[***] Summary: [***]
1 new OPEN, 34 new PRO (1 + 33). AsyncRAT, DonotGroup, Various Phish, Others.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2031508 - ET WEB_CLIENT Generic Attempted Executable Drop via
VBScript (web_client.rules)
Pro:
2846429 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2846430 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2846431 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2846432 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2846433 - ETPRO TROJAN Observed Possible Malicious SSL Cert
(AsyncRAT) (trojan.rules)
2846434 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2846435 - ETPRO TROJAN Unk.Pascal Steal Activity (trojan.rules)
2846436 - ETPRO TROJAN Matiex Keylogger CnC Exfil via Telegram (trojan.rules)
2846437 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-09 1) (trojan.rules)
2846438 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-09 2) (trojan.rules)
2846439 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-09 3) (trojan.rules)
2846440 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2021-01-11 (current_events.rules)
2846441 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2021-01-11 (current_events.rules)
2846442 - ETPRO CURRENT_EVENTS Successful Capital One Phish
2021-01-11 (current_events.rules)
2846443 - ETPRO CURRENT_EVENTS Successful Huntington Bank Phish
2021-01-11 (current_events.rules)
2846444 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2021-01-11 (current_events.rules)
2846445 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-01-11
(current_events.rules)
2846446 - ETPRO CURRENT_EVENTS Successful Amazon Refund Phish
2021-01-11 (current_events.rules)
2846447 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2021-01-11
(current_events.rules)
2846448 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-01-11
(current_events.rules)
2846449 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2021-01-11
(current_events.rules)
2846450 - ETPRO CURRENT_EVENTS Successful Suncorp Internet Banking
Phish 2021-01-11 (current_events.rules)
2846451 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2021-01-11 (current_events.rules)
2846452 - ETPRO CURRENT_EVENTS Successful Generic Shared File Phish
2021-01-11 (current_events.rules)
2846453 - ETPRO CURRENT_EVENTS Successful Intuit Phish 2021-01-11
(current_events.rules)
2846454 - ETPRO CURRENT_EVENTS Possible Successful Instagram Phish
2021-01-11 (current_events.rules)
2846455 - ETPRO TROJAN Win32/Spy.Bancos.NLB Variant CnC Activity
(trojan.rules)
2846456 - ETPRO TROJAN Win32/Vnfraye.A CnC Activity (trojan.rules)
2846457 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound) (trojan.rules)
2846458 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2846459 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
2846460 - ETPRO POLICY CharCode Obfuscated PowerShell Inbound M1
(policy.rules)
2846461 - ETPRO POLICY CharCode Obfuscated PowerShell Inbound M2
(policy.rules)