[***] Summary: [***]
3 new Open, 25 new Pro (3 + 22). Win32/ServStart.AA, ELF/Mirai, Win32/Tefosteal Variant, WordPress Plugin DZS-VideoGallery Vuln, Various Phish
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2029349 - ET TROJAN CryptoPatronum Ransomware CnC Checkin (trojan.rules)
2029350 - ET MALWARE Win32/Adware.Agent.NPP CnC Activity (malware.rules)
2029351 - ET MALWARE GreatArcadeHits CnC Activity (malware.rules)
Pro:
2840849 - ETPRO TROJAN Win32/ServStart.AA Variant CnC (trojan.rules)
2840850 - ETPRO TROJAN MalDoc Request for Likely Ursnif Payload 2020-02-04 (trojan.rules)
2840851 - ETPRO EXPLOIT WordPress Plugin DZS-VideoGallery - Command Injection (Outbound) (exploit.rules)
2840852 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound) (trojan.rules)
2840853 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2840854 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-02-04 1) (trojan.rules)
2840855 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-02-04 2) (trojan.rules)
2840856 - ETPRO CURRENT_EVENTS Successful Sendgrid/Twilio Phish 2020-02-04 (current_events.rules)
2840857 - ETPRO CURRENT_EVENTS Successful TalkTalk Phish 2020-02-04 (current_events.rules)
2840858 - ETPRO CURRENT_EVENTS Successful Denizbank Phish 2020-02-04 (current_events.rules)
2840859 - ETPRO CURRENT_EVENTS Successful Banco Estado Phish 2020-02-04 (current_events.rules)
2840860 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound) (trojan.rules)
2840861 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2840862 - ETPRO TROJAN Win32/Tefosteal Variant Checkin Response (set) (trojan.rules)
2840863 - ETPRO TROJAN Win32/Tefosteal Variant Checkin Response (trojan.rules)
2840864 - ETPRO TROJAN Win32/Tefosteal Variant Data Exfil (trojan.rules)
2840865 - ETPRO TROJAN Win32/Remcos RAT Checkin 331 (trojan.rules)
2840866 - ETPRO TROJAN Win32/Remcos RAT Checkin 332 (trojan.rules)
2840867 - ETPRO TROJAN Win32/Remcos RAT Checkin 333 (trojan.rules)
2840868 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC) (trojan.rules)
2840869 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC) (trojan.rules)
2840870 - ETPRO TROJAN Observed AZORult CnC Domain in TLS SNI (trojan.rules)
[///] Modified active rules: [///]
2009516 - ET TROJAN Generic Win32.Autorun HTTP Post (trojan.rules)
2011825 - ET TROJAN MUROFET/Licat Trojan (trojan.rules)
2012139 - ET TROJAN Storm/Waledac 3.0 Checkin 2 (trojan.rules)
2013047 - ET TROJAN DonBot Checkin (trojan.rules)
2013168 - ET TROJAN Generic Bot Checkin (trojan.rules)
2013416 - ET SCAN libwww-perl GET to // with specific HTTP header ordering without libwww-perl User-Agent (scan.rules)
2013419 - ET TROJAN FakeAV FakeAlert.Rena or similar Checkin Flowbit Set 2 (trojan.rules)
2013488 - ET TROJAN Zeus Bot GET to Bing checking Internet connectivity (trojan.rules)
2013499 - ET POLICY IncrediMail Install Callback (policy.rules)
2014113 - ET TROJAN Win32-Dynamer.dtc Reporting (trojan.rules)
2014119 - ET TROJAN W32/Lici Initial Checkin (trojan.rules)
2014269 - ET TROJAN Backdoor.Win32.RShot HTTP Checkin (trojan.rules)
2014330 - ET TROJAN Kelihos/Hlux GET jucheck.exe from CnC (trojan.rules)
2014542 - ET CURRENT_EVENTS TDS Sutra - redirect received (current_events.rules)
2014547 - ET CURRENT_EVENTS TDS Sutra - redirect received (current_events.rules)
2014548 - ET CURRENT_EVENTS TDS Sutra - cookie set (current_events.rules)
2015504 - ET TROJAN ProxyBox - HTTP CnC - POST 1-letter.php (trojan.rules)
2015897 - ET CURRENT_EVENTS Possible TDS Exploit Kit /flow redirect at .ru domain (current_events.rules)
2800914 - ETPRO TROJAN Trojan.Win32.Riancon.ae Checkin (trojan.rules)
2800919 - ETPRO TROJAN Backdoor.MSIL.Noszbot Checkin POST (trojan.rules)
2801172 - ETPRO TROJAN Trojan.Win32.Karagany Checkin (trojan.rules)
2801254 - ETPRO TROJAN Backdoor.Win32.Zewit.A Activity (trojan.rules)
2801286 - ETPRO TROJAN Trojan.Win32.Lodelit Checkin (trojan.rules)
2801634 - ETPRO TROJAN Trojan.Win32.PassStealer.wx Checkin (trojan.rules)
2802209 - ETPRO TROJAN Carberp Checkin first.php related (trojan.rules)
2802848 - ETPRO TROJAN Backdoor.Win32.Qakbot.E (Initial Load) (trojan.rules)
2803201 - ETPRO TROJAN Win32.Antavmu.hsb Checkin (trojan.rules)
2803263 - ETPRO TROJAN Trataps/Spy.win32.gen/CI.a Post Checkin (trojan.rules)
2803616 - ETPRO TROJAN Trojan.Generic.5778957 Checkin (trojan.rules)
2804018 - ETPRO TROJAN Variant.Graftor.1491 requesting exe (trojan.rules)
2804429 - ETPRO TROJAN Backdoor.Win32/Kanav.A Checkin (trojan.rules)
2804456 - ETPRO TROJAN Trojan-Downloader.Win32.Adload.noq/Trojan.Win32.StartPage.fwx Checkin (trojan.rules)
2804482 - ETPRO TROJAN Trojan.PWS.SpySweep.271 Install (trojan.rules)
2805001 - ETPRO TROJAN HackTool.Win32.VKTools.na Checkin 3 (trojan.rules)
2805667 - ETPRO TROJAN Backdoor.Win32.Bredolab.absf Checkin (trojan.rules)
[---] Disabled and modified rules: [---]
2803814 - ETPRO TROJAN ZEUS Retrieving configuration file (trojan.rules)
2840559 - ETPRO CURRENT_EVENTS Successful VK Phish 2020-01-22 (current_events.rules)
[---] Disabled rules: [---]
2014750 - ET CURRENT_EVENTS Incognito/RedKit Exploit Kit vulnerable Java payload request to /1digit.html (current_events.rules)
2802072 - ETPRO TROJAN Trojan.Win32.Carberp.C Checkin (trojan.rules)
2804014 - ETPRO TROJAN Trojan.Win32/Malat Checkin (trojan.rules)