[***]            Summary:            [***]

3 new Open, 39 new Pro (3 + 36). Ursu Variant, Grandsteal, Various Mobile, Coinminers, and Phish.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029198 - ET POLICY Suspicious ToTok Mobile Application DNS Request (policy.rules)
2029199 - ET POLICY Suspicious ToTok Mobile Application TLS Request (policy.rules)
2029200 - ET TROJAN Observed Malicious SSL Cert (jssLoader CnC) (trojan.rules)

Pro:

2840081 - ETPRO MOBILE_MALWARE Android/Spy.Agent.BAK Checkin (mobile_malware.rules)
2840082 - ETPRO MOBILE_MALWARE Android/Spy.Agent.BAK Contact Exfil (mobile_malware.rules)
2840083 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-24 1) (trojan.rules)
2840084 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-24 2) (trojan.rules)
2840085 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-24 3) (trojan.rules)
2840086 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-24 4) (trojan.rules)
2840087 - ETPRO TROJAN Win32/Sisproc CnC Activity (trojan.rules)
2840088 - ETPRO TROJAN Ursu Variant CnC Initial Checkin (trojan.rules)
2840089 - ETPRO TROJAN Ursu Variant CnC Activity M1 (trojan.rules)
2840090 - ETPRO TROJAN Ursu Variant CnC Activity M2 (trojan.rules)
2840091 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-12-26 (current_events.rules)
2840092 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2019-12-26 (current_events.rules)
2840093 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-12-26 (current_events.rules)
2840094 - ETPRO CURRENT_EVENTS Successful Generic Session Expired Phish 2019-12-26 (current_events.rules)
2840095 - ETPRO CURRENT_EVENTS Successful USAA Phish 2019-12-26 (current_events.rules)
2840096 - ETPRO CURRENT_EVENTS Successful PNC Phish 2019-12-26 (current_events.rules)
2840097 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-12-26 (current_events.rules)
2840098 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-12-26 (current_events.rules)
2840099 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-12-26 (current_events.rules)
2840100 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-12-26 (current_events.rules)
2840101 - ETPRO CURRENT_EVENTS Successful Comcast Phish 2019-12-26 (current_events.rules)
2840102 - ETPRO CURRENT_EVENTS Successful Ratuken Phish 2019-12-26 (current_events.rules)
2840103 - ETPRO CURRENT_EVENTS Successful US Bank Phish 2019-12-26 (current_events.rules)
2840104 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2019-12-26 (current_events.rules)
2840105 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-12-26 (current_events.rules)
2840106 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-12-26 (current_events.rules)
2840107 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-12-26 (current_events.rules)
2840108 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-12-26 (current_events.rules)
2840109 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-12-26 (current_events.rules)
2840110 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-12-26 (current_events.rules)
2840111 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-12-26 (current_events.rules)
2840112 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-12-26 (current_events.rules)
2840113 - ETPRO TROJAN GrandSteal WebSocket Request (trojan.rules)
2840114 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC) (trojan.rules)
2840115 - ETPRO TROJAN Win32/Remcos RAT Checkin 290 (trojan.rules)
2840116 - ETPRO TROJAN Win32/Remcos RAT Checkin 291 (trojan.rules)

[///]     Modified active rules:     [///]

2838879 - ETPRO TROJAN GrandSteal Server Response via WebSocket (trojan.rules)
2839676 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules)

Date: 
Wednesday, December 25, 2019 - 22:00