[***]            Summary:            [***]

6 new Open, 38 new Pro (6 + 32). Arechclient2, Lampion, Win32/Zpevdo.A, Win32/Likseput.B, and Various Phish.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029217 - ET TROJAN Arechclient2 Backdoor CnC Init (trojan.rules)
2029218 - ET TROJAN Arechclient2 Backdoor CnC Checkin (trojan.rules)
2029219 - ET TROJAN Arechclient2 Backdoor CnC Keep-Alive (trojan.rules)
2029220 - ET TROJAN Observed Buran Ransomware UA (trojan.rules)
2029221 - ET TROJAN Lampion CnC Activity (trojan.rules)
2029222 - ET TROJAN Kimsuky Operation Blue Estimate CnC Activity (trojan.rules)

Pro:

2840192 - ETPRO WEB_CLIENT FakeAV Webpage Reporting System Information (web_client.rules)
2840193 - ETPRO WEB_CLIENT FakeAV Landing Page 2020-01-02 (web_client.rules)
2840194 - ETPRO TROJAN Win32/Unk.Stealer CnC Data Exfil (trojan.rules)
2840196 - ETPRO CURRENT_EVENTS Successful American Express Phish 2020-01-02 (current_events.rules)
2840197 - ETPRO CURRENT_EVENTS Successful American Express Phish 2020-01-02 (current_events.rules)
2840198 - ETPRO CURRENT_EVENTS Successful American Express Phish 2020-01-02 (current_events.rules)
2840199 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union Phish 2020-01-02 (current_events.rules)
2840200 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2020-01-02 (current_events.rules)
2840201 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2020-01-02 (current_events.rules)
2840202 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-01-02 (current_events.rules)
2840203 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2020-01-02 (current_events.rules)
2840204 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2020-01-02 (current_events.rules)
2840205 - ETPRO CURRENT_EVENTS Successful Turkey Gov TR Phish 2020-01-02 (current_events.rules)
2840206 - ETPRO CURRENT_EVENTS Successful Turkey Gov TR Phish 2020-01-02 (current_events.rules)
2840207 - ETPRO CURRENT_EVENTS Successful VBV Phish 2020-01-02 (current_events.rules)
2840208 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-01-02 (current_events.rules)
2840209 - ETPRO CURRENT_EVENTS Successful Garanti Bank Phish 2020-01-02 (current_events.rules)
2840210 - ETPRO CURRENT_EVENTS Successful Gmail Phish 2020-01-02 (current_events.rules)
2840211 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-01-02 (current_events.rules)
2840212 - ETPRO CURRENT_EVENTS Successful TD Bank Phish 2020-01-02 (current_events.rules)
2840213 - ETPRO CURRENT_EVENTS Successful Nedbank Phish 2020-01-02 (current_events.rules)
2840214 - ETPRO CURRENT_EVENTS Successful Nedbank Phish 2020-01-02 (current_events.rules)
2840215 - ETPRO CURRENT_EVENTS Successful Telstra Phish 2020-01-02 (current_events.rules)
2840216 - ETPRO CURRENT_EVENTS Successful Comcast/Xfinity Phish 2020-01-02 (current_events.rules)
2840217 - ETPRO TROJAN Win32/Zpevdo.A CnC Host Checkin (trojan.rules)
2840218 - ETPRO TROJAN Win32/Likseput.B CnC Activity (trojan.rules)
2840224 - ETPRO TROJAN Win32/Remcos RAT Checkin 295 (trojan.rules)
2840225 - ETPRO TROJAN Win32/Remcos RAT Checkin 296 (trojan.rules)
2840226 - ETPRO TROJAN Win32/Remcos RAT Checkin 297 (trojan.rules)
2840227 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC) 2020-01-02 (trojan.rules)
2840228 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC) 2020-01-02 (trojan.rules)
2840229 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC) 2020-01-02 (trojan.rules)

[///]     Modified active rules:     [///]

2028991 - ET TROJAN Observed Buran Ransomware UA (trojan.rules)
2029101 - ET TROJAN Observed Buran Ransomware UA (trojan.rules)
2029176 - ET TROJAN Observed Buran Ransomware UA (trojan.rules)
2840029 - ETPRO TROJAN Win32/Borr CnC Checkin (trojan.rules)

[---]         Removed rules:         [---]

2029214 - ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Inbound (exploit.rules)
2837006 - ETPRO TROJAN Observed Malicious SSL Cert (APT33 CnC) (trojan.rules)

Date:
Summary title:
6 new Open, 38 new Pro (6 + 32). Arechclient2, Lampion, Win32/Zpevdo.A, Win32/Likseput.B, and Various Phish.