[***] Summary: [***]
3 new OPEN, 20 new PRO (3 + 17). Remcos, CobaltStrike, Various Phish, Others.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2031523 - ET INFO Suspicious HTTP POST Only Containing Password -
Possible Phishing (info.rules)
2031524 - ET INFO Suspicious HTTP POST Only Containing Pass -
Possible Phishing (info.rules)
2031525 - ET MOBILE_MALWARE ITW Android Post-Exploit Downloader CnC
Activity (mobile_malware.rules)
Pro:
2846505 - ETPRO TROJAN Win32/Neshuta Backdoor CnC Checkin (trojan.rules)
2846506 - ETPRO TROJAN Unk.Kettu Stealer CnC Checkin (trojan.rules)
2846507 - ETPRO TROJAN Unk.Kettu Stealer Screenshot Exfil (trojan.rules)
2846508 - ETPRO CURRENT_EVENTS Successful Impots Gouv FR Phish
2021-01-14 (current_events.rules)
2846509 - ETPRO CURRENT_EVENTS Successful Impots Gouv FR Phish
2021-01-14 (current_events.rules)
2846510 - ETPRO CURRENT_EVENTS Successful Adobe Document Cloud Phish
2021-01-14 (current_events.rules)
2846511 - ETPRO CURRENT_EVENTS Successful IRS Phish 2021-01-14
(current_events.rules)
2846512 - ETPRO CURRENT_EVENTS Successful Microsoft Live Phish
2021-01-14 (current_events.rules)
2846513 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
2021-01-14 (current_events.rules)
2846514 - ETPRO MALWARE Win32/FlyStudio.HackTool.A Variant CnC
Activity (malware.rules)
2846517 - ETPRO TROJAN Win32/Remcos RAT Checkin 646 (trojan.rules)
2846518 - ETPRO TROJAN Win32/Remcos RAT Checkin 647 (trojan.rules)
2846519 - ETPRO TROJAN Win32/Remcos RAT Checkin 648 (trojan.rules)
2846520 - ETPRO TROJAN Win32/Remcos RAT Checkin 649 (trojan.rules)
2846521 - ETPRO TROJAN Observed Malicious SSL Cert (CobaltStrike
CnC) (trojan.rules)
[///] Modified active rules: [///]
2027931 - ET MOBILE_MALWARE Apple iPhone Implant - Boundary Observed
(mobile_malware.rules)
2027932 - ET MOBILE_MALWARE Apple iPhone Implant - Upload Files
(mobile_malware.rules)
2027933 - ET MOBILE_MALWARE Apple iPhone Implant - Command Executed
(mobile_malware.rules)