[***]            Summary:            [***]

2 new Open, 44 new Pro (2 + 42). ELF/MooBot, Telegram Stuff, PS/ServLoader, HttpRat, FinderBot Loader, Win32/Remcos, Lightning Backdoor, Various Phishing.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029322 - ET POLICY Telegram API Certificate Observed (policy.rules)
2029323 - ET TROJAN Possible Generic RAT over Telegram API (trojan.rules)

Pro:

2840656 - ETPRO TROJAN ELF/Mirai Variant CnC Checkin (trojan.rules)
2840657 - ETPRO TROJAN ELF/MooBot Variant CnC Checkin (trojan.rules)
2840658 - ETPRO TROJAN Phoenix Keylogger Variant Stealer Exfil Via Telegram (trojan.rules)
2840659 - ETPRO TROJAN Observed Glupteba CnC Domain in TLS SNI (trojan.rules)
2840660 - ETPRO TROJAN Observed Glupteba CnC Domain in TLS SNI (trojan.rules)
2840661 - ETPRO TROJAN Observed Glupteba CnC Domain in TLS SNI (trojan.rules)
2840662 - ETPRO TROJAN PS/ServLoader CnC Activity (trojan.rules)
2840664 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-25 1) (trojan.rules)
2840665 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-25 2) (trojan.rules)
2840666 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-27 1) (trojan.rules)
2840667 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-27 2) (trojan.rules)
2840668 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound) (trojan.rules)
2840669 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2840670 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound) (trojan.rules)
2840671 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2840672 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-01-27 (current_events.rules)
2840673 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2020-01-27 (current_events.rules)
2840674 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2020-01-27 (current_events.rules)
2840675 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2020-01-27 (current_events.rules)
2840676 - ETPRO CURRENT_EVENTS Successful Maersk Phish 2020-01-27 (current_events.rules)
2840677 - ETPRO CURRENT_EVENTS Successful Maersk Phish 2020-01-27 (current_events.rules)
2840678 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2020-01-27 (current_events.rules)
2840679 - ETPRO TROJAN PS/Meranbaba Script Host Checkin (trojan.rules)
2840680 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish 2020-01-27 (current_events.rules)
2840681 - ETPRO CURRENT_EVENTS Successful Unicredit Phish 2020-01-27 (current_events.rules)
2840682 - ETPRO CURRENT_EVENTS Successful Gov UK Identity Verification Phish 2020-01-27 (current_events.rules)
2840683 - ETPRO CURRENT_EVENTS Successful Casas Bahia Phish 2020-01-27 (current_events.rules)
2840684 - ETPRO TROJAN HttpRat Host Checkin (trojan.rules)
2840685 - ETPRO POLICY Observed SSL Cert (ipecho IP Check) (policy.rules)
2840686 - ETPRO MALWARE Observed Malicious SSL Cert (Bspro Ads) (malware.rules)
2840687 - ETPRO TROJAN Observed Malicious SSL Cert (Wizzcaster) (trojan.rules)
2840688 - ETPRO TROJAN Possibly Malicious Doc Requesting Known VBS Template (trojan.rules)
2840689 - ETPRO TROJAN Observed FinderBot Loader Domain in TLS SNI (trojan.rules)
2840690 - ETPRO TROJAN FinderBot Loader - CnC Activity M1 (trojan.rules)
2840691 - ETPRO TROJAN FinderBot Loader - CnC Activity M2 (trojan.rules)
2840692 - ETPRO TROJAN Lighting Backdoor - GetCommand via JSON (trojan.rules)
2840693 - ETPRO TROJAN Lighting Backdoor - GetCommand via XML (trojan.rules)
2840694 - ETPRO TROJAN Win32/Remcos RAT Checkin 317 (trojan.rules)
2840695 - ETPRO TROJAN Win32/Remcos RAT Checkin 318 (trojan.rules)
2840696 - ETPRO TROJAN Win32/Remcos RAT Checkin 319 (trojan.rules)
2840697 - ETPRO TROJAN Win32/Remcos RAT Checkin 320 (trojan.rules)

[///]     Modified active rules:     [///]

2837353 - ETPRO TROJAN Sharik/Smokeloader CnC Beacon 15 (trojan.rules)

Date: 
Sunday, January 26, 2020 - 22:00