[***]            Summary:            [***]

8 new Open, 24 new Pro (8 + 19).  MillionLoader, Group 21, Mirai, Various Phish.

Thanks @malwrhunterteam.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029282 - ET TROJAN Win32/MillionLoader CnC Init Activity (trojan.rules)
2029283 - ET TROJAN Win32/MillionLoader CnC Activity (Outbound) (trojan.rules)
2029284 - ET TROJAN Win32/MillionLoader CnC Activity (Inbound) (trojan.rules)
2029285 - ET TROJAN CrownAdPro CnC Activity M2 (trojan.rules)
2029286 - ET TROJAN CrownAdPro CnC Activity M3 (trojan.rules)
2029287 - ET TROJAN CrownAdPro CnC Activity M4 (trojan.rules)
2029288 - ET TROJAN CrownAdPro CnC Activity M5 (trojan.rules)
2029289 - ET TROJAN Group 21 CnC Domain Observed in DNS Query (trojan.rules)

Pro:

2840459 - ETPRO EXPLOIT Possible Spoofed TLS Certificate Inbound (CVE-2020-0601)  (exploit.rules)
2840460 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Terdot.A/Zloader CnC) (trojan.rules)
2840461 - ETPRO TROJAN Observed DNS Query to Malicious Unrecom CnC Domain (trojan.rules)
2840462 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-16 1) (trojan.rules)
2840463 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-16 2) (trojan.rules)
2840464 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2020-01-16 (current_events.rules)
2840465 - ETPRO CURRENT_EVENTS Successful SunTrust Bank Phish 2020-01-16 (current_events.rules)
2840466 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2020-01-16 (current_events.rules)
2840467 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound) (trojan.rules)
2840468 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2840469 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish 2020-01-16 (current_events.rules)
2840470 - ETPRO CURRENT_EVENTS Successful La Banque Postale Phish 2020-01-16 (current_events.rules)
2840471 - ETPRO CURRENT_EVENTS Successful American Express Phish 2020-01-16 (current_events.rules)
2840472 - ETPRO CURRENT_EVENTS Successful Adobe PDF Cloud Phish 2020-01-16 (current_events.rules)
2840473 - ETPRO CURRENT_EVENTS Successful Xfinity/Comcast Phish 2020-01-16 (current_events.rules)
2840474 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2020-01-16 (current_events.rules)
2840475 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound) (trojan.rules)
2840476 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2840477 - ETPRO MALWARE Group 21 Payload CnC Checkin (malware.rules)

[***]            Summary:            [***]

2 new Pro. Out of band rule push for CVE-2020-0601 Vulnerability Detection.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

2840457 - ETPRO EXPLOIT Possible Spoofed ECDSA Certificate Inbound (CVE-2020-0601) M1 (exploit.rules)
2840458 - ETPRO EXPLOIT Possible Spoofed ECDSA Certificate Inbound (CVE-2020-0601) M2 (exploit.rules)

Date:
Summary title:
8 new Open, 24 new Pro (8 + 19). MillionLoader, Group 21, Mirai, Various Phish.