[***]            Summary:            [***]

2 new Open, 22 new Pro (2 + 20).  Maze Ransomware, TLDR Stealer, Get2, Ursnif, Remcos, Various Phish.

Tks: GM CIRT

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2028827 - ET TROJAN Observed Malicious SSL Cert (OSX/AppleJeus Variant CnC) (trojan.rules)
2028833 - ET TROJAN Redirect on ActiveXObject support (trojan.rules)

Pro:

2838927 - ETPRO POLICY SecureDNS .eu DNS Over HTTPS Certificate Inbound (policy.rules)
2838928 - ETPRO TROJAN Win32/Maze Ransomware CnC Activity (trojan.rules)
2838929 - ETPRO TROJAN Win32/TLDR Stealer CnC Checkin (trojan.rules)
2838930 - ETPRO TROJAN Win32/TLDR Stealer CnC Activity (trojan.rules)
2838931 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Get2 CnC) (current_events.rules)
2838932 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Get2 CnC) (current_events.rules)
2838933 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Get2 CnC) (current_events.rules)
2838934 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2838935 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC) (trojan.rules)
2838938 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-10-15 (current_events.rules)
2838939 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-10-15 (current_events.rules)
2838940 - ETPRO CURRENT_EVENTS Successful Outlook Web Access Phish 2019-10-15 (current_events.rules)
2838941 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish 2019-10-15 (current_events.rules)
2838942 - ETPRO CURRENT_EVENTS Successful Microsoft Excel Phish 2019-10-15 (current_events.rules)
2838943 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-10-15 (current_events.rules)
2838944 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-10-15 (current_events.rules)
2838945 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-10-15 (current_events.rules)
2838946 - ETPRO TROJAN Win32/Remcos RAT Checkin 204 (trojan.rules)
2838947 - ETPRO TROJAN Win32/Remcos RAT Checkin 205 (trojan.rules)
2838948 - ETPRO TROJAN Win32/Remcos RAT Checkin 206 (trojan.rules)

[///]     Modified active rules:     [///]

2001808 - ET P2P LimeWire P2P Traffic (p2p.rules)
2003486 - ET MALWARE Drivecleaner.com Spyware User-Agent (DriveCleaner Updater) (malware.rules)
2009029 - ET WEB_SERVER SQL Injection Attempt (Agent NV32ts) (web_server.rules)
2009751 - ET TROJAN Fraudload/FakeAlert/FakeVimes Downloader - POST (trojan.rules)
2009833 - ET SCAN WITOOL SQL Injection Scan (scan.rules)
2011497 - ET SCAN Hydra User-Agent (scan.rules)
2012611 - ET USER_AGENTS Suspicious User-Agent Sample (user_agents.rules)
2012620 - ET TROJAN Win32.FakeAV.chhq Checkin (trojan.rules)
2012629 - ET MALWARE Optimum Installer User-Agent IE6 on Windows XP (malware.rules)
2012751 - ET USER_AGENTS suspicious user agent string (changhuatong) (user_agents.rules)
2012757 - ET USER_AGENTS suspicious user agent string (CholTBAgent) (user_agents.rules)
2012860 - ET USER_AGENTS Suspicious User-Agent SimpleClient 1.0 (user_agents.rules)
2012893 - ET TROJAN Known Skunkx DDOS Bot User-Agent Cyberdog (trojan.rules)
2013018 - ET POLICY HTMLGET User Agent Detected - Often Linux utility based (policy.rules)
2013072 - ET MOBILE_MALWARE Android.HongTouTou Checkin (mobile_malware.rules)
2013173 - ET USER_AGENTS Atomic_Email_Hunter User-Agent Inbound (user_agents.rules)
2013174 - ET USER_AGENTS Atomic_Email_Hunter User-Agent Outbound (user_agents.rules)
2013185 - ET TROJAN Trojan-Banker.Win32.Agent Checkin (trojan.rules)
2013221 - ET TROJAN Win32/Sefnit Initial Checkin (trojan.rules)
2013392 - ET TROJAN W32/Hupigon.B User Agent TSDownload (trojan.rules)
2013401 - ET TROJAN Win32/Winshow User Agent (trojan.rules)
2013445 - ET TROJAN W32/NetShare User-Agent (trojan.rules)
2013446 - ET TROJAN Win32/TrojanDownloader.Chekafe.D User-Agent my_check_data On Off HTTP Port (trojan.rules)
2013542 - ET USER_AGENTS Win32/OnLineGames User-Agent (Revolution Win32) (user_agents.rules)
2013717 - ET TROJAN Trojan Downloader User-Agent BGroom (trojan.rules)
2013719 - ET POLICY GridinSoft.com Software Version Check (policy.rules)
2013914 - ET POLICY APT User-Agent to BackTrack Repository (policy.rules)
2013967 - ET USER_AGENTS Suspicious User-Agent (adlib) (user_agents.rules)
2013968 - ET MOBILE_MALWARE Android/KungFu Package Delete Command (mobile_malware.rules)
2014193 - ET TROJAN W32/VPEYE Trojan Downloader User-Agent (VP-EYE Downloader) (trojan.rules)
2014213 - ET TROJAN MSUpdater Connectivity Check to Google (trojan.rules)
2014283 - ET TROJAN Trustezeb Checkin to CnC (trojan.rules)
2014288 - ET TROJAN Java Archive sent when remote host claims to send an image (trojan.rules)
2014341 - ET POLICY Installshield One Click Install User-Agent Toys File (policy.rules)
2014342 - ET POLICY Snadboy.com Products User-Agent (policy.rules)
2014345 - ET POLICY Suspicious User Agent UpdateSoft (policy.rules)
2014581 - ET TROJAN Hoax.Win32.BadJoke/DownLoader1.57593 Checkin (trojan.rules)
2014604 - ET TROJAN Trojan.Win32.Yakes.pwo Checkin (trojan.rules)
2014752 - ET TROJAN Win32.HLLW.Autoruner USA_Load UA (trojan.rules)
2014754 - ET TROJAN W32/Mepaow.Backdoor Initial Checkin to Intermediary Pre-CnC (trojan.rules)
2014817 - ET TROJAN W32/Renos.Downloader User Agent zeroup (trojan.rules)
2014963 - ET TROJAN W32/Armageddon CnC Checkin (trojan.rules)
2016453 - ET TROJAN WEBC2-CLOVER Download UA (trojan.rules)
2016695 - ET INFO SUSPICIOUS UA starting with Mozilla/0 (info.rules)
2017702 - ET TROJAN Possible Trojan.APT.9002 POST (trojan.rules)
2017746 - ET TROJAN Trojan-Downloader Win32.Genome.AV (trojan.rules)
2017903 - ET TROJAN Win32/Urausy.C Checkin 4 (trojan.rules)
2018224 - ET TROJAN Likely Geodo/Emotet Downloading PE (trojan.rules)
2018404 - ET TROJAN GreenDou Downloader User-Agent (hello crazyk) (trojan.rules)
2018419 - ET TROJAN W32/Zbot.InfoStealer WindowsUpdate Connectivity Check With Opera UA (trojan.rules)
2018524 - ET TROJAN Soraya C2 User-Agent (SBTCM) (trojan.rules)
2018782 - ET SCAN Internet Scanning Project HTTP scan (scan.rules)
2019197 - ET TROJAN NewPosThings Checkin (trojan.rules)
2019198 - ET TROJAN NewPosThings Data Exfiltration (trojan.rules)
2019199 - ET TROJAN NewPosThings POST with Fake UA and Accept Header (trojan.rules)
2019498 - ET TROJAN W32/24x7Help.ScareWare CnC Beacon (trojan.rules)
2019827 - ET TROJAN W32/Wadolin.Downloader CnC Beacon (trojan.rules)
2019961 - ET TROJAN Win32/Spy.Banker.AAXV Retrieving key from Pinterest (trojan.rules)
2020298 - ET TROJAN Win32/Scieron-A UA (HTClient) (trojan.rules)
2028666 - ET TROJAN CASHY200 Style DNS Query - Initial Hello Beacon (trojan.rules)
2028667 - ET TROJAN CASHY200 Style DNS Query - Sending Hostname (trojan.rules)
2028668 - ET TROJAN CASHY200 Style DNS Query - Sending Number of Queries (trojan.rules)
2028669 - ET TROJAN CASHY200 Style DNS Query - Finished Sending Results (trojan.rules)
2028670 - ET TROJAN CASHY200 Style DNS Query - Getting CnC Data (trojan.rules)
2028671 - ET TROJAN CASHY200 Style DNS Query - Sending Command Results (trojan.rules)
2028674 - ET TROJAN CASHY200 Style DNS Query - Request Command Beacon (trojan.rules)
2801264 - ETPRO TROJAN Unknown Malware UA RSDN (trojan.rules)
2801989 - ETPRO USER_AGENTS Suspicious User-Agent (bajun) (user_agents.rules)
2801991 - ETPRO USER_AGENTS Suspicious User-Agent random (user_agents.rules)
2802584 - ETPRO TROJAN Trojan.Win32.Buzus.hond Checkin (trojan.rules)
2802947 - ETPRO USER_AGENTS Rescudos ROSE Essentials Gaming User Agent (user_agents.rules)
2803128 - ETPRO TROJAN Suspicious User-Agent (CodeDoctor) (trojan.rules)
2803231 - ETPRO TROJAN Suspicious User-Agent WMUpdate (trojan.rules)
2803261 - ETPRO TROJAN Suspicious User-Agent (Desktop Ticker) (trojan.rules)
2803334 - ETPRO POLICY Suspicious User-Agent (Google Offerbot) (policy.rules)
2803508 - ETPRO TROJAN Suspicious User-Agent opera/8.11 (trojan.rules)
2803908 - ETPRO MOBILE_MALWARE LeNa Android CnC Command (StartDown) (mobile_malware.rules)
2803925 - ETPRO GAMES Vice City Multiplayer PC Game User-Agent (VCMP/0.3zr2) (games.rules)
2804103 - ETPRO TROJAN User-Agent (yxh-yyy-internet-appliction) - Likely Trojan (trojan.rules)
2804106 - ETPRO TROJAN Backdoor.Win32.Gnutler User-Agent (ver0x3a0.) (trojan.rules)
2804220 - ETPRO TROJAN Trojan-PSW.Win32.Papras.bll Install (trojan.rules)
2804290 - ETPRO TROJAN W32/Refroso.DZP!tr Checkin (trojan.rules)
2804574 - ETPRO TROJAN Win32/Heckyebo.A User-Agent (FRANKIE WILL FUCK YOU) (trojan.rules)
2804706 - ETPRO TROJAN Win32/Votwup.D Checkin (trojan.rules)
2805778 - ETPRO TROJAN Win32/AgentBypass.gen!A Checkin (trojan.rules)
2806027 - ETPRO TROJAN Win32/Aybo.A Checkin (trojan.rules)
2807275 - ETPRO USER_AGENTS Suspicious User Agent UniversalUserAgent(winHTTP) (user_agents.rules)
2807296 - ETPRO TROJAN Viknok (trojan.rules)
2807347 - ETPRO TROJAN W32/Injector_Autoit.BE!tr Checkin (trojan.rules)
2807348 - ETPRO TROJAN Trojan.Vobfus variant XP checkin (trojan.rules)
2807350 - ETPRO USER_AGENTS Suspicious User Agent D3DL0 G00D N1C3 (user_agents.rules)
2807725 - ETPRO TROJAN Trojan.Win32.Inject.hpit Checkin (trojan.rules)
2807859 - ETPRO TROJAN Variant.Symmi Checkin 3 (trojan.rules)
2807915 - ETPRO TROJAN Trojan-Downloader.Win32.Banload.cqhl Checkin (trojan.rules)
2807967 - ETPRO TROJAN Backdoor.Win32.Destrukor.20 Checkin (trojan.rules)
2808736 - ETPRO TROJAN Backdoor.Comdinter Checkin (trojan.rules)
2808915 - ETPRO TROJAN Trojan.FakeAlert.CAF Checkin (trojan.rules)
2808925 - ETPRO TROJAN Win32/Microjoin.gen!C Checkin (trojan.rules)
2808926 - ETPRO TROJAN Trojan.Win32.LaSta Checkin (trojan.rules)
2809077 - ETPRO TROJAN JST Perl IrcBot v3.0 HTTP GET Request (trojan.rules)
2809282 - ETPRO TROJAN Wauchos.AO/Andromeda Checkin 2 (trojan.rules)
2809325 - ETPRO TROJAN Win32/Bagle.L Checkin (trojan.rules)
2809405 - ETPRO TROJAN Win32.Spy.Banker.UAE Checkin (trojan.rules)
2809445 - ETPRO TROJAN Win32/Cuepilini.A Checkin (trojan.rules)
2809586 - ETPRO TROJAN Win32/Neshta.A Checkin 4 (trojan.rules)

Date: 
Monday, October 14, 2019 - 22:00