[***]            Summary:            [***]

9 new Open, 42 new Pro (9 + 33). OilRig, Valak, DarkRATv2, Docxer and Various Phish.

Thanks @prsecurity_ and @hyasinc

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029189 - ET TROJAN OilRig APT PowDesk Powershell Check (trojan.rules)
2029190 - ET TROJAN Possible XServer Backdoor Certificate Observed (trojan.rules)
2029191 - ET ACTIVEX Suspicious TLS SNI Request for Root (activex.rules)
2029192 - ET TROJAN Win32/Valak Checkin (trojan.rules)
2029193 - ET TROJAN Win32/Valak - Stage 2 - Request (trojan.rules)
2029194 - ET TROJAN Win32/Valak Checkin - Server Response (trojan.rules)
2029195 - ET TROJAN Win32/Valak - Stage 2 - Response - Task (trojan.rules)
2029196 - ET TROJAN Win32/Valak - Stage 2 - Response - Plugin (trojan.rules)
2029197 - ET TROJAN Win32/Valak - Plugin Data Exfil (trojan.rules)

Pro:

2840047 - ETPRO INFO Possible OAuth Redirect Observed (info.rules)
2840048 - ETPRO INFO Possible OAuth Redirect Observed (info.rules)
2840049 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-23 (current_events.rules)
2840050 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-23 (current_events.rules)
2840051 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union Phish 2019-12-23 (current_events.rules)
2840052 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union Phish 2019-12-23 (current_events.rules)
2840053 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish 2019-12-23 (current_events.rules)
2840054 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-23 (current_events.rules)
2840055 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-23 (current_events.rules)
2840056 - ETPRO CURRENT_EVENTS Successful Sina Webmail CN Phish 2019-12-23 (current_events.rules)
2840057 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-12-23 (current_events.rules)
2840058 - ETPRO CURRENT_EVENTS Successful HSBC Phish 2019-12-23 (current_events.rules)
2840059 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-23 (current_events.rules)
2840060 - ETPRO TROJAN Zloader Inject SSL/TLS Certificate Observed (trojan.rules)
2840061 - ETPRO CURRENT_EVENTS Successful SunTrust Phish 2019-12-23 (current_events.rules)
2840062 - ETPRO CURRENT_EVENTS Successful BMO Phish 2019-12-23 (current_events.rules)
2840064 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2019-12-23 (current_events.rules)
2840065 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-12-23 (current_events.rules)
2840066 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-12-23 (current_events.rules)
2840067 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish 2019-12-23 (current_events.rules)
2840068 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-12-23 (current_events.rules)
2840069 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-12-23 (current_events.rules)
2840070 - ETPRO CURRENT_EVENTS Successful Raiffeisen Bank Phish 2019-12-23 (current_events.rules)
2840071 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-12-23 (current_events.rules)
2840072 - ETPRO TROJAN Docxer CnC Initial Checkin (trojan.rules)
2840073 - ETPRO TROJAN Docxer CnC Heartbeat (trojan.rules)
2840074 - ETPRO TROJAN DarkRATv2 CnC Checkin (trojan.rules)
2840075 - ETPRO TROJAN DarkRATv2 CnC Heartbeat (trojan.rules)
2840076 - ETPRO TROJAN DarkRATv2 CnC Heartbeat Response (trojan.rules)
2840077 - ETPRO TROJAN Win32/Downloader.Agent.EWB Variant Checkin (trojan.rules)
2840078 - ETPRO TROJAN Win32/Remcos RAT Checkin 288 (trojan.rules)
2840079 - ETPRO TROJAN Win32/Remcos RAT Checkin 289 (trojan.rules)
2840080 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)

[---]         Removed rules:         [---]

2839070 - ETPRO TROJAN Win32/Valak CnC Activity M1 (trojan.rules)
2839071 - ETPRO TROJAN Win32/Valak CnC Activity M2 (trojan.rules)

Date: 
Sunday, December 22, 2019 - 22:00