddenApp.HG Checkin (mobile_malware.rules)
2838904 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Necro.n Checkin (mobile_malware.rules)
2838905 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.YVCY-5 Reporting Location/Device Info (mobile_malware.rules)
2838906 - ETPRO TROJAN Observed Malicious SSL Cert (PsiXBot CnC) (trojan.rules)
2838907 - ETPRO POLICY Observed DNS over HTTPS Domain (doh .securedns .eu in TLS SNI) (policy.rules)
2838908 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC) (trojan.rules)
2838909 - ETPRO TROJAN Win32/JasperLoader CnC Activity (trojan.rules)
2838910 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2838911 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2838912 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-10-11 1) (trojan.rules)
2838913 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-10-11 2) (trojan.rules)
2838914 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-10-11 3) (trojan.rules)
2838915 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-10-14 (current_events.rules)
2838916 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-10-14 1) (trojan.rules)
2838917 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-10-14 2) (trojan.rules)
2838918 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-10-14 3) (trojan.rules)
2838919 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-10-14 4) (trojan.rules)
2838920 - ETPRO TROJAN APT Bisonal Payload - CnC Checkin (trojan.rules)
2838921 - ETPRO TROJAN APT Tendrit Payload - CnC Checkin (trojan.rules)
2838922 - ETPRO TROJAN APT Kimsuky - Reused Boundary String Observed (trojan.rules)
2838924 - ETPRO TROJAN MedusaHTTP Variant CnC Checkin (trojan.rules)
2838925 - ETPRO TROJAN Win32/Remcos RAT Checkin 202 (trojan.rules)
2838926 - ETPRO TROJAN Win32/Remcos RAT Checkin 203 (trojan.rules)

[///]     Modified active rules:     [///]

2027721 - ET EXPLOIT IE Scripting Engine Memory Corruption Vulnerability (CVE-2019-0752) (exploit.rules)
2028621 - ET EXPLOIT vBulletin 5.x Unauthenticated Remote Code Execution (CVE-2019-16759) M1 (exploit.rules)
2838703 - ETPRO TROJAN Win32/FTCode Ransomware CnC Checkin (trojan.rules)
2838771 - ETPRO TROJAN FTCode Ransomware VBS Inbound (trojan.rules)

Date: 
Sunday, October 13, 2019 - 22:00