[***] Summary: [***]
4 new Open, 27 new Pro (4 + 23). Amadey, Winnti, Kinstaller, Various Phish, Win32/Remcos, Coinminers.
TIIF.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2029341 - ET TROJAN Amadey Stealer CnC - BotKiller Module Checkin (trojan.rules)
2029342 - ET TROJAN Possible Winnti TLS Certificate Observed (trojan.rules)
2029343 - ET TROJAN Possible Winnti TLS Certificate Observed (trojan.rules)
2029346 - ET TROJAN Possible Winnti DNS Lookup (trojan.rules)
2029347 - ET TROJAN Possible Winnti DNS Lookup (trojan.rules)
Pro:
2840783 - ETPRO USER_AGENTS Observed Suspicious UA (Google Chrome) (user_agents.rules)
2840784 - ETPRO MALWARE InsanityCheats Activity (malware.rules)
2840785 - ETPRO TROJAN Unk.CoinMiner Requesting Config (trojan.rules)
2840786 - ETPRO INFO Request for config.txt (info.rules)
2840787 - ETPRO INFO Request for config.json (info.rules)
2840788 - ETPRO USER_AGENTS Suspicious User-Agent (AntiVirus) (user_agents.rules)
2840789 - ETPRO TROJAN DNS Query to TA429 Related CnC Domain (trojan.rules)
2840790 - ETPRO MALWARE Win32/FlyStudio Variant Payload Download (malware.rules)
2840791 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-31 1) (trojan.rules)
2840792 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-31 2) (trojan.rules)
2840793 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2020-01-31 (current_events.rules)
2840794 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2020-01-31 (current_events.rules)
2840795 - ETPRO CURRENT_EVENTS Successful Blockchain Phish 2020-01-31 (current_events.rules)
2840796 - ETPRO CURRENT_EVENTS Successful USAA Phish 2020-01-31 (current_events.rules)
2840797 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2020-01-31 (current_events.rules)
2840798 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2020-01-31 (current_events.rules)
2840799 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2020-01-31 (current_events.rules)
2840800 - ETPRO CURRENT_EVENTS Successful Adobe PDF Cloud Phish 2020-01-31 (current_events.rules)
2840801 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2020-01-31 (current_events.rules)
2840802 - ETPRO MALWARE Kinstaller Checkin (malware.rules)
2840803 - ETPRO TROJAN Win32/Remcos RAT Checkin 325 (trojan.rules)
2840804 - ETPRO TROJAN Win32/Remcos RAT Checkin 326 (trojan.rules)
[///] Modified active rules: [///]
2029339 - ET INFO Powershell Downloader with Start-Process Inbound M1 (info.rules)