[***]            Summary:            [***]

2 new Open, 37 new Pro (2 + 35). 2020-0674, Nexus Stealer, Magecart, and Various Phishing.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029297 - ET TROJAN MageCart CnC Domain Observed in DNS Query (trojan.rules)
2029298 - ET TROJAN Nexus Stealer CnC Data Exfil (trojan.rules)

Pro:

2840514 - ETPRO TROJAN ELF/Gafgyt Variant Reporting Arch Type (i686) (trojan.rules)
2840515 - ETPRO TROJAN ELF/Gafgyt Variant Reporting Arch Type (i586) (trojan.rules)
2840516 - ETPRO TROJAN ELF/Gafgyt/Mirai Cayosin Variant CnC Server Message (trojan.rules)
2840517 - ETPRO EXPLOIT Possible CVE-2020-0674 Internet Explorer Remote Code Execution (exploit.rules)
2840518 - ETPRO INFO Suspicious JScript Browser Downgrade M1 (info.rules)
2840519 - ETPRO INFO Suspicious JScript Browser Downgrade M2 (info.rules)
2840520 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-18 1) (trojan.rules)
2840521 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2020-01-21 (current_events.rules)
2840522 - ETPRO CURRENT_EVENTS Successful Vodafone Phish 2020-01-21 (current_events.rules)
2840523 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-01-21 (current_events.rules)
2840524 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-01-21 (current_events.rules)
2840525 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-01-21 (current_events.rules)
2840526 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2020-01-21 (current_events.rules)
2840527 - ETPRO CURRENT_EVENTS Successful OurTime Phish 2020-01-21 (current_events.rules)
2840528 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-01-21 (current_events.rules)
2840529 - ETPRO CURRENT_EVENTS Successful American Express Phish 2020-01-21 (current_events.rules)
2840530 - ETPRO CURRENT_EVENTS Successful Docusign Phish 2020-01-21 (current_events.rules)
2840531 - ETPRO CURRENT_EVENTS Successful Banco Original Phish 2020-01-21 (current_events.rules)
2840532 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-01-21 (current_events.rules)
2840533 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-01-21 (current_events.rules)
2840534 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish 2020-01-21 (current_events.rules)
2840535 - ETPRO CURRENT_EVENTS Successful Generic Form Phish 2020-01-21 (current_events.rules)
2840536 - ETPRO CURRENT_EVENTS Successful Generic Shared Document Phish 2020-01-21 (current_events.rules)
2840537 - ETPRO CURRENT_EVENTS Successful Nubank Phish 2020-01-21 (current_events.rules)
2840538 - ETPRO CURRENT_EVENTS Successful Microsoft Update Your Account Phish 2020-01-21 (current_events.rules)
2840539 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-01-21 (current_events.rules)
2840540 - ETPRO TROJAN Win32/Agent.AAPH Variant CnC (trojan.rules)
2840541 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2020-01-21 (current_events.rules)
2840542 - ETPRO TROJAN Observed Malicious SSL Cert (BoA Phish) (trojan.rules)
2840543 - ETPRO TROJAN Win32/TrojanClicker.Agent.OAR Variant CnC Activity (trojan.rules)
2840544 - ETPRO TROJAN Win32/Remcos RAT Checkin 312 (trojan.rules)
2840545 - ETPRO TROJAN Win32/Remcos RAT Checkin 313 (trojan.rules)
2840546 - ETPRO TROJAN Win32/Remcos RAT Checkin 314 (trojan.rules)
2840547 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2840548 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC) 2020-01-21 (trojan.rules)

[///]     Modified active rules:     [///]

2028963 - ET TROJAN DADJOKE/Rail Tycoon Initial Macro Execution (trojan.rules)
2028964 - ET TROJAN DADJOKE/Rail Tycoon Payload Extraction (trojan.rules)
2028965 - ET TROJAN DADJOKE/Rail Tycoon Payload Execution (trojan.rules)
2029206 - ET EXPLOIT Possible Citrix Application Delivery Controller Arbitrary Code Execution Attempt (CVE-2019-19781) (exploit.rules)
2839490 - ETPRO TROJAN ELF/Gafgyt Variant Reporting Arch Type (x86) (trojan.rules)

[---]         Removed rules:         [---]

2029297 - ET MALWARE MageCart CnC Domain Observed in DNS Query (malware.rules)

Date: 
Monday, January 20, 2020 - 22:00