[***]            Summary:            [***]

11 new Open, 44 new Pro (11 + 33). BrushaLoader, Muhstik, Lokorrito, DiscordHaxx, Various Phishing.

Thanks @benkow_

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2022246 - ET TROJAN PPI User-Agent (InstallCapital) (trojan.rules)
2029310 - ET TROJAN Gamaredon CnC Observed in DNS Query (trojan.rules)
2029311 - ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC) (trojan.rules)
2029312 - ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC) (trojan.rules)
2029313 - ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC) (trojan.rules)
2029314 - ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC) (trojan.rules)
2029315 - ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC) (trojan.rules)
2029316 - ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC) (trojan.rules)
2029317 - ET SCAN Tomato Router Default Credentials (admin:admin) (scan.rules)
2029318 - ET SCAN Tomato Router Default Credentials (root:admin) (scan.rules)
2029319 - ET TROJAN ELF/Muhstik - IRC CnC Checkin (trojan.rules)

Pro:

2840586 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-22 1) (trojan.rules)
2840587 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-22 2) (trojan.rules)
2840588 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-22 3) (trojan.rules)
2840589 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-22 4) (trojan.rules)
2840590 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-22 6) (trojan.rules)
2840591 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-22 7) (trojan.rules)
2840592 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-22 8) (trojan.rules)
2840593 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-23 1) (trojan.rules)
2840594 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-23 2) (trojan.rules)
2840595 - ETPRO TROJAN Win32/Inject.NJJ Variant Host Checkin (trojan.rules)
2840596 - ETPRO CURRENT_EVENTS Successful Unicredit Phish 2020-01-23 (current_events.rules)
2840597 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-01-23 (current_events.rules)
2840598 - ETPRO CURRENT_EVENTS Successful Fifth Third Bank Phish 2020-01-23 (current_events.rules)
2840599 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish 2020-01-23 (current_events.rules)
2840600 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-01-23 (current_events.rules)
2840601 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-23 (current_events.rules)
2840602 - ETPRO TROJAN Win32/F1L3F0lD Variant Host Checkin (trojan.rules)
2840603 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-01-23 (current_events.rules)
2840604 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2020-01-23 (current_events.rules)
2840605 - ETPRO CURRENT_EVENTS Successful Halifax Phish 2020-01-23 (current_events.rules)
2840606 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish 2020-01-23 (current_events.rules)
2840607 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2020-01-23 (current_events.rules)
2840608 - ETPRO CURRENT_EVENTS Successful Indeed Phish 2020-01-23 (current_events.rules)
2840609 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-01-23 (current_events.rules)
2840610 - ETPRO TROJAN Win32/Lokorrito CnC Successful Checkin (trojan.rules)
2840611 - ETPRO TROJAN Win32/Lokorrito CnC PING - set (trojan.rules)
2840612 - ETPRO TROJAN MSIL/MythBot Registering New Bot with CnC (trojan.rules)
2840613 - ETPRO TROJAN MSIL/MythBot Updating IRC Status (trojan.rules)
2840614 - ETPRO TROJAN MSIL/MythBot Requesting Tasks from CnC (trojan.rules)
2840615 - ETPRO INFO Suspicious JScript Browser Downgrade M3 (info.rules)
2840616 - ETPRO TROJAN DiscordHaxx Token Exfil Attempt via Webhook (trojan.rules)
2840617 - ETPRO TROJAN Win32/Remcos RAT Checkin 315 (trojan.rules)
2840618 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC) (trojan.rules)

[---]         Removed rules:         [---]

2022246 - ET MALWARE PPI User-Agent (InstallCapital) (malware.rules)

Date: 
Wednesday, January 22, 2020 - 22:00