[***]            Summary:            [***]

2 new Open, 27 new Pro (2 + 25). Upatre, Azorult, Remcos and Various Phish.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029201 - ET TROJAN Observed Malicious SSL Cert (Upatre CnC) (trojan.rules)
2029202 - ET TROJAN Observed Upatre CnC Domain in TLS SNI (trojan.rules)

Pro:

2840117 - ETPRO TROJAN Base64 Encoded EXE Content-Type Mismatch (audio/mpeg) (trojan.rules)
2840118 - ETPRO WEB_CLIENT Evil Keitaro Set-Cookie Inbound (9a206) (web_client.rules)
2840119 - ETPRO CURRENT_EVENTS Successful Aruba IT Phish 2019-12-27 (current_events.rules)
2840120 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-27 (current_events.rules)
2840121 - ETPRO CURRENT_EVENTS Successful Google Phish 2019-12-27 (current_events.rules)
2840122 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2019-12-27 (current_events.rules)
2840123 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2019-12-27 (current_events.rules)
2840124 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2019-12-27 (current_events.rules)
2840125 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2019-12-27 (current_events.rules)
2840126 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-27 (current_events.rules)
2840127 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-27 (current_events.rules)
2840128 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-12-27 (current_events.rules)
2840129 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2019-12-27 (current_events.rules)
2840130 - ETPRO CURRENT_EVENTS Successful Simplii Phish 2019-12-27 (current_events.rules)
2840131 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-12-27 (current_events.rules)
2840132 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-12-27 (current_events.rules)
2840133 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-27 (current_events.rules)
2840134 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-27 (current_events.rules)
2840135 - ETPRO CURRENT_EVENTS Successful Microsoft Live Account Phish 2019-12-27 (current_events.rules)
2840136 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-27 1) (trojan.rules)
2840137 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-27 2) (trojan.rules)
2840138 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-27 3) (trojan.rules)
2840139 - ETPRO TROJAN Win32/Remcos RAT Checkin 292 (trojan.rules)
2840140 - ETPRO TROJAN Win32/Remcos RAT Checkin 293 (trojan.rules)
2840141 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC) 2019-12-27 (trojan.rules)

[///]     Modified active rules:     [///]

2029178 - ET TROJAN Win32/BlackNET CnC Checkin (trojan.rules)
2029179 - ET TROJAN Win32/BlackNET CnC Keep-Alive (trojan.rules)
2029180 - ET TROJAN Win32/BlackNET CnC Requesting Command (trojan.rules)
2837734 - ETPRO TROJAN Win32/psiXbot CnC Checkin (trojan.rules)

Date: 
Thursday, December 26, 2019 - 22:00