[***]            Summary:            [***]

1 new Open, 44 new Pro (1 + 43). Ramon Bot, ELF/Mirai, Corepack, Win32/Remcos, Various Phish

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029348 - ET MALWARE DonotGroup CnC Observed in DNS Query (malware.rules)

Pro:

2840805 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-02-01 1) (trojan.rules)
2840806 - ETPRO TROJAN Ramon Bot CnC Host Checkin (trojan.rules)
2840807 - ETPRO TROJAN Corepack CnC Activity (trojan.rules)
2840808 - ETPRO TROJAN F-AV CnC Host Checkin (trojan.rules)
2840809 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound) (trojan.rules)
2840810 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2840811 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2020-02-03 (current_events.rules)
2840812 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-02-03 (current_events.rules)
2840813 - ETPRO CURRENT_EVENTS Successful My3 Phish 2020-02-03 (current_events.rules)
2840814 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish 2020-02-03 (current_events.rules)
2840815 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2020-02-03 (current_events.rules)
2840816 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-02-03 (current_events.rules)
2840817 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-02-03 (current_events.rules)
2840818 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-02-03 (current_events.rules)
2840819 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-02-03 (current_events.rules)
2840820 - ETPRO CURRENT_EVENTS Successful Liberbank Phish 2020-02-03 (current_events.rules)
2840821 - ETPRO CURRENT_EVENTS Successful Telia Webmail Phish 2020-02-03 (current_events.rules)
2840822 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-02-03 (current_events.rules)
2840823 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2020-02-03 (current_events.rules)
2840824 - ETPRO CURRENT_EVENTS Successful Nubank Phish 2020-02-03 (current_events.rules)
2840825 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish 2020-02-03 (current_events.rules)
2840826 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2020-02-03 (current_events.rules)
2840827 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2020-02-03 (current_events.rules)
2840828 - ETPRO CURRENT_EVENTS Successful Maersk Phish 2020-02-03 (current_events.rules)
2840829 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2020-02-03 (current_events.rules)
2840830 - ETPRO CURRENT_EVENTS Successful Alibaba Phish 2020-02-03 (current_events.rules)
2840831 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-02-03 (current_events.rules)
2840832 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-02-03 (current_events.rules)
2840833 - ETPRO CURRENT_EVENTS Successful USAA Phish 2020-02-03 (current_events.rules)
2840834 - ETPRO CURRENT_EVENTS Successful USAA Phish 2020-02-03 (current_events.rules)
2840835 - ETPRO POLICY Inbound Batch Script - Enabling RDP via netsh M1 (policy.rules)
2840836 - ETPRO POLICY Inbound Batch Script - Enabling RDP via netsh M2 (policy.rules)
2840837 - ETPRO POLICY Inbound Batch Script - Enabling FTP via netsh M1 (policy.rules)
2840838 - ETPRO POLICY Inbound Batch Script - Enabling FTP via netsh M2 (policy.rules)
2840839 - ETPRO POLICY Inbound Batch Script - Enabling Telnet via netsh M1 (policy.rules)
2840840 - ETPRO POLICY Inbound Batch Script - Enabling FTP Telnet netsh M2 (policy.rules)
2840841 - ETPRO TROJAN Win32/Packed.FlyStudio.AA CnC Checkin M1 (trojan.rules)
2840842 - ETPRO TROJAN Win32/Packed.FlyStudio.AA CnC Checkin M2 (trojan.rules)
2840844 - ETPRO TROJAN Win32/Remcos RAT Checkin 327 (trojan.rules)
2840845 - ETPRO TROJAN Win32/Remcos RAT Checkin 328 (trojan.rules)
2840846 - ETPRO TROJAN Win32/Remcos RAT Checkin 329 (trojan.rules)
2840847 - ETPRO TROJAN Win32/Remcos RAT Checkin 330 (trojan.rules)
2840848 - ETPRO TROJAN Observed AZORult CnC Domain in TLS SNI (trojan.rules)

Date: 
Sunday, February 2, 2020 - 22:00